Patrick de Graaf LL.M.
- Cyber Operations
- Hybrid Strategies
Cyber security is a serious business. As our dependency on ICT increases, so does the potential impact of a cyber attack. Nowadays, attacks are carried out by professional actors with highly technical capabilities and backed by substantial resources. To protect organisations against cyber threats, TNO offers innovative solutions with better and faster detection and responses to these attacks.
The attacks are often targeted. They typically involve a high degree of automation, persistence and technical sophistication. TNO is working closely with academics and companies to reduce the average time it takes to detect and respond to a cyber security breach.
TNO is tackling cyber security head-on. And AI is playing a key role. In the area of threat hunting, for example, we are combining AI with human intelligence and contextual interpretation. The tools that we design assume that an intruder has already compromised a system. They then detect anomalous internal and external patterns in network data and system loggings. By coupling network data with centrally available system-log data we can filter and enrich that data, maximizing the effectivity of AI-enabled detection tools.
In the field of automated security, meanwhile, we are using AI to increase both its efficiency and its effectiveness. Cyber security needs a rich combination of information and analysis. If a cyber attack is detected, the potential attacker, target and (likely) attack path are identified. The response options are then identified, as well as the potential impact that they could have on business continuity.
TNO is bringing together parties to overcome challenges in tackling cyber security. This TNO-facilitated collaboration is providing smart, AI-enabled algorithms to safeguard organisations against cyber threats. The challenges that are faced are very real. Firstly, knowing how to apply expert knowledge about IT, cyber security and cyber-attacks with AI expertise is an absolute must. Only then can this expert knowledge be used to optimise detection algorithms with respect to their false-positives. Then there’s the availability and quality of data. Sharing operational security data is often challenging in itself. And last, but not least, AI must be made actionable for analysts by explaining AI detection output.