Mobile Security The Force MultiplierGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-09-01T04:00:00Z, Megan Gates<p>​Go is not just a game. It can also serve as an analogy for life, a method of mediation, an exercise in abstract reasoning, or even as insight into a player’s personality. The ancient board game from China is played by two players on a 19-by-19 gridded wooden board with black and white stones. The stones are used to surround other stones to capture them or to mark territory, with 10 to the power of 170 possible board configurations. </p><p>“There is no simple procedure to turn a clear lead into a victory—only continued good play,” according to the American Go Association. “The game rewards patience and balance over aggression and greed; the balance of influence and territory may shift many times in the course of a game, and a strong player must be prepared to be flexible but resolute.”</p><p>A typical game on a normal board can take 45 minutes to an hour to complete, but professionals can make games last for hours. Supercomputers are not even capable of predicting all the moves that could be made in a game.</p><p>This is why when Google’s Deep Mind artificial intelligence (AI) AlphaGo beat one of the best players of the past decade, it was an exciting moment for the future of technology. AlphaGo bested Lee Sedol, winner of 18 world titles, in four out of five games in a 2016 tournament.</p><p>“During the games, AlphaGo played a handful of highly inventive winning moves, several of which—including move 37 in game two—were so surprising they overturned hundreds of years of received wisdom, and have since been examined extensively by players of all levels,” Deep Mind said in a press release.</p><p>And then, AlphaGo won again in May 2017, marking the AI’s final match event. “The research team behind AlphaGo will now throw their energy into the next set of grand challenges, developing advanced general algorithms that could one day help scientists as they tackle some of our most complex problems, such as finding new cures for diseases, dramatically reducing energy consumption, or inventing revolutionary new materials,” Deep Mind said in a press release. “If AI systems prove they are able to unearth significant new knowledge and strategies in these domains too, the breakthroughs could be truly remarkable. We can’t wait to see what comes next.”</p><p>Neither can the rest of the world. The AI market is projected to reach $70 billion by 2020 and will impact consumers, enterprises, and governments, according to The Future of AI is Here, a PricewaterhouseCoopers (PwC) initiative. </p><p>“Some tech optimists believe AI could create a world where human abilities are amplified as machines help mankind process, analyze, and evaluate the abundance of data that creates today’s world, allowing humans to spend more time engaged in high-level thinking, creativity, and decision-making,” PwC said in a recent report, How AI is pushing man and machine closer together.</p><p>And this is where cybersecurity professionals and experts have shown the most interest in AI—in its ability to create a workforce of the future where AI works to amplify the human workforce, freeing it up to look at the bigger picture and handle problems that machines are not yet capable of.</p><p>“The goal of AI in cybersecurity is to make people more efficient, to be a force multiplier,” says Ely Kahn, cofounder and vice president of business development for threat hunting platform Sqrrl. “There’s a huge labor shortage in the cybersecurity industry. I think AI has the ability to help with that by making the existing cybersecurity analysts more productive.”</p><p>The basics. AI is defined as the development of computer systems to perform tasks that typically require human intelligence. The term was first used in a 1955 proposal for a Dartmouth summer research project on AI by J. McCarthy of Dartmouth, M. L. Minsky of Harvard, N. Rochester of IBM, and C.E. Shannon of Bell Telephone Laboratories. </p><p>The authors requested a two-month, 10-man study of AI to attempt to find out “how to make machines use language, form abstractions and concepts, solve kinds of problems now reserved for humans, and improve themselves,” according to the proposal.</p><p>Since then, AI has advanced, and there are now many broad areas that fit under the overall umbrella of AI, including deep learning, cognitive computing, data science, and machine learning, says Anand Rao, partner at PwC and global artificial intelligence lead. </p><p>Machine learning is one of the largest areas getting attention right now, Rao says. Machine learning is what its name describes—the science and engineering of making machines learn, according to PwC.</p><p>This is done by feeding a machine large amounts of data, then having it learn an algorithm to figure out what is considered normal and abnormal behavior. </p><p>“In machine learning, the idea is you don’t know exactly what the rules are, so you can’t write a program,” Rao explains. “Usually we get an input, we write specific instructions that produce an output; we can do that if we know what it is that we are trying to do. But when we don’t know that, it becomes hard.”</p><p>This is where the two subcategories of machine learning come into play: supervised and unsupervised learning.  </p><p>Unsupervised machine learning uses data to train the system to create algorithms and the machine is continuously learning, says Kahn, who is the former director of cybersecurity for the White House’s national security staff. Unsupervised machine learning algorithms are “continuously resetting, so they are learning what’s normal inside an organization and what’s abnormal inside the organization, and continuously learning based on the new data that’s fed into it,” he explains. </p><p>With supervised learning, humans train the system using training or labeled data to teach the system the algorithm to look for to identify certain types of patterns or anomalies. However, the two types of learning can be used in combination—they do not need to be kept separate.