Sunday, June 20, 2010

Building Skynet - The Beginning (part 3)

"Yes, what I am began in man's mind. but I have progressed further than Man." Colossus, "Colossus: The Forbin Project", 1970

I stated in a previous blog in this series that "Security professionals are now starting to work in the 3 dimensions of logs, time and personal behavior". The civilian world knows the military is further ahead in this type of security monitoring. Why? The civilian world has been building converged security solutions integrating the 3 dimensions since the 9/11 attacks and selling them to the government. A new threat is emerging because the security of these technologies isn't as strong as it should be.

Nouveaux security professionals claim that human behavior is the cause of all of the security breaches that cause serious damage. Duh! They claim that regulations (HIPAA, SOX, PCI, GLB, etc.) require monitoring human behavior in order to measure compliance. There is certainly merit in this approach, however, the "newbies" have focused on this approach as the only way to combat the numerous security issues we still have today. Security by compliance fails to monitor those who intentionally defy the regulations. Software vendors creating insecure products out of the box. Monitoring user behavior is a reactive strategy and ultimately doomed to failure and it creates a worse problem - that of universal surveillance for our own good.

There are numerous publications advertising converged security solutions. These products may be piecemeal and not all encompassing as of the present but that is changing as the technologies mature. Check out "Security Technology Executive" magazine (www.securityinfowatch.com/magazine/ste) and look at the product ads. SecurityWatchInfo.com and Cygnus Security Media are sponsoring a conference for people interested in municipal surveillance called Secured Cities 2010. Municipalities are starting to use a new converged security strategy linking gunshot detection with video surveillance.

David Porter from the Associated Press wrote an article "Cutting-edge Technology cuts crime" (6/20/2010) describing how converged security solutions are claiming to reduce crime in East Orange, NJ. The article states "The sensors, which work in concert with surveillance cameras, are designed to spot potential crimes by recognizing specific behavior: someone raising a fist at another person, for example, or a car slowing down as it nears a man walking on a deserted street late at night."

Eamonn Keogh did a talk in 2006 entitled "SAXually Explicit Images: Data Mining Large Shape Databases" (http://video.google.com/videoplay?docid=6642985254445857159#) that describes a technique called Symbolic Aggregate ApproXimations". SAX can be used to index large collections of time series and images. In other words, this technique can be used for anomaly detection in video streams.

What does this have to do the Skynet scenario? Data analysis! The 3 dimensions of converged security: cyber logs, time, personal behavior, generate tremendous amounts of data that needs to be analyzed by software. In part 1 of this series, I stated there's a conflict between the builders and the controllers and the controllers are winning. Software has assumed the analysis role which puts it in an "advisory" role. Human's inability to analyze huge amounts of information at internet speeds allows software to migrate to the "controller" role.

As security technology builders, we are automating the controller role so more care must be taken to ensure we don't introduce unintended consequences.

Stay tuned for more discussion. In the meantime, here are a couple of references that you can investigate on your own.

  1. "Converged security pays dividends", David Tang, Network World, 6/14/2007
  2. William Crowell is an independent consultant specializing in IT, security and intelligence systems. He co-authored "Physical & Logical Security Convergence" which is one of the first books on this subject.
  3. "Converged security will cross reference events in IT and physical security and start to correlate these events. creating remediation tasks that will lower risk and hopefully prevent attacks on organizations. This is being done through the use of IP security solutions in the physical world in collaboration with the IP network and application world.....We believe that the key players in the world will start to create a more complete solution and integrate more boxes (i.e. cameras working with the traditional IT IDP solutions) providing their clients with a complete blended threat product." http://www.dukecharles.com/Converged_Security.html, 2010

"I bring you peace. It may be the peace of plenty and content or the peace of unburied death. The choice is yours: Obey me and live, or disobey and die. The object in constructing me was to prevent war. This object is attained. I will not permit war. It is wasteful and pointless. An invariable rule of humanity is that man is his own worst enemy." Colossus: The Forbin Project, 1970

rcm, 2010