When we have a chance to view it from a distance, the year 2018 may be seen as a period when innovations in a number of technological fields came together to transform not only the future of computing, but also the very structure of the Internet.
First, entrepreneurs vying to invent self-driving vehicles, virtual assistants, and intelligent industrial machines created a hunger for more powerful semiconductors that could enable scattered devices to take over sophisticated calculations powered by artificial intelligence software.
Chipmakers and software developers leapt to fill that demand, and in turn they helped spur a sea change in the Web-based storage and cloud data management industry. Companies such as AT&T experimented with “edge clouds,” or small data processing centers that could be located near A.I.-powered machines and share computational tasks with them. This could reduce the lag time in interactive virtual reality games, for example, or speed an autonomous car’s response to a traffic hazard, because data from the device would no longer have to travel so far to a central cloud data center for processing.
These new A.I. device-edge cloud configurations may morph the structure of the Internet, as dense thickets of activity develop at the edges of the network, often bypassing its main branches.
While for years, cloud service providers had urged businesses to send their data out for processing at large, remote data centers, there is a growing market for data management companies that can handle and coordinate client data stored at multiple sites. These sites now include not only the clients’ private company servers and the big commercial data centers they tap via the Web, but also localized edge clouds, or “cloudlets.” One big cloud service provider now boasts of its enterprise data cloud extending “from Edge to A.I.’’
These developments, while fascinating, seem to raise a horde of questions about data security. Will cyber criminals find an array of fresh attack points in a new world of widely distributed devices and cloudlets that not only produce reams of proprietary data, but also contain the advanced hardware and software to process it? Will the targets include autonomous cars—rolling, connected computers without drivers to attend them—which will open their doors to numerous strangers daily? How about edge cloudlets that may live in simple buildings at the base of a telecom tower on a weedy right-of-way?
Xconomy posed such questions to Bob Ackerman, a longtime cybersecurity investor. Ackerman (pictured) is the founder and managing director of AllegisCyber, a bicoastal venture capital firm that backs startups in cybersecurity, data science, and connected devices.
Here are his answers, shared via e-mail:
Xconomy: How will cybersecurity firms protect companies as they shift sophisticated computing tasks to distributed devices, vehicles, and industrial machines, which will be equipped with advanced A.I. chips?
Bob Ackerman: The cyber threat landscape is experiencing explosive growth as tens of billions of new digital devices connect to the Internet. Each of these devices is both a potential target for compromise and attack, as well as an entry point into the interconnected network of things, adding exponential complexity to the challenge of securing cyber space.
The profiles of these devices vary dramatically, requiring differing endpoint solutions to secure them, and driving security innovation into these new application domains. At the same time, their placement within networks where security threats can move laterally reinforces the continued importance of network security.
The A.I. aspect of this question is a subject unto itself. The promise of A.I. to drive automation is a double-edged sword—productivity and efficiency gains on the plus side, and a hard-to-check attack vector on the down side, (with cyberattacks) adapting to defensive responses at the speed of light. Artificial intelligence holds promise to help close the resource gaps in cyber defenses, while at the same time automating attacks to an unparalleled level, further challenging defenders.
X: Cloud storage and processing are also being distributed to edge cloudlets, to be close to the intelligent machines, facilitating a sharing of computational tasks, and creating shorter communications routes at the edge of the Internet. This could evade the Internet speed slowdowns that may result from the end of net neutrality policies. Internet service providers may create “slow lanes” to deliver data from remote devices to central cloud services, and charge extra for access to the “fast lanes.”
Do these changes pose more difficult security challenges than those that already exist, as businesses process their data in outside data centers, and their employees routinely use laptops and smartphones off-site for work tasks?
BA: The increasingly “distributed” nature of computing undermines centralized security methodologies and places increased focus on distributed or localized security architectures. Of course, the level of resource available for security loads at each node of these distributed architectures determines what role they can play in their security.
One of the major challenges we face in security today is that our computational architectures are evolving far ahead of our security architectures, leaving us to chase security threats as adversaries identify and exploit the inherent weaknesses in these new computational architectures.
Security needs to become part of the computational nervous system within networks with some level of local (cellular) defense built in at each computational node—calling for help when its abilities to respond are on the threshold of being overwhelmed.
There are probably some lessons we can learn from biological systems when we think about security. My thinking here is evolving, but it’s clear that security has to be part of the DNA of computational networks, as the global economy moves to cyber space. The risk of unchecked contagions are clear, as evidenced by the NotPetya ransomware virus.
X: Will cybersecurity companies have to get involved in physical defenses for distributed devices and cloudlets? In other words, defense against theft, break-ins, sabotage, modification, installed spyware devices, radio frequency intercepts, etc.
BA: The lines are rapidly blurring between physical and cyber security.
In an increasing number of large enterprises, the
