SoS Musings #21
VR and AR Adventures in Cybersecurity
Virtual reality (VR) and augmented reality (AR) have the potential to improve cybersecurity operations and training. Virtual reality is described as a computer-generated three-dimensional environment in which a person can explore and interact with objects. Augmented reality differs from virtual reality in that users interact with computer-generated content in the real-world environment. Virtual reality can be achieved through the use of devices such as headsets, while augmented reality can be achieved through the use of mobile devices such as smartphones. Although these technologies are widely-known for their use in gaming, they can also be used for the enhancement of education, training, and operations. As the VR and AR market is expected to reach $108 billion by 2021, such technologies are expected to be utilized more in different areas other than gaming. Cybersecurity is one area that could benefit greatly from the use of VR and AR technologies in relation to security operations and enticing the younger generation to the field.
VR and AR can be utilized to improve upon operations in cybersecurity. The performance of security operation centers (SOCs) within organizations can be enhanced through the use of VR and AR. SOCs are facilities in which security specialists monitor, detect, investigate, prevent, and respond to cybersecurity problems faced by organizations. Challenges associated with the traditional SOC model stem from its requirement of a central geographic site. As a traditional SOC is usually tied to a physical infrastructure and geographic location, organizations make significant investments in the hardware, configuration, and maintenance of these centers. The essential components used within SOCs are digital displays and advanced servers, which help security teams monitor and collect data by means of information and event management (SIEM) software. In an article entitled "The Emergence of Virtual Reality and Augmented Reality in the Security Operations Center", Maria Hyland and Jason Flood, Security Program Director and CTO of Security Gamification and Modeling at IBM, highlight the potential benefits of employing VR and AR in a SOC. The benefits of using VR in a SOC include, but are not limited to, mobility, scalability, the reduction of maintenance costs, increased awareness surrounding an organization's security posture, lower complexity, along with the ability to monitor and examine more endpoints in addition to visualizing potential cyber threats and vulnerabilities instantaneously. Illusive Networks harness the capabilities of VR and AR to deceive, detect, and get rid of attackers through the creation of false versions of company networks. The cybersecurity team at IBM Ireland developed a prototype VR solution, which merges with the IBM QRadar SIEM product and allows cybersecurity professionals to be immersed in a virtual 3D galaxy consisting of planets, stars, comets, and more, representing different nodes of a network or service that needs to be monitored. In this environment, visual cues such as solar flares and supernova bring the operator's attention to cybersecurity activities that may be malicious. A Colorado-based security company, ProtectWise, has developed a product, called Immersive Grid, that could allow cybersecurity professionals to monitor and patrol computer networks in a VR environment for unusual activity and security threats. As the use of AR in a SOC can allow operators to lay digital contexts and views on top of presented security data to an operator's real-world vision, activities among security operators such as forecasting, decision-making, and investigating can be enhanced. The NSA has been working on developing an AR system that could help security professionals increase the efficiency of their tasks. Professionals could use AR devices similar to that of the Google Glass, which are able to quickly present security information to them.
Organizations can use VR and AR technologies to attract, educate, and increase the recruitment of people into the cybersecurity workforce. The talent gap in the cybersecurity industry continues to be a major problem as the cybersecurity workforce gap is expected to reach 1.8 million by 2022. The results of a study conducted by ESG for ProtectWise in which 524 U.S. residents ranging from ages 16 to 24 were surveyed indicate, that the use of VR and AR tools in cybersecurity operations would entice more people into pursuing careers in the cybersecurity field. Participants of the survey expressed that they have been deterred from pursuing cybersecurity careers due to feelings of inadequacy in technical skill and the lack of exposure to cybersecurity on account of the unavailability of cybersecurity courses in their schools. According to findings of the survey, millennials and post-millennials would be more likely to consider careers in cybersecurity if VR and AR tools were present in cybersecurity operations as such tools have been said to decrease complexity as well as increase efficiency and enjoyment. Most millennials and post-millennials have a positive attitude towards VR and AR technologies since they have great exposure to such technologies through online and video games. In addition to increased awareness surrounding gaming principles, skills in relation to spatial reasoning and teamwork have also been developed through the use of VR and AR technologies in gaming.
Although there are benefits to using VR and AR technologies in relation to the enhancement of cybersecurity operations and recruitment, there are risks associated with these technologies that must be considered before being implemented. Since such technologies continue to advance, they are expected to introduce new privacy and security threats. VR and AR headsets have the ability to gather information about users' physical behavior such as eye and head movements, along with reactions to presented visual content in addition to other personal information, which presents new privacy risks. VR and AR technologies also give attackers a additional paths to manipulating users. Companies and malicious actors can use data collected by VR and AR technologies to get a better idea of how users interact with content in order to enhance targeted advertising and ad engagement. Through the use of data from VR and AR technologies, companies and malicious actors can adjust advertisements based on the colors and locations on a screen that draw the most attention. In the realm of cybersecurity, security teams must be aware of the possibility of hackers compromising VR and AR displays to alter what users see and provide fake information, leading to failures in security operations and preventing the detection and analysis of attacks. VR displays could also be manipulated by hackers in ways that could induce physical discomfort to users such as dizziness or nausea. VR and AR technologies may also be faced with ransomware attacks as threats may emerge to publicly release recorded behavior and interactions unless ransoms are paid. The fast pace at which VR and AR environments are updated may also diminish the quality of security checks and testing, leaving vulnerabilities undiscovered. These risks must be considered in the development and implementation of such technologies.
VR and AR can be used as tools that could significantly improve upon cybersecurity operations and address the cybersecurity talent gap. However, there must be continued research and advancements surrounding the security and privacy of such technologies as they are increasingly considered for use in domains other gaming, especially in cybersecurity.