Abstract

In this episode, Mr Omri Lavie discusses the role of artificial intelligence in cyber operations and the future of cyber security management in a complex environment.

This podcast series is presented by Dr Alessandro Arduino, Principal Research Fellow at the Middle East Institute, National University of Singapore.

Listen to the full podcast here:

Full Transcript:

[Alessandro Arduino]: Welcome to the 26th episode of the National University of Singapore Middle East Institute podcast series Boots off the Ground Security in Transition from the Middle East and beyond. In this area, we look at the future of warfare, which will see uniformed soldiers or boots on the ground, being replaced by private military company, autonomous weapons system, and cyber weapons. Having discussed in our previous podcast, how the Russian private military company are playing out, today we are going to look at the different arena, the cybersecurity arena, and the role of artificial intelligence (AI) in cyber operations. I’m your host, Alessandro Arduino.

Today I’m really excited to have with us at BOTG Omri Lavie, he is a leading figure in cybersecurity. Let’s say Omri was the O in NSO, and he’s the founder and CEO at Orchestra Group, managing partner at Founders Group, serial entrepreneur, and investor. Omri founded several tech companies in the media, telecom, and cyber industry. Thank you very much for talking with us today Omri.

[Omri Lavie]: Thank you. It’s my pleasure to be here.

[Alessandro Arduino]: My first question is, let’s say relatively straightforward. Can you help our audience to make sense of the current threats that plague the cyber sphere and how AI will help secure government and companies?

[Omri Lavie]: Well, thank you. I think we can all agree that there is a massive increase in cyber-attacks from ransomware to attacks that are just meant to disrupt the life of whoever is being attacked. I think a lot of it is a result of the ever changing and growing threat landscape. We can see that post COVID witnessed a real increase in attacks. The first reason for it is one obviously we’re all becoming more digital. We’re all working remotely. We’re all dependent more and more on it.

And that obviously increases the space in which attackers can operate. We’re not working like we did 10 years ago.  Previously, when you wanted to work on your company computer, you had to go into the office and plug into the secure network and the life of CISOs (chief information security officer) were much easier in that time.

The second reason that allows attacks’ increase is the fact that because it became easier to perform attacks. I think we were seeing a change from opportunistic hacking, to literally a business model around it.  We are seeing more government sponsored attacks, whether as part of an operation or as part of the way to just make money. We have entire economies of countries that are very reliant on cyber-attacks as source of revenue. Also, like any good place where bad things are happening, we also see organized crime, joining it and turning it into a business model. They can employ hackers who just work on scale, performing 5000 attempts at time and among them maybe five will be successful and they’ll charge ransomware for that. And that’s it and that’s a successful day.

I think this truly sizable increase in the in the threat landscape, is what allowed our world to become more complex.

I like to think of it as cyber being the new arena, the new frontier, where battles are fought. It’s almost like a, like an evolution of the Cold War. The Cold War was more human reliant than the new Cold War is cyber reliant. AI will have a critical role in managing this new kind of threat environment. For example, in the company I manage, Orchestra Group, we are heavily relying on AI based analytics to help us make the best decisions and tell the organization’s which way to protect itself because.  The threat landscape is significantly larger, also the data points that are created in a single defence line of cybersecurity are much larger than they used to be, compared to the old days like 10 years ago or less. At that time, you had your computers, your servers, maybe one wireless printer for per floor, and today you have thousands of devices and things that are connected to your network, from CCTV cameras to washing machines to server points to heart rate monitors, and literally thousands if not millions of data points. Which is something that for your CISO it would be extremely difficult to handle. Okay. Not only do you need CISO at the forefront of your entire cybersecurity defence team, but you have 1000s of data points to take into considerations if not ten thousand or more.

