Health IT Infrastructure Requirements for AI Cybersecurity

March 08, 2018 - Artificial intelligence (AI) and machine learning are becoming more popular as healthcare organizations realize the potential applications in AI for providing better insight into data and improving patient care. AI can also be used to help organization defend against cyberattacks by predicting vulnerabilities as health IT infrastructure tools evolve.

However, healthcare organizations need to examine their health IT infrastructure to see how AI and machine learning will operate and fit into their IT ecosystem. Entities should also make sure they understand how AI can be used for threat intelligence.

Healthcare organizations are typically not in the cybersecurity line of business and instead embody what’s called “lean IT,” according to IEEE Member and Integral Partners Director of Information Security Services Kayne McGladrey.

“There are too few defenders to collect, process, and analyze the overwhelming amount of available data to produce threat intelligence,” McGladrey told “The promise of machine learning is to allow computers to do what they do well, in automating the collection and processing of indicators of compromise, and analyzing those data against both known and emerging threats.”

“This allows the human defenders to do what they well, which is to apply intuition and experience on the highest-priority potential threats.”

AI cybersecurity tools can help AI provide informed, real-time recommendations for cyberattacks, even if an entity has not experienced a similar cyberattack in the past.

“At a high level, AI cybersecurity solutions either have automated remediation capabilities or do not,” McGladrey explained. “All commercially viable AI has a degree of environmental inspection to identify potential threats and risks across both proprietary sensor instrumentation and existing data sources, such as a security information and event management (SIEM).”

“Most AI systems have the concept of assigning a score based on observed behavior, such as a printer making outbound connections on the network, or a user opening numerous file shares outside of typical working hours,” he continued. “If these activities are outside of the normal standard of behavior for both the user and device and their larger peer group, the AI can flag the activities for further investigation by the Security Operations Center (SOC).”

McGladrey noted that this method is only effective if an SOC member is available at the time of the attack. Some AI systems have automated redemption options once a user or device reaches a certain threshold of behavior.

“For example, the device could be quarantined on a separate network with no outbound internet connectivity, or the user’s account could be locked,” McGladrey explained. “While these options sound promising in preventing a black swan event, it also poses the risk of preventing legitimate behavior by systems administrators doing their jobs in the middle of the night.”

IT administrators coexisting with AI will be on a learning curve for the next several years. The machine and the human overseeing it need to learn each other’s behaviors to prevent error.

Healthcare AI can’t just be added onto existing IT infrastructure. Organizations need to examine their current infrastructure and determine how to best approach implementation.

“Any organization considering the deployment of AI or ML should first define their goals in deploying these advanced technologies,” McGladrey advised. “These goals will help decide the level of preparation required as not all systems need integration with existing organizational assets.”

“Some AI solutions are best described as a black box that sits between the core routers and switches of the organization’s network and will inspect all passing traffic, he continued. “Other solutions deploy instrumentation on or between hosts, and may incorporate existing data such as a SIEM, privileged access management solution, or advanced firewall logs.”

To implement AI, organizations need to consider how their current IT security infrastructure will handle the addition of AI. Once the implementation is planned properly, organizations can use AI to help protect their network.

“If the goals are to protect devices, then the preparations will be in deciding how to best deploy the AI solution at the physical network layer,” McGladrey concluded. “On the other hand, if the goal is to protect user identities regardless of device, the organization will need to plan for how to integrate the AI with the existing Identity and access management (IAM) solution.”

The Future is Now: Podcast