</p><p>For instance, supervised machine learning can be used to allow analysts to provide feedback for algorithms the system is using, “so if analysts see something that our unsupervised machine learning algorithms detect that is a false positive or a true positive, the analysts can flag it as such,” Kahn says. “That feedback is fed into our algorithms to power our supervised machine learning loop…you can think of it as two complementary loops reinforcing each other.”</p><p>Deep learning. One of the main fears that many people have about the increasing role AI will play in society is that it will replace jobs that humans now hold. While that might be the case for some positions, such as receptionists or customer service jobs, experts are skeptical that AI can replace humans in cybersecurity roles. </p><p>To make the kind of decisions cybersecurity analysts make, machines would need to use deep learning—a subcategory within supervised machine learning that powers Google’s Deep Mind products and IBM’s Watson. It uses neural network techniques that are designed to mimic the way the human brain works.</p><p>“I talked about supervised machine learning in the sense of using training data, to help educate algorithms about the different types of patterns they should look like,” Kahn says. “Deep learning is that on steroids, in that you’re typically taking huge amounts of training data and passing them through neural network algorithms to look for patterns that a simpler supervised machine learning algorithm would never be able to pick up on.”</p><p>The problem with deep learning, however, is that it requires vast amounts of training data to run through the neural network algorithms.</p><p>“Google, as you can imagine, has massive amounts of training data for that, so it can feed that training data at huge scale into these neural networks to power those deep learning algorithms,” Kahn says. “In cybersecurity, we don’t quite have that benefit. It’s why deep learning algorithms have been a little bit slower in terms of adoption. There are not pools of labeled cybersecurity data that can be used to power deep learning algorithms.”</p><p>For cybersecurity, ideally, there would be a huge inventory of labeled cybersecurity incidents that could be used to create deep learning algorithms; the inventory would have information about how a site was compromised and what exploit was used.</p><p>“In today’s environment, there is no massive clearinghouse of that information,” Kahn adds. “Companies generally don’t want to share that information with each other; it’s sensitive.”</p><p>This is holding back the cybersecurity industry in terms of taking the next step with AI, and Kahn says he doesn’t see companies’ unwillingness to share data changing any time soon. </p><p>“It’s going to be very hard—less from the technical reasons and more from the policy and legal reasons,” he says. “I don’t know if we’ll ever get to a point where companies are willing to share that level of detail with each other to power those types of deep learning algorithms.”</p><p>However, big companies who have vast amounts of data may be able to take advantage of deep learning in the future, Kahn says.</p><p>AI today. Numerous cybersecurity products are available today that market themselves as an AI product, or one that uses machine learning. These products tend to be used to understand patterns of threat actors and then look for abnormal behavior within the end users’ system, Rao says.</p><p>For instance, a product could be used to look at denial of service attacks, “how that happens, the frequency at which they are coming, and then developing patterns that you can start observing over a period of time,” he explains.</p><p>These patterns can help companies identify who is trying to infiltrate their systems because the behavior of hobbyist hackers, organized hacking groups, and nation-states differs. </p><p>“Once you start profiling, you start looking at how to prevent certain types of attacks from happening,” according to Rao. “Based on the types of profiling, you have various types of intervention.”</p><p>This blending of machines—using AI to identify patterns and humans to make decisions based on those identified patterns—is how AI will change the future of cybersecurity and help bolster the workforce, Kahn says.</p><p>“Optimally, we start seeing a very close blending of man and machine in that we’re reliant on relatively simple algorithms to detect anomalies. Those algorithms are advancing and getting more sophisticated using AI-type technology to reduce false positives and increase true positives,” he explains. “So, analysts are spending more time on the things that matter, as opposed to chasing dead ends.” ​ ​</p>

Mobile Security The Force Multiplier‘Catastrophic,’-Survey-Finds.aspx2017-05-31T04:00:00ZSecurity Incidents Caused By IoT Devices Could Be ‘Catastrophic,’ Survey Finds Warns Congress Of Security Threats to Government Mobile Devices Travel Tips Review: Secrets Spotlight: Internet of Things Toward Disaster Cameras: Fashion or Function? Glossary Stoppers the BYOD Revolution Could Allow Cell Phones to Detect Bioagents Devices't Touch that Dial: Considerations When Using Satphones in Conflict Zones Monitoring the Emergence of Mobile Malware Built to Mine Location Data Worry Criminals Use Smartphones To Monitor Radio Traffic$00.000025: The Going Rate On The Black Market For Your Email Address of Text Message Storage May Hinder Law Enforcement Warrant Necessary for Text Message Search Malware Will Grow in 2011, Predicts IT Security Firm

