An interesting debate rears its head periodically in the aviation industry: ‘Why can’t aircraft controls be fully automated?’ Or, to put it more simply, ‘How about a world of commercial aeroplanes in which the plane flies itself without any pilots?’
The topic was under discussion at the recent Farnborough International Air Show outside London in the United Kingdom, a significant event in the international aerospace and defence industry calendar, which takes place every two years. Aerospace leader Boeing, which has built unmanned aerial vehicles for many decades, indicated at this year’s Farnborough show that it has plans for unmanned cargo craft which, it says, could be flying over urban areas in a matter of years rather than decades.
“It’s obviously a fascinating movement in tomorrow’s aerospace technology developments,” says Bryan Hamman, territory manager for sub-Saharan Africa at NETSCOUT Arbor, which specialises in advanced Distributed Denial of Service (DDoS) protection solutions, “and it reminds me of a conversation that NETSCOUT Arbor has begun within our cybersecurity realm. In other words, how do we combine the desire for automation with the spark of human kind?
“Whether we are talking about driverless cars or pilotless planes, automation is a debate that is taking place all around us. In South Africa, Mercedes recently presented an advert in which it put Christopher White, who survived a horror crash off Chapman’s Peak Drive in Cape Town some 30 years ago, back onto the same route in an automated Mercedes. This time, the car drove him! And this time, there was no human error, and no crash. And so, these examples from the worlds of flight and road transport inspire in me the question: What is the role of automation in cybersecurity?”
A white paper released by NETSCOUT Arbor discusses exactly this.
“Processes and production inevitably reach a point where automation becomes required to effectively and efficiently operate and scale. This evolution is out of necessity and a result of pressures related to factors such as volume, cost, time, and/or resource constraints. Manufacturing, supply chain, finance/ accounting, HR and IT are examples of areas that have gone through this evolution. Air flight and now the move towards autonomous cars are also examples that resonate with all of us,” notes the white paper in its opening.
The paper continues, “Over the last few years, cybersecurity has reached this breaking point as increasing volumes of alerts and resource constraints related to time, cost, and skilled security human capital are driving a requirement for automation in cybersecurity operations. Organisations are increasingly anticipating security automation to reduce the time needed to detect and respond to cyber threats. This move is becoming required to effectively and efficiently operate and scale security operation efforts. Like other business areas before it, cybersecurity operations are maturing and now increasingly being operationalised.”
“To bring this issue back to the idea of driverless cars and planes with no pilots,” adds Hamman, “NETSCOUT Arbor has also realised that automation should complement human activity and human thinking, not necessarily replace it in its entirety. In a world in which skilled cybersecurity experts are rare, automated security processing can add to the strength of the organisation’s defences. It doesn’t have to be an either/or when it comes to human expertise versus automation processes.”
To quote from the NETSCOUT Arbor white paper on this topic: “Think airplanes. While today a lot of the operational processes involved in flying (take-off, analysis of inflight conditions and landing, for instance) are automated, there continues to be a meaningful element of human interaction from pilots. Unless we are simply automating a mundane, repetitive, low-value process, the expertise and judgment of a skilled, human operator is required in many cases. Cybersecurity is no different, and the primary goal of security automation is to increase the effectiveness and efficiency of your scarce, skilled security human capital.”
It seems clear, then, that security automation is here to stay, and that it’s becoming a requirement for security organisations to be able to detect and respond to threats effectively and efficiently. Cyber pressures today involve issues such as the volume of attacks, as well as constraints that security employees face in terms of time, costs and resources. Security automation helps to alleviate these pressures.
“Sections of the aviation industry are forging ahead with plans to commercialise pilotless planes. Indeed, some experts will tell you that it’s easier to fully automate an aircraft than a car. At the same time, however, the average human psyche arguably wants to know that there is still a pilot in the cockpit – which is why we are seeing the development of freight movement in the skies before the persuasion of passengers. Tom Farrier, a retired US Air Force command pilot and also an aviation safety contractor for the US government, has noted that pilots are the ‘most flexible component’ of an aviation system overall, and that in general, human pilots are both ‘in charge of the operation and interested in staying alive.
“A prime example of this is the so-called ‘Miracle on the Hudson’ event of January 2009, when US Airways Flight 1549 struck a flock of geese shortly after take-off and consequently lost all engine power. Pilots Chesley Sullenberger and Jeffrey Skiles glided the plane and landed it safely on the Hudson River off midtown Manhattan, New York, with all 155 people being safely rescued soon after.
In other words, the combination of a modern automated aircraft and a gifted, experienced pilot represents a win-win situation for all. NETSCOUT Arbor believes we should apply the same principle to cybersecurity,” concludes Hamman.