(Spoiler alert) If you have not yet seen the film Arrival, please skip the first paragraph.
In 2016, twelve Unidentified Anonymous Phenomena (UAPs) landed in twelve different countries across the globe. One by one, each nation-state extended multiple communication methods to understand the true nature of these foreign beings, but none could break through. Not until Dr. Louise Banks, portrayed by actress Amy Adams, cracked the code could the collective strategy of the UAPs be bridged. This scenario is, of course, fictional. But, if it sounds familiar, it's because it's from the movie Arrival. The story may seem far-fetched, but the use case could apply to today’s intelligence-sharing cybersecurity challenges.
Arrival offers an excellent lesson for cybersecurity information sharing, in that collaboration today is unbalanced to our individual and collective detriment. Automated sharing within and between sectors continues to lag. The lack of automated sharing is reminiscent of the lack of collaboration between countries in Arrival. In 2021, DHS CISA launched the Joint Cyber Defense Collaborative (JCDC) to jumpstart public and private sector intelligence sharing; however, the volume of attacks and lack of collaboration continue to strain current efforts. To put it boldly, the private sector must engage and level up its game.
And there is no better time than now. With artificial intelligence being the topic of de jour, AI can be the trigger to accelerate automated information sharing, creating a non-zero sum paradigm where all participants benefit.
How would it work?
- Organizations would self-organize into member-sharing groups, such as state agencies, industry-specific organizations, or federal agencies.
- Agreed member parties would contribute threat and event data through OCSF. OCSF normalizes and standardizes data generated from cybersecurity tools [logs, DNS, SSH, and authentication activities]. (See here for more info on OCSF.) Customers could redact sensitive data (PII and proprietary info) before transmission.
- Normalized OCSF data would be compiled in an LLM. The LLM would predict future cyber events and make them available to member parties. The LLM output would be similar to a high-fidelity weather forecast, which participating members could leverage to avoid attacks or disruptions.
For example, state government agencies could transmit OSCF event data, building a state-wide LLM. Each state agency would benefit from automated insights from other agencies, reducing risks across the state and preempting contagion. This same model could be used by federal government agencies or groups of private enterprises, with each collective becoming more secure–similar to the main plot in Arrival.
But this is not just the stuff of science fiction and blockbuster movies. Automated collaboration is the future, enabling individual enterprises and groups to work together and leverage data accordingly to achieve non-zero-sum and collective benefits.
Want to learn more about what the future holds for cybersecurity — from AI, cyber threats, and the value of bringing teams and data together? Get your copy of Splunk’s 2024 Security Predictions.