You have to make numerous calculations and understand the attack path scenario and where the threat is coming from and what’s your weakest point. Keep everything up to date, which becomes an increasingly challenging issue to deal with. And I think AI is exactly what will we will be able to rely on more heavily going forward because AI can see a lot better than we can see because it can see concurrently through numerous data points and make much smarter decisions based on the information that it has already, which is something that I think us as humans will find increasingly challenging, particularly in the next few years.

[Alessandro Arduino]: I found extremely important when you just mentioned that now there is a new trend moving from opportunistic attack on the web, to attack that are more government related. But in this respect, I think one of the problems is attribution. Cyber-attacks, moves at lightning speed and cross national-borders in seconds. Is there a way that the state defensive system can even start to address this kind of let’s say transnational challenge and able to pinpoint that origin of a cyber-attack?

[Omri Lavie]: Well, just like you said borders who are part of an archaic way of groups of people to differentiate, differentiate, differentiate themselves from one another. Today, you know, it’s irrelevant. So if, if back in the day, say a spy from Eastern, Eastern Berlin would walk over to the west, it would be immediately caught because it wouldn’t have the right paper as it had to go through checkpoints that verify that even straight from the place that it comes from, it’s already suspicion that today it’s incredibly difficult to have a data packet coming from, let’s say, a geographical location of the North Korea. Sure it can be malicious, but it can also be harmless and the borders as we humans defined, the find them geographically play no role. And yes, there’s no problem in navigating attacks from anywhere on Earth to anywhere on Earth and it makes the defensive life extremely more difficult.

[Alessandro Arduino]: I agree on part of your argument but I disagree on another part and I tell you why. One of my favourite Japanese organization theorist Kenichi Ohmae a long time ago was used to say nation state are dinosaurs and border don’t exist no more when he was cheering for globalization. But now as you correctly mention, you cannot trace border into cyberspace. But there are countries like China, for example, or even Russia that are drawing the line even in the cyberspace considering it as national territory, therefore it belongs to the cybersecurity environment of the country. In this respect, I have a very strange and fascinating case form one of our previous BOTG podcast: we were looking at a trend that is related to a private military company that pivoted from boots on the ground to the cybersecurity arena. We discussed with them how a company specialized in K&R, kidnapping and ransom, were used to negotiate ransom in Southeast Asia from Vietnam to the Philippines, and then they transitioned their business model to negotiating what you mentioned before one of the emerging threats: Ransomware – ransom payment online.

The CEO of the company mentioned that it was easier to negotiate online than getting shot while negotiating with the boots on the ground. My question is, do you think that a PMC or private military company moving into the cyber arena are better equipped than just a cybersecurity firm providing this kind of service? And let me allow to reverse the question. Have you ever heard of a cybersecurity company had been boots on the ground as their capabilities to enforce the action from the virtual space to the real world?

[Omri Lavie]: I’ll start from the second part, which I personally haven’t seen a cyber company that added the literal boots on the ground. Yet I did see however, in some fortune 500 organizations that the CISO was obviously in charge of cybersecurity also gets the responsibility of physical security within the premise. And the reason for that is not necessarily the military background or anything of that nature, but it’s the fact that physical security aspects of a certain compound or a building are often tied into the cybersecurity as well.

For example, I remember speaking to a person who was the CFO of let’s say, one of the five largest banks in the world. And he told us and we were quite surprised by that, on top of his responsibilities, which are obviously increasingly difficult. He got the responsibility for example, for the entire physical security. They have a compound of buildings in London and he was responsible for it. Anything from the carousel, to let employees use their tag to come into the building and all the way to controlling the elevators and the AC and I think the reason for it is because that’s also a way for cyber attackers to attack these targets. The old school fashioned way of attacking is still the most popular by just using a USB stick and putting it where you’re not supposed to put it and then you have yourself a situation.  I think that’s kind of what led into that transition. But a literal boot on the ground and negotiating ransom in person, I have I have yet to see it. But I do understand what you’re saying in which if somebody has experience in negotiating for a living, then they will have the same experience being useful when negotiating with cyber kidnappers just as well as real kidnappers. In fact, I saw a case study that in Israel was quite recent that one of the I believe it was an insurance company that had a massive ransomware attack. And the person that they brought to negotiate on their behalf had zero understanding in cyber but he was a very successful, let’s say, negotiator as his former position in the army was to negotiate extreme cases of kidnapping, and terrorist abductions, and so forth. Therefore, he brought his skills from the field to negotiate with cyber terrorists, which is basically what these people are. I definitely see that happening the other way around, like I said, maybe more limited to physical security and a premise, but not necessarily for cyber world per se, but who knows, I get surprised every day, so I wouldn’t I wouldn’t be surprised if my opinion will change in a few months or years.

