The Internet of Military Things & Machine Intelligence: A Winning Edge or Security Nightmare?

Army finds itself at the dawn of the Fourth Industrial Revolution (4IR) where rapid technological advancements seem to be revealed on a regular basis. 4IR is comprised of new technologies, including but not limited to, machine intelligence,[1] robotics and autonomous systems.  However a central feature of 4IR is emergence of the Internet of Things (IoT), which is essentially a global network of objects connected via the internet. Initially intended to link everyday household items[2] to the internet for control and monitoring purposes (ie smart homes), the IoT is now connecting digital devices at an exponential rate.[3]  The Internet of Industrial Things (IIoT)[4] has also arrived for purposes such as, transport management, robotic manufacturing control or via autonomous mining operations orchestrated from distant locations.[5]  The IoT continues to evolve with new applications, such as the Internet of Space Things[6] and the Internet of Nano Things.[7]

With enhanced connectivity comes greater utility and disruption of traditional industries, such as Tesla’s networked power walls[8] and autonomous electric vehicles[9] impacting the car and energy industry. However, every smart device that fuses with the network could potentially be controlled by malicious software, thereby creating another point of access to exploit or disrupt that network.[10]  So with more IoT digital portals opening across the globe, the massive growth of network active devices may generate both a growing security risk and network latency challenge.  What then of the digitisation concept currently being implemented across Army via LAND 200?  This process could also be considered as development of an Internet of Military Things (IoMT), which is akin to everyday objects IoT interface, but replicated within the boundaries of a military environment.  The IoMT might also be considered as a Local Area Network within the IoT Global Area Network.  So considering IoMT in this network configuration may initially be useful in designing robust safeguards in context of global digitisation threats.

So what is the big deal in terms of cyber security? Can’t Army just rely on proxy server chains, multiple fire walls, security patches and sophisticated encryption to protect its data integrity? Yes it can, but extant network protection technologies could conceivably be bypassed in the future due to ongoing advancements in software engineering, quantum computing[11] and machine intelligence now passing ‘Turing’s Test’.[12] Hacking and cyber espionage has also become a popular tactic due to potentially high pay-off results and plausible deniability benefits.  In fact cyber probing has now become so easy that even small nations with limited resources are doing it.[13] The risk now is that cyber threat actors are successfully merging machine intelligence with hacking methodologies,[14] which (worst case with quantum speed processing) might realise undetectable network infiltrations via IoMT and IoT interfaces.[15] Own force autonomous drones could also be hijacked and used offensively against Army with disastrous consequences.[16] Therefore, the implications of machine learning enabled hacking on the effective conduct of future military operations are significant and manifest as a potential security nightmare.

So how does Army respond to emerging cyber security threats? One school of thought is to assume our networks are already compromised and we have no reliable way of knowing for certain.[17] Alternatively, we may still have time to prepare for covert machine intelligence optimised cyber intrusions.[18] With more time, options such as air gapping sensitive data could reduce the risk of IoMT inadvertently providing digital corridors for machine intelligence attacks.  Counter-machine intelligence as a variant of software defined security might also be considered.[19] This includes secure machine intelligence software to provide advice to ADF commanders, including probabilities of tactical event outcomes ie a Combat Watson.[20] Moreover, new cyber deception techniques could be developed; the recent 'fake news' misinformation scandal is instructive in that regard.[21]  Thus fake data stored or deliberately leaked from a taxonomy of dummy networks might disrupt threat machine intelligence data analytics. It’s worth noting that dummy radio networks helped the Allies confuse German forces prior to the D-Day landings in 1944, so a similar concept might work for cyberspace threat mitigation.[22]

In summary, the 4IR digital renaissance will bring a wide range of technology opportunities for Army modernisation. However, 4IR may also realise threats to the enterprise due to a proliferation of connected digital objects and IoMT interfaces.  The concept of Turing-like machine intelligence hacking with super fast quantum computing, once science fiction, is now an evolving threat poised to transform the security landscape. So efforts to develop a counter-machine intelligence digital resilience strategy may ensure Army can continue to effectively prepare for land combat and maintain a winning edge.[23]

[1] Machine intelligence is comprised of algorithms that perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making and language translation. Machine learning develops programs that can teach themselves to learn, understand and act (ie become more intelligent and increasingly more capable).

