You are on page 1of 3


JOHN TROBOUGH, PRESIDENT, NARUS, INC. FEBRUARY 2013 The term Cyber 3.0 has been used mostly in reference to the strategy described by U.S. Deputy Defense Secretary William Lynn at an RSA conference. In his Cyber 3.0 strategy, Lynn stresses a five-part plan as a comprehensive approach to protect critical assets. The plan involves equipping military networks with active defenses, ensuring civilian networks are adequately protected, and marshaling the nations technological and human resources to maintain its status in cyberspace1. Cyber 3.0 technologies will be the key to enable such protection, and is achieved when the semantic Webs automated, continuous machine learning is applied to cybersecurity and surveillance. Cyber 3.0 will be the foundation for a future in which machines drive decision-making. But Cyber 3.0s ability to deliver greater visibility, control and context has far-reaching implications in our current, hyper-connected environment, where massive amounts of information move easily and quickly across people, locations, time, devices and networks. It is a world where human intervention and intelligence alone simply cant sift through and analyze information fast enough. Indeed, arming cybersecurity organizations with the incisive intelligence afforded by this machine learning means cybersecurity incidents are identified and security policies are enforced before critical assets are compromised.


In order to stress the full weight of the meaning of Cyber 3.0, it is important to first put the state of our networked world into perspective. We can start by stating categorically that the Internet is changing: Access, content, and application creation and consumption are growing exponentially. From narrowband to broadband, from kilobits to gigabits, from talking people to talking things, our networked world is changing forever. Today, the Internet is hyper-connecting people who are now enjoying super-fast connectivity anywhere, anytime and via any device. They are always on and always on the move, roaming seamlessly from network to network. Mobile platforms and applications only extend this behavior. As people use a growing collection of devices to stay connected (i.e., laptops, tablets, smartphones, televisions), they change the way they work and collaborate, the way they socialize, the way they communicate, and the way they conduct business. Add to this the sheer enormity of digital information and devices that now connect us: Cisco estimates that by 2015, the amount of data crossing the Internet every five minutes will be equivalent to the total size of all movies ever made, and that annual Internet traffic will reach a zettabyte roughly 200 times the total size of all words ever spoken by humans2. On a similar note, the number of connected devices will explode in the next few years, reaching an astonishing 50 billion by 20203. By this time, connected devices could even outnumber connected people by a ratio of 6-to-14. This interconnectedness indeed presents a level of productivity and convenience never before seen, but it also tempts fate: The variety and number of endpoints so difficult to manage and secure invite cyber breaches, and their hyper-connectivity guarantees the spread of cyber incidents as well as a safe hiding place for malicious machines and individuals engaged in illegal, dangerous or otherwise unsavory activities.

Cyber is nonetheless integral to our everyday lives. Anything we do in the cyber world can be effortlessly shifted across people, locations, devices and time. While on one hand, cyber is positioned to dramatically facilitate the process of knowledge discovery and sharing among people (increasing performance and productivity and enabling faster interaction), on the other, companies of all sizes must now secure terabytes and petabytes of data. That data enters and leaves enterprises at unprecedented rates, and is often stored and accessed from a range of locations, such as from smartphones and tablets, virtual servers, or the cloud. On top of all this, all the aforementioned endpoints have their own security needs, and the cybersecurity challenge today lies in how to control, manage and secure large volumes of data in increasingly vulnerable and open environments. Specifically, cybersecurity organizations need answers to how they can: Ensure visibility by keeping pace with the unprecedented and unpredictable progression of new applications running in their networks Retain control by staying ahead of the bad guys (for a change), who breach cybersecurity perimeters to steal invaluable corporate information or harm critical assets Position themselves to better define and enforce security policies across every aspect of their network (elements, content and users) to ensure they are aligned with their mission and gain situational awareness Understand context and slash the investigation time and time-to-resolution of a security problem or cyber incident Unfortunately, cybersecurity organizations are impeded from realizing any of these. This is because their current solutions require human intervention to manually correlate growing, disparate data and identify and manage all cyber threats. And human beings just dont scale.


