10 minute read
The promise and challenge of data analytics for the Alliance
NITECH ››› OPTIMIZING DEFENCE WITH DATA
THE PROMISE AND CHALLENGE OF
26
ANALYTICS FOR THE ALLIANCE
David van Weel, NATO’s Assistant Secretary General for Emerging Security Challenges, explains why adherence to ethical norms and values is a critical factor as the Alliance begins to harness the latent power of artificial intelligence and machine learning techniques
As the geopolitical security landscape becomes increasingly multifaceted and complex, the imperative for NATO to address security challenges with greater velocity, effectiveness and impact will become even more urgent. To help, data analytics and machine learning, powered by the platform of artificial intelligence (AI), are increasingly being seen as a crucial advantage.
These challenges have been recognised by the Alliance, including in the work being carried out on the NATO 2030 process. At the 2021 Brussels Summit, NATO Leaders agreed to launch a civil-military Defence Innovation Accelerator for the North Atlantic (DIANA) and to establish a NATO Innovation Fund. There is also recognition that to more rapidly and effectively identify, prevent and respond to the security challenges confronting the Alliance, its institutional architecture must become more data-driven. 27
28
Many Allies have already seized the bull by the horns when it comes to exploiting data, and most are developing Data or AI Strategies. Specific organizational structures and governance approaches are beginning to emerge, like that of the Department of Defense’s Joint Artificial Intelligence Center in the United States, or Canada’s Chief Data Officer.
ETHICAL CONSIDERATIONS
Leveraging the power of AI will require maximum effort in mining, collating and synthesizing the data generated not only by NATO and its Allies and partners, but also industry, the research community and even citizens. In doing so, ethical considerations regarding data use will need to be upheld, including where these efforts may impinge upon the rights of our citizens.
Data exploitation and AI/machine learning (ML) go hand in hand. AI needs data to be effective: the more, the better. This is recognised at NATO, and our ongoing development of an AI Strategy, to be released later this year, is closely linked to our development of a Data Exploitation Framework Policy. To fuel this AI-inspired demand, the Alliance will need to progress across three main fronts:
First, ensuring that policies, processes and procedures for data exploitation are fit for purpose, clear and capable of providing effective guidance for the development and implementation of these capabilities;
Second, putting in place the right technologies, including communications and information systems infrastructure, as well as advanced data science tools and software, for a next generation of data scientists;
Finally, addressing the human factor: creating a cadre of data scientists; improving our data literacy, and broadening access to data-science education and training. AI/ML-enabled capabilities are emerging at an increased rate. Chained AI-enabled systems may generate a clear operational picture and provide decision-making recommendations; the US Army’s Prometheus AI system, for example, can transform battlefield imagery into targeting data through processing and threat-detection. Deep-fake technology is also growing in sophistication.
Notwithstanding these serious initiatives, the perception of AI/ML in defence remains focused upon bleak scenarios. This is where adherence to our ethical norms and values is critical and is why we must ensure that we
AI systems are becoming increasingly capable of producing valuable operational information to assist with decision-making (PHOTO NCI AGENCY) NITECH ››› OPTIMIZING DEFENCE WITH DATA
set clear principles for military use. Although such concepts are maturing in the academic space, the international community – particularly in the defence space – has work to be done in fleshing out ideas, testing them against use cases and incorporating ethical use by design in the new technologies. The NATO AI Strategy will tackle some of the challenges of ethics and governance, identifying ways to operate AI systems responsibly and setting guidelines for their governance and accountability.
To coordinate a coherent approach to the novel challenges posed by data and AI, we must leverage the existing apparatus around the Alliance. But NATO must be nimble, engaging with our innovative private sector and academic communities to foster nascent technologies and exploit their applications.
These initiatives, under the aegis of NATO’s Emerging and Disruptive Technology Strategy, lay out a clear plan to step up NATO’s efforts by putting in place the wiring to link up these activities, facilitate improved coordination and realise the ambition set for us by Allies to make the Alliance fit for the security environment of 2030 and beyond. 29
INDUSTRY PERSPECTIVE
Data is the oil of the 21st century, but... 20 years in, we’re seeing an emerging data and physical world nexus
Phil Quade
Chief Information Security Officer, Fortinet
How has NATO’s growing reliance on data changed the security landscape?
Some 21 years into the 21st century, we’re seeing an emerging data and physical world nexus. The foremost principle that we collectively defend in NATO is, certainly, democracy. And, in defending it, NATO operational strategies have often been driven both by geography and the security of carbon-based assets – oil. Securing our nations was primarily seen as protecting physical things – borders, transportation hubs, dams, bridges, factories, power plants – and the fuel that powers them.
But that seemingly static defensive truism has evolved. One hundred years ago, we understood that there was no regional security without the protection of oil fields. Fifty years ago, we understood that there was no national security without safeguards for nuclear weapons. Now, we understand that critical infrastructures and critical manufacturing are important virtual things – to our economies, governments, and personal well-being – that must be protected. In our hyper-connected world, there is no global security without protecting the data that underpins these infrastructure assets with agile, in-time techniques.
Yes, data is the oil of the 21st century; those who have it, those who secure it, those who refine it, will flourish. But 20 years into that century, we’re approaching a geography-energydata nexus, and it’s one that merits some refinement of our understanding of data’s importance. We need to ensure that both our technology and workforce are up to the challenge.