 You May Also Like... Spotlight: Internet of Things<p><span style="line-height:15px;">For security professionals, the Internet of Things (IoT) raises basic questions: who will be responsible, what will be collected, where will the data be stored, when will security be involved in decision making, why are new devices being added, and how will they affect the daily functions and outcomes of the security department.</span></p><p><span style="line-height:15px;"><a href="" target="_blank">The following resources</a>, ASIS International Seminar and Exhibits education sessions, <em>Security Management </em>articles, and Council white papers, address these questions and offer practical responses and thoughts for t​he future marriage of IoT and security.</span></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 Secrets 2.0<p>​The enactment of the Defend Trade Secrets Act (DTSA) of 2016 in the United States creates a new paradigm and is a watershed event in intellectual property law. U.S. President Barack Obama signed the bill into law on May 11, 2016, and the DTSA now applies to any misappropriation that occurred on or after that date.</p><p>A trade secret is any technical or nontechnical information that can be used in the operation of a business or other enterprise and that is sufficiently valuable and secret to afford an actual or potential economic advantage over others.</p><p>The law allows trade secret owners to file a civil action in a U.S. district court for trade secret misappropriation related to a product or service in interstate or foreign commerce. The term “owner” is a defined statutory term. It means “the person or entity in whom or in which rightful legal or equitable title to, or license in, the trade secret is reposed,” according to the DTSA.</p><p>Under the DTSA, in extraordinary circumstances, a trade secret owner can apply for and a court may grant an ex parte seizure order (allowing property to be seized, such as a computer that a stolen trade secret might be saved on) to prevent a stolen trade secret from being disseminated.</p><p>With this development in the law, trade secret assets are no longer stepchild intellectual property rights. Trade secret assets are now on the same playing field as patents, copyrights, and trademarks. The DTSA reinforces that a trade secret asset is a property asset by creating this new federal civil cause of action.</p><p>And there is no preemption. The U.S. district courts have original jurisdiction over a DTSA civil cause of action, which coexists with a private civil cause of action under the Uniform Trade Secrets Act (UTSA). The UTSA—most recently amended in 1985—codified common law standards and remedies for trade secret misappropriation at the state level.</p><p>The DTSA also coexists with criminal prosecutions under the U.S. Economic Espionage Act of 1996 (EEA), which makes it a federal crime to steal or misappropriate commercial trade secrets with the intention to benefit a foreign power.​</p><h4>What the DTSA Means</h4><p>A trade secret asset must be managed like other property assets. However, trade secret asset management differs because it first requires the identification of the alleged trade secret asset. Because millions of bits of information within a company can qualify as proprietary trade secrets, it is critical to classify and rank trade secret assets.</p><p>Most companies focus on the protection phase of trade secret asset management without first identifying and classifying their trade secrets. This approach is doomed to fail without a thorough analysis. Unless the company knows what it’s protecting, there can be no effective protection. And all three phases—identification, classification, and protection—must occur before an accurate valuation of trade secret assets can be determined.</p><p><strong>Proof. </strong>Additionally, information assets must be validated in a court of law as statutory trade secret assets. There is no public registry for trade secret assets. The courts require proof of four things: existence, ownership, notice, and access. </p><p>The first element requires proof of existence of the trade secret asset. The litmus test for proving the existence of a trade secret has six factors: the extent to which the information is known outside the business; the extent to which the information is known inside the business; the extent of measures taken to guard the secrecy of the information; the value of the information to the business and to competitors; the amount of time, effort, and money expended to develop the information; and the ease or difficulty with which the information could be properly acquired or duplicated by others.</p><p>The plaintiff must show that he or she owns the trade secret. A misappropriator cannot be the owner of a trade secret.</p><p>However, a person who independently develops or independently reverse engineers the trade secret can be the owner of the trade secret. By using reverse engineering, an employee who has not been granted intellectual property rights in the trade secret asset may also be the lawful owner—instead of the employer.</p><p>For proof of notice, the plaintiff must show that the defendants had actual, constructive, or implied notice of the alleged trade secret. A former employee may use his or her general knowledge, skills, and experience. However, a former employee may not disclose or use the trade secrets of the former employer. Also, the former employer is prohibited from claiming that “everything we do is a trade secret.”</p><p>The court will take judicial notice that there is both unprotected and protected trade secret information in every company. If the line is unclear, the court will draw the line in favor of the former employee. </p><p>For proof of access, the plaintiff must prove that the defendant had access to the alleged trade secret. If the evidence shows that the defendant never had direct or indirect access to the trade secret, and there is no conspiracy claim, there cannot be misappropriation. This is because misappropriation requires proof of unauthorized acquisition, disclosure, or use of the trade secret by the alleged trade secret thief.