Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates

Black Hat Europe Speaker Q&A: SoarTech’s Fernando Maymi on ‘Synthetic Humans’

Ahead of his Black Hat Europe appearance, SoarTech's Fernando Maymi explains how and why synthetic humans are critical to the future of cybersecurity.

Soar Technology lead scientist Fernando Maymi is one of many cybersecurity luminaries who will be in attendance at Black Hat Europe in London next month. While he’s there he’ll be co-presenting (alongside Soar’s Alex Nickels) a 50-minute Briefing on “How to Build Synthetic Persons in Cyberspace” which promises to be packed with intriguing ideas. Notably, Soar has developed Cyberspace Cognitive (CyCog) agents that can behave like attackers, defenders or users in a network. While many organizations have developed technologies and techniques for replicating enterprise-scale networks, realistically populating those networks with synthetic agents that behave like real people is a thorny challenge -- one Maymi thinks Soar has solved.

We caught up with Maymi via email to get a better sense of what Black Hat Europe attendees can expect from this Briefing and to learn more about his own exciting experiences in cybersecurity.

Hey Fernando! Tell us a bit about yourself and your cybersecurity work.

Fernando Maymi: I work at a company in Michigan called Soar Technology, or SoarTech for short. We specialize in researching and developing artificial intelligence (AI) solutions to hard problems in training, unmanned platforms and cyberspace operations. I joined the company two years ago after retiring from the U.S. Army, where I taught cybersecurity at West Point, ran research projects at the Cyber Research Center and led the stand-up of the Army Cyber Institute, which is the Army’s think tank for cyberspace issues.

Through all of this, I’ve learned that if we only surround ourselves with like-minded people we assume huge risks, but if we connect with diverse folks and share information we stand a much better chance. I just got back from Tokyo, where I was running a multi-sector cyber exercise helping prepare for the 2020 Olympics. It was awesome to watch folks from the power and manufacturing and other sectors come together to solve a really challenging scenario. Helping each other out really works!

Without spoiling too much, what are you going to be speaking about at Black Hat Europe this year?

Fernando: My colleague Alex Nickels and I have been involved in three projects aimed at researching and developing different kinds of synthetic autonomous actors for cyberspace. The first one was an autonomous penetration tester for the U.S. Navy. Then we were asked to build a defender against whom human penetration testers could be trained. Finally, DARPA asked us to build high-fidelity models of human users in order to test for vulnerabilities in user behaviors.

We had a head start, because our expertise is in modeling the cognition of expert humans as opposed to building autonomy from the ground up. Along the way, we found a lot of common issues and some really hard challenges. We also realized that autonomous agents will soon become common in cyberspace and that we need to come together as a community to address the security implications of this change—both positive and negative.

Why is this important, and what do you hope Black Hat attendees will learn from it?

Fernando: We are, at best, barely holding the line when it comes to defending our information systems against human adversaries. Once autonomous agents become effective attackers, we will absolutely need some cyber robots on the defensive side as well just to keep up. Even if you don’t buy into the idea that synthetic hackers are coming (and they are), we could really use some breakthroughs in developing autonomous cyber defenders to improve our security posture.

Despite all the hype, artificial intelligence (AI) is still not there yet when it comes to providing this capability. In our talk, we will provide a gentle introduction to AI, describe the state of the art and then show how we have developed some innovative approaches to defending and testing our networks. We also point out where we’ve fallen flat on our faces, talk about why, and provide some thoughts on how we can work together as a community to address some of these shortfalls.

What have you learned about human behavior in the course of trying to emulate it in your family of CyCog agents?

One of the coolest things we did was to gradually change the nature of email messages until we duped a synthetic user into clicking a link that they would not have clicked right off the bat. These agents learn and have biases much like us, so they can fall in the same traps as we do. Another lesson learned was how slow we humans are compared to computers. In order to maintain the appearance of being human, we need to slow our agents down a few orders of magnitude. Most importantly, it is not all that difficult to simulate about 80% of typical human behavior in cyberspace. The other 20%, however, is really really hard, and boils down to the fact that AI systems really just lack plain common sense.

What are you hoping to get out of Black Hat Europe this year?

Fernando: Our biggest hope is to stimulate some thinking, exchange ideas, and maybe meet some people with whom we could collaborate as we tackle the challenges ahead. I think many of us are at risk of buying into the hype about AI and may not realize its limitations and all the challenges that remain ahead of us. For example, behavioral models of the sort that can drive helpful synthetic cyberspace actors are in their infancy. We could really use a community approach to building this knowledge base so that synthetic cybersecurity agents can team with and enhance the performance of us humans. After all, we are in the business of building systems that model human expertise and, since that expertise has to come from somewhere, the more experts the better.

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-01-24
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.
PUBLISHED: 2022-01-24
Cross-site Scripting (XSS) - DOM in GitHub repository mrdoob/three.js prior to 0.137.0.
PUBLISHED: 2022-01-24
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
PUBLISHED: 2022-01-24
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.
PUBLISHED: 2022-01-24
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.