Is data changing, and if so, what does it mean to NATO operations?
Yes, as stunning technologies increasingly instrument our vehicles, homes, businesses, towns, and even our bodies, it’s clear we’ve entered a new era that I call “The Age of Cy-Phy” – the convergence of cyberspace with a plethora of devices and data in our physical spaces. New technologies, designed to operate in (and intimately know) our physical environment, are becoming deeply intertwined with more traditional cyber systems and data.
Enabled by several of the most talked-about technologies, including
Internet of Things (IoT) devices, artificial intelligence (AI) and 5G, cy-phy will fundamentally change how we interact with our surroundings. The opportunities for intelligence and attack operations are profound, potentially providing exquisite insight, context, denial and manipulation opportunities.
What do those changes mean for NATO defenders?
Like the proverbial dual-edged sword, this new type of data will cut both ways: there is both great opportunity and great responsibility. Data from the physical environment includes things like temperature, speed, vector, altitude, proximity, pressure, movement, chemical and biological traits... These are obviously juicy tidbits of data that both intelligence operators and attackers greatly value, and when this data from the physical environment is put in the context of data computed in the cyber domain (say, the cloud or via fast local processing), the insights become supercharged.
But the other edge of the ‘sword’ deserves equal attention: If that data is manipulated, disrupted, or disclosed, people can be injured (or die), military operations can be undercut and/or the best-laid strategic plans can be outmanoeuvred. The integrity of that data is of utmost importance because corrupted data from the physical environment can be much more serious than, say, damage to a PowerPoint presentation: data in
the physical domain that has been changed could cause vehicles to crash, illnesses to go undetected and critical infrastructures to fail catastrophically. Similarly, the privacy and confidentiality of such data is very important, since its disclosure could both disclose movement of troops and equipment or leak private data about one’s actions when living a normal life that could potentially be exploited.
When there is confidence in such systems, innovation and efficiencies can flourish. Consider the injured or sick soldier use-case, where integrated cy-phy cybersecurity could one day be depended upon to alert the nearest medical provider of a sudden abnormality with life-saving speed and accuracy; provide waiting medical technicians with complete stats, comprehensive medical history, and relevant information they need to formulate a precise response; initiate a medical response instantly via medical devices and implants; and even summon an autonomous vehicle to take her/him to a place for more advanced care.
To enable that to happen, cybersecurity strategy and architecture must be built around certain premises familiar to NATO: collective cyber defense (integrating defensive capabilities to work as a team, to defend at the time and place of strength), speed (a rough analogy to ‘manoeuvre warfare’, where those collective capabilities operate at a pace and scope that overwhelms the adversary) and agility (the ability to see, anticipate and adapt to changing conditions).
Can the private sector supply GOTS (Government off-theshelf) capabilities?
Yes, the good news is that private sector capabilities are up to the challenge. As recently as 15 years ago, only some US Department of Defense GOTS systems could detect and mitigate, at scale and in cyberrelevant time, informed by near-realtime threat intelligence. Today, a handful of leading-edge cybersecurity companies, such as Fortinet, have such an ability. Rather than designing more GOTS, our governments can invest its R&D dollars elsewhere and instead procure private-sector systems and, subsequently, ride the private sector’s innovations in the cybersecurity arena.
The network Edge, Core, and Cloud can securely work together to support the NATO mission, using COTS (commercial off-the-shelf) technologies such as NAC and Zero Trust to control edge access, robust and agile segmentation and secure hybrid cloud architecture for securitydriven networking, and SIEM, EDR and threat intelligence for security operations. When these COTS technologies are integrated over a cybersecurity fabric, it both improves cybersecurity and reduces overhead and complexity.
So, the comparison of data’s importance to that of oil is still apt. But, ironically, that data increasingly represents physical things such as energy generation, oil flow, and the movement of individuals. Imagine an adversary remotely tracking the amount of fuel supply available, or even the levels of physical activity, heart rate, oxygen levels, etc of embattled troops, and then pouncing at a time of weakness.
So, looking forward, data hasn’t replaced the importance of the physical domain (as represented by oil fields in the 20th century) – it’s about to magnify the importance of things in the physical domain.
How can the cybersecurity skills gap be closed?
With a cybersecurity skills gap of over four million people, there’s a workforce problem that needs a solution. And a governmentprivate-sector partnership in solving it has never been more urgent. There’s also a growing social-economic gap. Left unsolved, these will hold us back. NATO can play a big role by recruiting and training diverse, non-degreed personnel to fill key cyber roles – an approach that our nations’ military services have historically embraced.
Historically, organizations that leverage both advanced technology and an agile workforce are behind the world’s important achievements. Along the way, democracy and capitalism emerged; intertwined beliefs that both depend on a thriving middle class and a common belief in the principles of hard work, opportunity, individualism and the potential for upward mobility; the things we align behind as a strong NATO.
The business and defence communities have an opportunity – and need – to create and employ a large and diverse new workforce, while simultaneously bolstering the integrity and privacy of the domain where our 21st-century economy and governing is most dependent: the cyber domain.
A vibrant cybersecurity workforce fuels our companies’ innovation and growth; safeguards government services, and bolsters our critical infrastructures. And, importantly, it re-invents and revitalizes the upward mobility aspect of democracies, serving as a combined economic and social engine.
