In cyber operations, one of the most powerful capabilities that software can provide is the ability to assist network operations center managers with planning. Planning network changes based on systems-of-systems architectures, a very complex integrated landscape, is a bottleneck in responding to new threats, integrating new tools and determining the value of new intelligence.
There are a lot of requirements enterprise managers should consider when building an artificial intelligence approach that provides a network with dynamic planning capabilities. Here are just a few considerations.
A Fail-Safe Critical Communications Bus
A clear encrypted channel between systems, apps and people is often a struggle when communications are threatened. Our customers often ask us for advice regarding capabilities in extremely volatile and threatening environments. We suggest custom publish-subscribe tools that are deemed not only secure in their protocols but also in the way that endpoint connections can be regenerated or reestablished when threats or failures disrupt communication links. The ability to respond to communication challenges between hundreds, thousands or millions of endpoints in more automated ways is a winning capability. Disrupting communications is often the first target between systems or people.
The Ability To Represent Complex Rules
The more complex your systems-of-systems architecture, added with more diverse custom controls for human network operators — all while threats increase in complexity — means that your network needs a multitude of rules on top of rules to respond. This landscape portrait is fragile, and fragility indicates weakness. Stronger solutions require that your team implement complex logic quickly in cybersecurity networks.
The best way to do this is to incorporate user, machine and bad actor behaviors into software using knowledge representation techniques. Two main ways to look at the problem/solution arefrom a rules perspective or a procedures perspective. Some engineering teams focus on representing the problem and iterating on it, while others simply begin by representing as much as possible within the domain space and then frame what the solution actually contains.
Knowledge engineering is the explicit custom development of behaviors modeled in directed graphs that are encoded into software. There are very few sophisticated knowledge representation tools on the market, and the expertise regarding how to account for all the rules requires domain expertise, too. However, there are a few publicly accessible engineering teams who can successfully accomplish cyber-knowledge engineering. Examples include Stanford University’s Protégé, the University of Michigan’s SOAR, Cognitum’s Fluent Editor and Veloxiti’s vStudio.
Integrated Maintenance Capability
All software needs to be maintained and updated, and your system needs visual editing of software to react quickly. Visual knowledge graphs created by knowledge engineers take on this task using custom software tools. Think of this activity as a network map engineered to reflect behavior rules that define abstract ideas about what is normal and what is not normal behavior. The resulting cyber-knowledge graphs act as expert repositories that represent the physical system and its behaviors. It’s easy to imagine that visual graphs provide efficient maintenance and version control capabilities.
Updating your network operations center’s integrated tools, user behaviors or regulatory rules requires only that knowledge graph designs are updated visually and objects are added or removed and then compiled into code to execute.
What I have described above is a small look at enterprise considerations for building stronger artificial intelligence software. Network operations centers need the ability to plan and adapt faster or even predict new outcomes based on a variety of possible plans. This is not assumptions based on what the future may hold. This is happening right now. Leaders of network operations should consider implementing these tips to establish a cyber-savvy enterprise.