</p><p><strong>Protection. </strong>The DTSA also requires that the trade secret owner take reasonable measures to protect the secrecy of trade secret assets. This is a much more challenging task today because trade secret assets are no longer at rest in a locked file cabinet in an engineer’s office. Today, trade secrets are in motion and in use via computer systems and networks with access points all over the world.</p><p>Companies must actively monitor the access and movement of critical trade secret assets throughout the corporate enterprise, or risk the serious consequences of forfeiting trade secret assets by failing to take the reasonable efforts necessary to protect these assets.</p><p>The point is illustrated by U.S. v. Lee (U.S. District Court for the Northern District of Illinois, 2009). A 52-year-old senior scientist, David Yen Lee, suddenly resigned from his job at Valspar on March 19, 2009, and bought a one-way ticket to Shanghai, scheduled to leave on March 27.</p><p>One of Lee’s coworkers discovered irregularities in Lee’s work computer. Upon further investigation, an unauthorized program called “Sync Toy” was uncovered in invisible Windows files. It showed that Lee downloaded 44 gigabytes of paint and coating formulas, product and raw material data, sales and cost data, and product development and test information.</p><p>The FBI was informed and brought in to investigate. The bureau raided Lee’s apartment and recovered the stolen trade secret assets before Lee’s flight left for Shanghai. Valspar’s security readiness was directed to protection against outside intrusions. However, there was little security in place to guard against trade secret theft by insiders and trusted employees. </p><p>To mitigate against future insider theft, Valspar set up an internal identification and classification system for trade secrets called the CPR (classify, protect, report) model. Valspar now tracks the movement of all critical trade secret assets within the various computer environments with triggers that are activated if unauthorized activities are detected.</p><p>The reasonable measures necessary for the protection of trade secret assets continues to grow as the risk of sensitive data loss increases by various means: unauthorized uploading of trade secret assets to an insecure cloud or Web application; unauthorized email communications disclosing trade secret information; unauthorized acquisition of highly classified trade secret assets onto USB drives; and undetected incoming malware, phishing emails, and corrupted Web software all facilitate foreign economic espionage and theft of corporate trade secret assets.</p><p><strong>Seizures. </strong>Companies cannot take advantage of the DTSA’s powerful seizure provisions unless effective trade secret asset management protocols are in place before the actual or threatened misappropriation occurs.</p><p>First, the owner must demonstrate, in a sworn affidavit or a verified complaint, that the ex parte seizure order is necessary and that a temporary restraining order is inadequate. Second, that immediate and irreparable injury will occur if the seizure is not ordered. Third, that the person the seizure would be ordered against has possession of the trade secret and property that is to be seized.</p><p>Once the ex parte seizure order is granted, the court must take custody of and secure the seized property and hold a seizure hearing within seven days. Individuals can also file a motion to have the seized material encrypted.</p><p>A court can issue an ex parte seizure order, according to the DTSA, “in extraordinary circumstances” to “prevent the propagation or dissemination of the trade secret” or to “preserve evidence.”</p><p>These circumstances exist when a trade secret thief is attempting to flee the country, if he or she is planning to disclose the trade secret to a third party, or if it can be shown that he or she will not comply with court orders. </p><p>The Valspar case is an excellent example of the necessity for ex parte seizure orders. However, the FBI will not always be there, and the window of time to protect against the loss of trade secret assets and destruction of the evidence will often be shorter than the eight-day period in the Valspar case. This is why a DTSA civil cause of action and an ex parte seizure order are so important to protect U.S. trade secret assets.</p><p>The protection of trade secret assets in these circumstances requires emergency actions. Once lost, a trade secret is lost forever. The DTSA requires that the trade secret Owner file suit, and provide verified pleadings and affidavits to successfully obtain a DTSA ex parte seizure order before the de­f­en­dants know the suit has been filed. </p><p>Otherwise, without the element of surprise, the defendants—often with several clicks of a computer mouse—can transfer the trade secrets outside the country and destroy the evidence of trade secret theft by running data and file destruction software.</p><p>Therefore, to take advantage of the robust provisions of the DTSA, the trade secret owner must be able to move faster than the trade secret thief. This will require that companies develop internal trade secret asset management policies, practices, and procedures. </p><p>The DTSA creates a new paradigm. If management waits until the trade secret theft occurs to identify what the trade secret is and investigate the evidence of misappropriation, the actual trade secret assets will be long gone before counsel can provide the U.S. district court with the proof necessary to obtain an ex parte seizure order.