[Alessandro Arduino]: I found very interesting when you mentioned that this specialist, being an expert in human factor but not a cyber expert is still an important part in the overall process. Also, the human factor, is going to play an important part, at least for a while. But maybe I’m stretching a little bit too much the narrative but when we are going to have an AI working with the cyber terrorist and you must negotiate with AI, then probably the human factor is going to be out of the window, but hopefully, it will be in far future.

[Omri Lavie]: It will be really fascinating to see the first time that the AI negotiates with the human or you know, what if an AI technology is going to become very easily and affordably available, maybe we’re going to see an AI negotiating with an AI, that would be interesting. And very fast, I think.

[Alessandro Arduino]: Absolutely very fast. As we move our discourse on AI and on one of the biggest trends in application of AI, specialized AI applied to the financial market. Looking at Fintech two of the main global financial hub are located one where I’m here right now in Singapore, and another not far away in the Gulf,  in Dubai. Both areas, Singapore and the UAE, are bent to secure their digital financial market, because it’s critical for a sustainable economic development, especially in the Gulf country, where you see they’re moving in a post oil scenario and where high tech and fintech play a very important role. But as a result, all around the world, everyone is looking for the same job description, cyber talents, but the pool of talent is shrinking by the day. Considering that you are a very successful entrepreneur and founder of several company how do you cope with this recurring problem?

[Omri Lavie]: Well, first of all, it’s a real problem. I guess every country has its own set of challenges. In Israel, for example, it’s obvious right now that there’s a shortage. But there’s a shortage in all tech professions because the tech industry grew substantially not just cybersecurity. I honestly think that the traditional ways of resolving it are the ones that are happening and they will eventually bridge the gap. I witnessed a lot more companies offering entry level positions that don’t require any experience. There’s a growing on-the-job training, which is great, because honestly, I think you’ll agree, you have a much more advanced academical background than I do. So you know that with all due respect to the academy at the end of the day, when you get your hands dirty, that’s the experience that you really need for your job in many cases, and I see a lot more positions like that being open. Of course. There’s really no degree in cyber today. But there are a lot of professional courses were relatively short and relatively. The is looking for a career change. You could be working in McDonald’s one day and three months later, you can be working in cybersecurity if you do the right if you take the right courses and you find an entry level position. Therefore, this trend will be very substantial and pushing more people filling that job gap. Nevertheless, it’s a huge problem. Up to now I haven’t seen any creative solution there. But all the solutions out there that I’ve seen so far are traditional, but they seem to be working. Like I said entry level positions and quick training, which will enable you to obtain a certain position rather quickly.

[Alessandro Arduino]: Looking at cybersecurity’s jobs, can you give us like two or three title of this course or something that can our young audience can look at?

[Omri Lavie]: There are commercials popping up for these kinds of training courses all the time, by the way, some of them are actually courses sponsored by massive organizations like Microsoft, or Google, or Cisco, which create their own ‘’little universities’’, which train people because the people know that if they get trained in Microsoft, there’s a good chance that I can get a job with the organization.

