• As the near-constant stream of high-profile attacks suggests, the cyber-threat landscape is

rapidly evolving with no sign of slowing. Cyber-attackers are not only moving faster, they are
adding new and innovative tools within their toolkits. And as the entire world turns online, we
are moving towards a future where cyber-threats increasingly threaten the safety of not just
our data, but of our physical infrastructure too.
• Autonomy, scale and complexity in our defense systems will trigger new cyber-attack strategies,
and autonomous intelligent malware (AIM) will be part of the picture

• First, on the battlefield of the future, “intelligent Things will fight intelligent Things”

• Autonomous Cyber AI is revolutionizing cyber defense and may prove to be our best line of
defense against future AI attacks
Autonomous and automated: Defined

•  “autonomous” and “automated.” Despite popular belief, these terms are not synonymous,
but each carry a distinctive, separate meaning worth establishing when looking at security
strategies.

• Automated systems typically run within a well-defined set of parameters and are very
restricted in what tasks they can perform. The decisions made or actions taken by an
automated system are based on predefined heuristics.

• An autonomous system, on the other hand, learns and adapts to dynamic environments,
and evolves as the environment around it changes. The data it learns and adapts to may be
outside what was contemplated when the system was deployed. Such systems will ingest
and learn from increasing data sets faster, and eventually more reliably, than what would be
reasonable for a human.
The evolution in automation levels of cars is summarised in Figure 1. Many companies such
as Waymo and Tesla are now hugely investing in a future lead by Autonomous vehicles (self-
driving cars).
Autonomous Machine Security Risks

• As autonomous systems move past test phases and into both the
public and private sectors, cyber security is once again moving to the
front burner. Liability suits are bound to pop up when errors result in
casualties. Self-driving cars, drones and robotics need to be as safe as
possible as they become commercially available.
• MachineDesign.com’s digital marketing specialist Rilind Elezaj highlights several of these risks in
“Autonomous Cars: Safety Opportunity or Cybersecurity Threat?”:

• Self-driving cars could be hacked with ransomware, not allowing owners to enter, start or exit
the vehicle until a ransom is paid.
• Terrorist hackers could disable networks, range sensors and cameras, resulting in multiple
collisions.
• An autonomous vehicle’s operating system could be hacked, exposing personal information on
other connected devices.
• Hacked vehicles could potentially be rerouted to an area where a robbery or assault is planned.
• Connected cars can control IoT devices at home, giving hackers access to people’s home
computer networks.
• Drones, especially military drones, carry with them several other risks
that require effective cyber security solutions. Tractica.com’s Sanders
points out that GPS jamming, overriding “return to home” fail-safes,
and intercepting video/image/data feeds from drones could all result
in catastrophic damage, theft and exposure of sensitive or classified
information.
• Military drones might be targeted because of the ammunition and
explosive ordnance they carry. But even privately owned drones, such
as those that may soon be used for delivery of goods purchased
online, would also present attractive targets to hackers.
Autonomous Systems Cyber Security Strategies

• The machine learning algorithms underlying autonomous vehicle

computer systems act as the first line of defense against hackers.
After the car has been in use long enough to establish its owner’s
pattern, anything that falls outside of that pattern will be flagged as
suspicious, alert the owner and require authentication, according to
software developer Dino Causevic’s “How Machine Learning Can
Enhance Cybersecurity for Autonomous Cars” on Toptal.com.
• Some hackers, though, have the expertise necessary to spoof (fake)
user credentials and bypass this first line of defense. To combat this,
machine learning can be used to analyze data from constantly
growing databases for anomalies. In addition, vehicle-to-vehicle
communication can be scanned to determine whether incoming data
is “normal driving behavior” or a malicious exploit.
• Baysian networks (BNs) also come into play where autonomous
machine cyber security is concerned. “BNs are probabilistic models of
causes and effects, graphically expressing causal relationships (i.e.,
conditional probabilities) between different variables,” according to
researcher Barry Sheehan et al.
• Baysian networks (BNs) also come into play where autonomous
machine cyber security is concerned. “BNs are probabilistic models of
causes and effects, graphically expressing causal relationships (i.e.,
conditional probabilities) between different variables,” according to
researcher Barry Sheehan et al.
define autonomous cybersecurity
• Autonomous cybersecurity is the automation of your cyber defense
capabilities and the ability to adapt and respond in real time.

• Autonomous cybersecurity is changing the way the government

protects and secures its crucial data. By leveraging artificial
intelligence and machine learning, agencies can respond to cyber
threats in real time and more efficiently than ever
Cyber Workforce
Benefits of using A.I
autonomous intelligent cyber-defense agents
(AICAs)
• AICAs will not prevent enemy malware from penetrating platforms’ systems. They
will be dedicated to fighting malware when it is already present within those
platforms.
• In fact, AICAs are a big leap into the future of the cyber defense of military systems.
• AICAs will have five functions, to be executed individually or collectively in swarms:
•  monitor a perimeter of a host system they are to defend,
•  detect signs of cyber-attacks,
•  devise plans of countermeasures,
•  execute tactically such plans, and
•  report about their doings to human operators.
• The enemy malware, its capabilities and tactics, techniques and
procedures will evolve rapidly. Therefore, AICAs will need to be
capable of autonomous learning
Twelve research and technology challenges
of ACyD
• Karamba Security raises another $10M for its IoT and automotive
security platform
• Karamba Security, an Israel-based security startup that focuses on the
IoT and automotive industry, today announced a $10 million
extension to its $12 million Series B round from 2017. This extension
was led by automotive startup VinFast, a member of Vietnam’s
Vingroup conglomerate, which itself is 
reportedly looking to raise $1 billion for VinFast.
Reinforcement learning for autonomous
cyber defense
• RL is founded on the idea that we learn by interacting with our
environment, which is a foundational idea underlying nearly all
theories of learning and intelligence [2]. Thus, an RL learner, or agent,
discovers on its own the optimal actions to achieve its goal based on
immediate reward signals from the environment. In fact, actions
taken in one state of the system may affect not only immediate
rewards, but also all subsequent rewards. Thus, trialand-error action
search and delayed reward are two of the most important
distinguishing features of RL [2].
• Beyond the agent and environment, an RL system features four main
elements: policy, reward function, value function, and optionally, a
model of the environment.

• The most common class of RL algorithms is based on Q-Learning