Indeed, given the great velocity, volume and variety of data generated now, the cyber technologies that rely on manual processes and human intervention which worked well in the past no longer suffice to address cybersecurity organizations current and future pain points, which correlate directly with the aforementioned confluence of hyper-connectivity, mobility and big data. Rather, next-generation cyber technology that can deliver visibility, control and context despite this confluence is the only answer. This technology is achieved by applying machine learning to cybersecurity and surveillance, and is called Cyber 3.0. In using Cyber 3.0, human intervention is largely removed from the operational lifecycle, and processes, including decision-making, are tackled by automation: Data is automatically captured, contextualized and fused at an atomic granularity by smart machines, which then automatically connect devices to information (extracted from data) and information to people, and then execute end-to-end operational workflows. Workflows are executed faster than ever, and results are more accurate than ever. More and more facts are presented to analysts, who will be called on only to make a final decision, rather than to sift through massive piles of data in search of hidden or counter-intuitive answers. And analysts are relieved from taking part in very lengthy investigation processes to understand the after-the-fact root cause.

In the future, semantic analysis and sentiment analysis will be implanted into high-powered machines to: Dissect and analyze data across disparate networks Extract information across distinct dimensions within those networks Fuse knowledge and provide contextualized and definite answers Continuously learn the dynamics of the data to ensure that analytics and data models are promptly refined in an automated fashion Compound previously captured information with new information to dynamically enrich models with discovered knowledge Ultimately, cybersecurity organizations are able to better control their networks via situational awareness gained through a complete understanding of network activity and user behavior. This level of understanding is achieved by integrating data from three different planes: the network plane, the semantic plane and the user plane. The network plane mines traditional network elements like applications and protocols; the semantic plane extracts the content and relationships; and the user plane establishes information about the users. By applying machine learning and analytics to the dimensions extracted across these three planes, cybersecurity organizations have the visibility, context and control required to fulfill their missions and business objectives. Visibility: Full situational awareness across hosts, services, applications, protocols and ports, traffic, content, relationships, and users to determine baselines and detect anomalies Control: Alignment of networks, content and users with enterprise goals, ensuring information security and intellectual property protection Context: Identification of relationships and connectivity among network elements, content and end users

Clearly, these three attributes are essential to keeping critical assets safe from cybersecurity incidents or breaches in security policy. However, achieving them in the face of constantly changing data that is spread across countless sources, networks and applications is no small task and definitely out of reach for any principles or practices that rely even partly on human interference. Moreover, without visibility, control and context, one can never be sure what type of action to take. Cyber 3.0 is not a mythical direction of what could happen. Its the reality we will face as the Web grows, as new technologies are put into practice, and as access to more and more devices continues to grow. The future is obvious. The question is: How will we respond? By virtue of machine-to-machine learning capabilities, Cyber 3.0 is the only approach that can rise to these challenges and deliver the incisive intelligence required to protect our critical assets and communities now and into the future.
John Trobough is president of Narus, Inc., a subsidiary of The Boeing Company (NYSE: BA). Based in Silicon Valley, Narus is a longtime cybersecurity innovator and industry pioneer, with patents awarded and pending for its work in cyber.

DoD Talks Up Plans to Deploy Cybercommandos, Tech News World, February 11, 2011 < DoD-Talks-Up-Plans-to-Deploy-Cybercommandos-71872.html>.
1 2 The Zettabyte Era, May 30, 2012, Cisco <

US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/ VNI_Hyperconnectivity_WP.html>.
3 The Internet of Things, Cisco <

4 The State of Broadband 2012: Achieving Digital Inclusion for All,

International Telecommunications Union, September 2012 <http:// pdf#page=1&zoom=auto,0,842>.