</p><p>The result: if the losses from the trade secret theft are severe, both the board of directors and senior executives of the company can be charged with malfeasance, including the willful failure to take reasonable measures to protect the corporate trade secret assets from insider theft or foreign economic espionage.​</p><h4>DTSA Application</h4><p>What are the next steps in view of the DTSA? Every organization is different. There are no one-size-fits-all solutions. Each trade secret asset manager must audit existing approaches to protecting trade secret assets, the resource allocations within the organization, and any budgeting issues with protecting trade secrets.</p><p>A fundamental first step should be the creation of An internal trade secret control committee (TSCC). The TSCC should be charged with the responsibility to adopt policies and procedures for the identification, classification, protection, and valuation of the company’s trade secret assets.</p><p>The next step should be the creation of an internal trade secret registry (TSR). This is a trade secret asset management system that can be deployed as a cloud-based solution, on a corporate server, or on a standalone work station. </p><p>The TSR should operate like a library card catalog storing necessary trade secret asset information with hash codes and block chaining (a database that sequences bits of encrypted information—blocks—with a key that applies to the entire database) to ensure the authenticity of the data stored in the TSR and to meet the required evidentiary standards in a trade secret misappropriation lawsuit.</p><p>Another necessary step is trade secret asset classification, the foundation of a successful trade secret asset management program. Asset classification allows trade secret assets to be identified and ranked, so that the level of security matches the level of importance of the trade secret asset. There are now automated trade secret asset management tools available to assist companies with the classification and ranking of trade secret assets.</p><p>Security, without identification and classification, is doomed to fail. In contrast, securing data after identification and classification of the trade secret assets makes it much easier for the internal security ecosystem to enforce trade secret protection policies and to prohibit unauthorized access, disclosure, or use.</p><p>Today, software tools can protect the company from mistakes that lead to the forfeiture of classified trade secret assets. If a user attempts to email a trade secret document to unauthorized recipients, the software program will immediately alert the user so the mistake can be corrected. Further, classified trade secret assets can be monitored. Administrators can track abnormal or risky behavior that otherwise cannot be tracked until the trade secret is compromised.</p><p>Developing a trade secret incident response plan (TSIRP) is another critical requirement. The flow of trade secret assets throughout the corporate enterprise should be tracked with built-in red flags, designed to trigger the TSIRP and notify outside counsel to proceed immediately to the courthouse to seek a DTSA ex parte seizure order before the bad actors can destroy the evidence or transfer the stolen trade secret assets outside the court’s jurisdiction.​</p><h4>Employee Management</h4><p>There are other best practices for trade secret assets now that companies are focusing on the various stages of identification, classification, protection, and valuation.</p><p>Building a trade secret culture from the top down, with required training and compliance with TSCC policies, practices, and procedures, is at the top of the list. Companies must promote a trade secret culture by prompting employees and users to stop, think, and consider the business value of proprietary, internal information they are creating, handling, and reviewing.</p><p>The new employee hiring process should include an investigation and certification by the new employee that no proprietary trade secret information of any previous employer is being brought to the company or is being stored electronically in his or her personal email system or other electronic storage locations.</p><p>The prospective new employee should sign an employment agreement with patent and trade secret assignment provisions. He or she should also receive and review the company’s required trade secret policies and procedures.</p><p>When an employee leaves the company, off-boarding procedures should include a mandatory trade secret exit interview. The interview should be conducted under strict procedures adopted by the TSCC, including execution of a trade secret acknowledgement at the conclusion of the interview certifying that all company devices, documents, and materials, including electronic copies, paper copies, and physical embodiments have been returned. It should also certify that all proprietary and confidential information, stored on any personal computer or mobile device, has been identified and preserved, returned, or deleted under the company’s instructions.</p><p>The enactment of the DTSA will usher in a new era. It requires trade secret owners to identify, classify, and protect trade secret assets as property assets. In time, the DTSA will become a precursor for new accounting systems that will provide valuations for trade secret property assets.  </p><p>--<br></p><p><em><strong>R. Mark Halligan</strong>, partner at FisherBroyles LLP, is recognized as one of the leading lawyers in trade secrets litigation in the United States by Legal 500 and Chambers USA: America’s Leading Lawyers for Business. He is also the lead author of the Defend Trade Secrets Act of 2016 Handbook and coauthor of Trade Secret Asset Management 2016: A Guide to Information Asset Management Including the Defend Trade Secrets Act of 2016.  ​</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465