Smartening Watson: IBM Supercomputer Bolsters Cybersecurity Job Gap
Skynet isn’t becoming self-aware, but IBM ‘s ( IBM ) supercomputer, Watson, aims to become more aware … of cybersecurity attacks. To combat a growing number of Black Hats and a shortfall in their counterpart White Hats — the company says forecasts see as many as 1.5 million unfilled cybersecurity positions by 2020 — IBM was set early Tuesday to announce a year-long project with eight universities to smarten Watson. Watson is already filtering Big Data to bolster cancer research, create learning tools and improve business operations. The next frontier? Teaching Watson to scour the 80% of unstructured online data to suss out cyberthreats. IBM’s security operations center (SOC) already receives 20 billion pieces of raw data per day detailing potential cyber mischief, says Caleb Barlow, IBM Security vice president. On average, companies spend $1.3 billion annually, or 21,000 hours, chasing false positives. “Some can be mundane, like a user was locked out after 10 password tries,” Barlow told IBD. “Or, we could get data about an ATP (advanced threat protection) attacker. … It’s not a matter of looking for the needle in the haystack. It’s a matter of a looking for the needle in a stack of needles.” Enter Watson On Unstructured-Data Front Watson is capable of digesting structured data, Barlow says. He likens it to a paramedic responding to a car accident. Watson can take the vitals, but it cannot look for the crack in the windshield where the victim hit his head (unstructured data). It’s the difference between analysis and insights, Barlow says. Humans can do both, but the sheer volume of data is overwhelming. “Security data is in unstructured data — blogs, wikis, articles, white papers, presentation notes,” he said. “How do we take that experiential data, data we can only get from a human and apply that to this challenge?” First, IBM will team up with students from California State Polytechnic University, Pennsylvania State University, Massachusetts Institute of Technology, New York University, University of Maryland, University of New Brunswick, University of Ottawa and University of Waterloo. There will be 200 IBM staff members and students working on the project. “The partnership between IBM and Penn State is an ideal opportunity for our students to experience the kinds of bleeding edge knowledge management that will drive technology in the next century,” Penn State professor Patrick McDaniel said via email. “At the same time, it is a wonderful chance for Penn State to showcase its exceptional student engineers.” Under instruction from IBM experts, the students will process 15,000 documents per month including threat intelligence reports, cybercrime strategies and threat databases. Watson will slowly begin to learn that unstructured data. It’s almost childlike, Barlow says. “You have to sit down with Watson and explain the language,” he said. “Then, we go through, ‘Here, you were right,’ or ‘Here, you were wrong.’” The difference is that Watson won’t forget, he says. Still, a human analyst remains necessary to respond to developing attacks — whether that’s blocking the hacker, watching malware inside the network or plugging holes. “Watson is not replacing the analyst,” he said. “But if I can get Watson to ask all those questions and prioritize that, I can be asking millions of questions (to suss out legitimate cyberattacks) I would not be able to ask otherwise.” Demand Outstrips New Talent That’s more valuable than finding the needle, Barlow says. More than 10,000 security research papers and 60,000 security blogs are published each year and each month, respectively. The National Vulnerability Database has received reports of 75,000-plus software vulnerabilities. Coupled with that, varying reports place the current paucity in cybersecurity skilled employees at 200,000 to 1 million. It was a huge topic at the RSA Conference in February in San Francisco. But it’s not that students aren’t interested, Barlow says. “Universities have shown me their growth statistic,” he said. “It’s a hockey stick. Their challenge is, they are running out of facility space.” The problem is immediacy. Twenty years ago, cybersecurity wasn’t at the forefront of IT concerns. They, today there aren’t enough skilled professionals. The chief information security officer (CISO) is newest entrant to the C-Suite. “These are not skills people have historically had,” Barlow says. “It’s IT-centric computer science skills. It requires a collision of those traditional computer science skills with forensics and investigative skills.” He added: “No matter how aggressively universities turn out new talent, they won’t be able to meet the demand.”