ABN AMRO to use self-healing software for cybersecurity
ABN AMRO will be the first organisation to use PCSI's 'self-healing security' software in the fight against cyberattacks. This software is capable of autonomously adapting to factors that could disrupt computer systems. The development draws a special parallel with the functioning of the human immune system that has not been applied to companies before.
Last year, the PCSI worked with experts from various partners, including immunologists, to create and test the software. “Basically, we started from the way cells in the human body fight viruses and bacteria and renew themselves. We translated that into a concept for ICT security. Large organisations such as banks have problems with cyber attackers who keep coming up with something new. This software offers them protection by limiting the options of attackers,” says Bart Gijsen, project leader of the Self-Healing Security project at TNO. The software will soon be made publicly available so that everyone can use and modulate it.
A fundamental difference between ICT systems and the human immune system is the principle of 'disposability'. Once in a while the body replaces its own biological cells. This ensures, among other things, that cells that have been infected unnoticed can only exert a harmful influence in the body for a limited time. In addition, the immune system uses this replacement process to kill cells it suspects are infected, so that they are replaced by 'clean' cells. Thus, if the immune system detects an infection, the cell renewal process is accelerated. This biological property fits well with today's cyber problems. The main problem with cybersecurity is reactivity. A cyberattack often cannot be predicted or detected in time, so companies are usually one step too late to respond. The damage has already been done. In order to anticipate this, the self-healing security software seems highly promising, says Martijn Dekker, Chief Information Security Officer at ABN AMRO: “We are constantly researching and trying out new technologies to see what security value they can bring in the future. It's a good way to learn from life sciences, and implement this knowledge in our IT systems.”
The disposability principle thus offers two improvements for cybersecurity: it provides protection against undetected infection attacks and it automatically intensifies that protection in the event of a suspected infection. These are two cybersecurity tactics that have so far proved very difficult to implement.
Regular renewal and decentralised control
The challenge was to build a system that is decentralised, repairs itself and also recognises the moment to do so. Renewal is based on existing ICT technology: Kubernetes. A system that provides the facilities to manage the computer infrastructure. It already contains the possibility of rebooting and renewing, but in this software, a functionality has been added so that containers, a kind of virtual computer server, renew themselves at adjustable intervals. This renewal ensures that there are more moments at which cyberattacks can be intercepted. In addition, the software includes anomaly detection so that containers with abnormal behaviour are terminated immediately without having to pass through a central system. This allows for much faster and more local intervention if something goes wrong.