[2] For example: Household alarm systems, climate control panels, watering systems, televisions and home desktop computers.

[3] There are almost 5 billion internet connected devices being used today, and according to Gartner Research, that number is expected to grow by 500% in the next 5 years. http://internetofthingsrecruiting.com/how-secure-are-home-iot-devices/

[4]http://snip.ly/zi363?utm_content=bufferf2f52&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer#https://arc.applause.com/2016/06/03/industrial-iot-2016-genpact/

[5] http://mobile.abc.net.au/news/2015-10-18/rio-tinto-opens-worlds-first-automated-mine/6863814

[6] https://www.google.com.au/amp/mashable.com/2017/04/11/nano-satellites-internet-of-things.amp

[7] http://www.iotcentral.io/blog/internet-of-nano-things-iont-market-analysis-growth-trends-and-fo

[8] https://www.google.com.au/amp/s/amp.theguardian.com/commentisfree/2015/sep/18/teslas-powerwall-will-give-its-first-taste-of-disruption-to-australias-energy-market

[9] https://www.google.com.au/amp/s/www.forbes.com/sites/innovatorsdna/2016/08/24/teslas-innovations-are-transforming-the-auto-industry/amp/

[10] http://www.smh.com.au/comment/why-you-may-have-good-reason-to-worry-about-all-those-smart-devices-20161207-gt6fdc.html

[11] https://futurism.com/china-develops-a-quantum-computer-that-could-eclipse-all-others/ Accelerated computer processing power.

[12] The Turing test, developed by Alan Turing in 1950, is a test of a machine’s ability to exhibit intelligent behaviour equivalent to, or indistinguishable from, that of a human (Wikipedia).  https://www.google.com.au/amp/s/amp.theguardian.com/technology/2014/jun/09/what-is-the-alan-turing-test

[13] http://www.smh.com.au/technology/technology-news/hacking-is-now-so-common-that-even-small-nations-are-doing-it-20170502-gvxr2x.html

[14] https://hbr.org/2016/01/your-algorithms-are-not-safe-from-hackers hacking methods combined with machine learning may realise rapid code breaking ‘Turing-like’ results and data security breaches that facilitate taking control of network devices or autonomous systems.

[15] ADF members’ personnel data could be accessed and dossiers on senior commanders developed over many years by foreign intelligence.  Voice recognition during field exercise radio transmissions, monitoring an individual’s performance during virtual simulations or papers they wrote during officer training could generate a detailed picture of how that member might operate in a combat situation.  This data could be ‘sold’ or freely provided to adversary intelligence services during or prior to a conflict.

[16] A friendly remote surveillance drone might have its downlink data modified to present false images following a machine intelligence cyber attack.  The drone might also be used to collide with and destroy another friendly drone kamikaze style.  ADF drones equipped with missiles could be ‘compelled’ to use those weapons against ADF force elements realising a form of forced autonomous fratricide. https://www.google.com.au/amp/thehackernews.com/2016/10/how-to-hack-drone.html%3Famp%3D1

[17] http://www.cnbc.com/2017/04/17/darktrace-on-why-artificial-intelligence-is-key-in-cybersecurity.html A recent cyber security report showed it took organisations an average of 99 days to realise their digital security protocols had been breached.

[18] http://www.abc.net.au/news/2017-05-06/software-bug-discovered-in-sensitive-government-systems/8501654              

[19] https://www.infosecurity-magazine.com/opinions/software-defined-security-going/

[20] https://en.m.wikipedia.org/wiki/Watson_(computer)  Machine learning capable of answering questions and knowledge retrieval.

[21] https://journalistsresource.org/studies/society/internet/fake-news-conspiracy-theories-journalism-research

[22] https://en.m.wikipedia.org/wiki/Operation_Bodyguard This was underpinned by Alan Turing cracking the ‘Enigma Code’.

[23] This includes Army’s joint warfighting contribution in contested domains via the conduct of joint land combat.