SIMPLE Simulations (War Games)
Bear Systems is building on its next generation cybersecurity platform to provide a range of SIMPLE (Secure Integrated ML Platform Leveraging Expertise) solutions for the world’s most pressing needs. This blog entry is one of a series of introductions showing how Bear can provide a SIMPLE solution for specific vertical challenges.
One of the issues we come across again and again is the challenge of how to predict when something is going to go wrong. What happens when you add or update software? How will this new devices interact with other devices? What new attacks, malfunctions, drunk college kids, will interfere with our operations and how do we prevent those?
The answer, of course, is to simulate that environment and then expose it to whatever challenge is of concern. And yet current options consist mainly of building a physical duplicate and running your test. This is not such a big deal when you are mimicking a bunch of Raspberry PIs but a much bigger deal when looking at, for example, an F-35. In fact, one of my best stories about the impact of this type of testing came from a conversation about adding cybersecurity to a plane:
Me: “Our cost to you in nominal and will save you compared to what you use now”
Airplane Dude: “Sure, let’s take your cost and add in the required simulation (he called in regression) testing cost”
Me: “How much is that”
Airplane Dude: “$50M”
Me: Walking away defeated…
Recent efforts have moved towards Digital Twins which are focused on virtualizing a physical object – typically a building – and then using that simulation to run tests. While this is a great step forward, there are a number of significant challenges. The main challenges is the data being used to keep the digital twin matched up to the building. As of now, that is operational data, typically sensitive, and often massive in terms of size. Moreover, much of that data is just not needed but there is no real way to separate what is required from what is not. Finally, while struggling to get digital twins to work, nobody has yet to really use these twins to their full extent. The reality is that the current approaches are using physical equipment to properly simulate a building and causing those devices issues can ruin the twin.
SIMPLE Simulations, also called War Games, is focused on overcoming these issues through a new Live Mirroring capability. Live Mirroring relies on Domain Expert Data Collection Profiles that transform each device in a system into a statistical profile. The stats across devices are unified in order to enable direct comparisons and interactions without worrying about vendor differences.
These profiles produce Standard Device Profiles that represent a fraction of the size of the actual data that runs in a device. This same approach also produces Communication Profiles that leverage statistics to transform operational data into benign stats. These profiles are then used to recreate an environment in a truly virtual environment. To ensure that the virtual twin is correct, SIMPLE Simulations relies on Device Expert Profiles to ensure that each device is re-created as expected. Synching between real and virtualized environments occurs only through statistical deltas which massively decreases data flow and eliminates security concerns.
Once the Live Mirrored Virtualized Twin is created, SIMPLE Simulations then leverages two distinct Deep Learning Systems (DLS). Deep Learning Systems are comprised of machine learning algorithms and AI systems that interact to perform complex tasks over time. In this case, one DLS, the Adversary, is focused on introducing a range of adverse conditions into a virtualized system. Over time, this DLS learns how to create novel conditions based on the success and failure of its prior efforts. The intent is to produce sophisticated adverse conditions beyond anything humans can predict on their own.
The other, Guardian, DLS system is focused on finding solutions to adverse conditions with as little operational impact as possible. This DLS is constantly loaded with new Domain Expert resolution tools and then takes those tools and its ongoing learning to create better responses to any adverse conditions.
SIMPLE Simulations then iterates through millions or use cases in a continuous manner with each case involving the Adversary DLS attacking the virtualized system and the Guardian DLS overcoming those adverse conditions. When a given use case has been completed, the virtualized environment is returned to the Live Mirrored state and then next iteration starts. Depending on resources, these simulations can occur in parallel for even faster learning.
There is obviously more, much more, to our SIMPLE Simulations solution and, if you are interested, please contact us to learn more!