Can AI help cyber-proof public safety systems?

Our first responders have used established wireless modes of communication to address emergencies for the past two decades. Robots are now joining the effort. As we continue to augment public safety agencies around the world with semiautonomous technologies, do we fully understand how this shift invites additional risk?

 

Robots are increasingly used to safeguard communities. The Department of Homeland Security’s Science & Technology Directorate, for example, is working closely with the Department of Customs and Border Protection (CBP) to develop technologies meant to safeguard our national borders.The southern border can be an inhospitable place for man and beast, and that is exactly why a machine may excel there,”                                                                                                                                                                                                                                                                                                          Brenda long S&T program manager

 

This program aims to minimize the safety and security risks facing CBP agents by introducing robotic assistants and autonomous all-terrain ground vehicles to southern border patrols. While such advances might allow us to enhance border safety, they need a robust cellular network that can ensure continued data communication during emergencies.

To this end, the U.S. Government launched the FirstNet Initiative to modernize the cellular communication infrastructure for first responders. FirstNet was first proposed in the wake of 9/11 and now provides a nationwide public safety broadband network.

FirstNet uses a dedicated public safety frequency band, also referred to as Band 14. This network occupies two 10-MHz-wide blocks of the spectrum, centered at 763 MHz and 793 MHz. While FirstNet’s benefits are manifest, systems of its type are prone to cyberattacks.

Russia’s invasion of Ukraine has been accompanied by an increase in state-sponsored cyberattacks, both between the war’s primary combatants and worldwide. In response, the Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert to ensure that every organization in the U.S. is prepared to respond to disruptive cyber activity. “Destructive malware can directly affect an organization’s daily operations, impacting the availability of critical assets and data,” CISA reported in a public advisory on february 22, 2022.

CISA also confirmed that hackers had used malware identified by the name WhisperGate and HermeticWiper to destroy the computer systems of various organizations in Ukraine. Cyberattacks like these can hinder the operations of public safety equipment and emergency communication systems like FirstNet. This is a serious problem, but not the only one facing first responders and the systems they rely on.

The public safety systems used by first responders are hosted in data centers managed by people, and people are notoriously fallible. A single phishing email to an employee operating such a system can jeopardize FirstNet or any other national public safety and security system. Even more chillingly, cybersecurity teams responding to such incidents would likely be unable to identify an attack until after the fact. Ten seconds are enough for a potential hacker to steal critical data or render an entire system unusable. Hackers typically rely on their own bots and software applications that perform hacking-related activities more quickly than security experts are able to identify and defeat them.

Gone are the days when traditional firewalls, encryption protocols, and antivirus software were sufficient to protect our public safety networks. Those systems must now be hardened to withstand the thunder of cyberattacks generated by a constantly evolving army of robotic agents and artificial intelligence (AI) algorithms.

This is where we can employ AI-powered algorithms, and intelligent cyber agents residing both on the mobile devices used by our public safety responders and in the cloud servers that facilitate network communication. Public safety agents can now analyze user behavior, login abnormalities, and other factors that help detect and prevent cyberattacks in a timely manner.

AI now allows us to augment our existing cybersecurity technologies with intelligent algorithms that draw on historical data to identify security attacks in advance and deploy preventive measures. Network intrusion attacks can be predicted by feeding AI algorithms with network logs and traffic patterns captured by network equipment such as routers, switches, and firewalls. These traffic patterns reveal the attempts made by hackers to discover weaknesses in enterprise and public networks.

Triaging 100s of network security alerts generated by public safety systems is another major problem faced by the network security operations team managing such mission-critical systems. A seasoned hacker typically uses this method to overwhelm network security operations teams by initiating a pseudo attack whose sole purpose is to generate 100s of alerts and channel the focus of such groups towards such attack while launching a more sophisticated attack in parallel on the system that goes unnoticed. This network security risk can be mitigated by using AI-based supervised learning algorithms to dynamically identify the risk level of each alert and prioritize the same. The methodology allows the network security team to focus their time and effort on resolving security issues in the system without having to worry about triaging these pseudo alerts that the hacker could generate.

Humans continue to be the weakest points in any network security strategy. A compromised user account and any devices associated with it can be proactively identified using AI-based user behavioral models that analyze users’ authentication patterns, location, login frequency, and other factors. Similarly, natural language processing technology can be leveraged to scan the payload of emails for spam filtering and prevent phishing attacks.

Government agencies now have a range of new tools to strengthen the security posture of modern public safety systems. Using network logs, traffic patterns, user behavior modeling, natural language processing, and AI, we can identify cyberattacks in advance and enable autonomous software agents to combat such attacks, minimizing the need for human intervention in such events.

While we may not be able to predict and prevent every cyberattack using AI algorithms, public safety agencies and governments can certainly raise the pace at which we neutralize cyber weapons launched against us by hackers around the world.