[Alessandro Arduino]: I recall in the early days of aviation when airlines prefer to train at home their own pilots and not someone that have already had previous basic training because they want to infuse the core value of the company in the way you manage an airline. In this case it looks very similar. We are witnessing right now at an increasing friction between the United States and China. And hopefully this is not going to lead to a bifurcation of the digital ecosystem and but if it’s the case we will have to make a choice between a Chinese operative system or a Western one. Here in Singapore, there is a growing perception that the cybersecurity market is increasing leaning toward the east. In your opinion what will leave Israel especially in this position, as Israel as start-up nation is recognized both in the west and in the east as a leader in the field.

[Omri Lavie]: Again, this is purely my opinion and it’s based on my on my personal experience, but it has been in a lot of subjects not just in cybersecurity tn which Israel has maintained let’s say healthy relationship with both the west and the east. Obviously, geographically, and politically, Israel is literally in between. We are very prone to America, but also, we have socialist backgrounds, as a country. Therefore, there’s a lot of things that we see differently, but there’s been obviously a massive Americanization of Israel in the last 50 years. In this respect, Israel has always of kept its options open. But at least from my experience, I think that in Israel, there’s still significant leniency towards the west. I think most companies I know and, that I read about and that I know personally, are aiming for the American market for the European market, and are working with suppliers from the United States and from Europe. Far more than I see in the East Singapore, obviously being deeply in the east and heavily influenced by that arena. I can imagine that it might not be the same but Israel at least on that front, I think is heavily leaning towards the west.

If I can say that, Russia and China are Team Red and the United States and Europe are Team Blue, that Israel is probably purple cannot afford to take sides.

Because one superpower is probably our best ally, even in these complex and difficult times of the current US administration. And the other one is, is our is our next-door neighbour, which makes it very hard choice. It’s Sophie’s Choice of politics. So, you know, at least for private sector companies, I definitely think that the tilt is still heavily tilted towards the west, but politically, I think Israel is somewhere in between, and they’re trying to appease both superpowers and make sure that they’re not really forced to take sides.

[Alessandro Arduino]: Thank you. You give to our audience, a lot of foot for though.  Especially looking at the future of cybersecurity and implementation of AI. I’m asking you the question that I asked to all our guests what we call the billion-dollar question. And the question is what will be the future of cybersecurity management in complex environment in the coming 30 years?

[Omri Lavie]: Well, 30 years, I read somewhere that when people go to job interviews and they get ask where do you see yourself in five years that it’s not a realistic question, because it’s extremely difficult to foresee five years into the future. So 30 years. I mean, if you would have told me 30 years ago, on how the world would look like today, I wouldn’t believe you. So I’ll be honest, it’s an extremely difficult question to answer. I do think that in the in the future, as we opened our conversation looking at solutions, like we have at Orchestra Group is that it’s AI based. AI will be more and more popular, because like I said, most of the threat landscape, and the level of data points those different systems must deal with is just increasing every single day.

At the end of the day, the complexity of situations will increase. Also,  I think AI will be very dominant. AI will predominantly rule through cybersecurity and humans will have to work with their AI colleague, sort of speak, which will make probably 99% of the decisions for them and they will give them the guidelines in which they want to work but because us as humans working directly with the infrastructure would be very, very difficult. In 30 years, I’m assuming also we’ll get to see a lot more. I don’t know maybe space-based cyberinfrastructure, which will be even more complex, and we will add another arena that we’re dealing with, which I’ve seen quite a lot of moments in recent years as well. But, again, that’s my prediction, but honestly, I think it’s maybe something we’ll see within five years but the 30 It’s, it’s going to be wild, that’s for sure.

[Alessandro Arduino]: Thank you very much for joining us today. We are always used to ask 30 years and not one year for simple fact that in one year if you make a mistake, people will remember it in 30 years it’s a long time. But again, it’s been really great listening to your insight. Thank you very much again for being with us.

I just want to plug our folding podcast that will be based on the evolution of Chinese private security company along the Digital Silk Road. Stay tuned and enjoy a great day.