Handcuffs over AI: Solving security challenges with law enforcement

For the last 20 years, spending to solve cybersecurity goals has exploded to more than $100 billion annually. Security vendors tout advances in detection and protection that will provide the relief that has evaded the craft since its formation. The most recently heralded messiahs are machine learning (ML), security orchestration automation and response (SOAR), and artificial intelligence (AI).

For those of us who have been dumping budgets and hope into 20 years of broken promises, we find it very difficult to muster any degree of hope in the next round of techno-salvation. Five years ago, my suspicion turned to outright rebellious indignation and I started evaluating everything I believed to find a better path to sustainable cybersecurity operations (SecOps).

The first error that we made building SecOps is aligning its outcomes with those of information technology (IT). IT is an extension of manufacturing with success defined as the ability to create, ship, store, and transform data and services. Because much of SecOps craft knowledge came from IT, we built philosophies, semantics, and tactics to deliver the outcome of protecting and preserving IT services and data.

After a few decades of struggling to understand recurring and persistent failure in SecOps, the craft has begun to realize that SecOps has very little to do with IT. Instead, SecOps is a component of law enforcement and national security with outcomes demanding punitive actions to cybercriminals.

Another piece of cultural baggage we developed was separating digital life from real life. When users started logging on to the Internet in the 1990s, many found refuge in an anonymous, alternate reality. And we developed long-lasting perceptions that what happened in one reality did not affect what happened in the other.

In the meantime, healthcare, banking, shopping, work, and entertainment have become deeply intertwined with a digital counterpart. As the illusion of dichotomy has been removed, acts we once thought of as cybercrime are identified simply as crime.

The Power of Deterrence
With the age of hacker innocence gone, why does cybercrime prolifically persist? In 2016, the Department of Justice released a short paper entitled “Five Things About Deterrence.” The primary finding of the essay is that “the certainty of being caught is a vastly more powerful deterrent than the punishment.” The primary reason cybercriminals carry out crimes is a perception that they will not face punitive action.

The irony of the course of the craft of SecOps is we have done an extremely poor job in scaring criminals, while effectively terrifying one another.

To read the complete article, visit Dark Reading.