In the last six months, there has been a tenfold rise in cyber threats detected by BT. Fortunately however, from its cybersecurity research base in Ipswich, BT is getting better at detecting them too - by redrawing the battle lines and opening up new virtual frontiers.

East Anglian Daily Times: BT Network Operations Centre, Adastral ParkBT Network Operations Centre, Adastral Park (Image: Archant)

It may look from a distance like a grim, brutalist piece of architecture harking back to the cold war, rather than the current online war against cybercrime, but BT’s base at Adastral Park has always been at the forefront of ground-breaking internet research. It was, for example, central to the development of fibre optic cables - the knitting on which the world’s internet runs.

Although BT recently announced it would cut 13,000 jobs over the next three years, cybersecurity is a global arms race that shows no signs of letting up, and is one side of the business that’s constantly growing.

Somewhat disturbingly, BT is now witnessing 125,000 attacks on its network each month, although a lot of these are automated.

“The hackers are continually probing the organisation and trying to find weaknesses in the services we’re operating,” explained BT’s head of cyber discovery and analytics, Joel Snape.

East Anglian Daily Times: BT radio tower, Adastral ParkBT radio tower, Adastral Park (Image: Archant)

To stay ahead of the game, BT employs its own hackers - ‘ethical’ hackers, that is - whose job it is to actively try to hack into its own networks and target weaknesses. “It’s the best way of finding out the holes in the network,” says Mr Snape.

BT is also currently trialling a virtual cybersecurity operations centre at Adastral Park from where cybersleuth teams can strap on VR headsets and collaborate together in a virtual ‘universe’ with any of BT’s 16 different security operations centres around the world - from Japan to Texas - on the same screens.

As head of Security Futures Practice at BT, Ben Azvine is leading this research into new ways to fight the mounting global cyberattacks. He explains: “It’s not possible to get all the experts into one room physically, so we want to do it virtually, to reduce the time it takes to actually find the attacks.

“It’s hard because in a virtual environment, you’ve got all sorts of issues like resolution and dizziness of the analysts. But we are working vigorously on those issues.”

Mr Azvine shows me a Youtube video from Holland of a hacker sitting in traffic, proudly hacking into the traffic signals and changing the speed limit. “I like this video because it’s funny, but it also shows how vulnerable certain aspects of our critical infrastructure are,” he says. “We are now seeing people hacking into smart cars and starting the windscreen wipers. So the question for me is, why are these things happening so often, and how do we prepare ourselves in the future?”

I reply that surely the answer is to not make everything quite so connected.

“No, because that would stop a huge amount of GDP for companies and countries in the future,” Mr Azvine responds. “I think the opportunity we can gain from the Internet of Things (IoT) is clearly much bigger than the threat.

“We’ve tried to raise awareness and build the IoT in a secure way, rather than build it first and then add security later, which is what we did with the old IT system. So we already have a lot of advantage, we already know encryption and asset management are key. We have to make the technology safe for us to be able to take advantage of it in the future.”

Mr Azvine claims that people tend to think of a cybersecurity system as being like a coconut, with valuables inside and the hard shell around it protecting them.

“Every time there is a security incident, you make that shell thicker and thicker,” he says. “The problem is that that shell has a lot of holes in it because the bad guys are drilling all the time, and new technology comes along and creates another hole.

“Or they are already inside, and you just haven’t found them yet.”

Mr Azvine believes that a better analogy for modern cybersecurity is the humble avocado.

“You’ve got some really valuable assets at the centre (the seed) and you’re trying to protect those assets. But you have to understand that you can’t protect everything at the same level, because you’d run out of money. This is called a risk-based approach to security. Most companies spend 90% of their cybersecurity budget on protecting those critical assets. You understand that you can’t prevent all of the attacks on the other 10% of assets, and this is where the human skill comes in.”

Mr Azvine claims BT is “very good” at defending critical assets.

But protecting the outer layer of security relies on “skills of the future” which are not traditionally associated with cybersecurity. “We need to think of our analysts as being like ‘Ironman’, using automation and AI to create superhumans,” he explains.

“We are giving them tools to make them much quicker, to reduce the amount of workload so one person can do 100 people’s jobs. We’re trying to create simple intuitive interfaces where analysts spend time on what they’re good at, which is spotting cyberattacks, rather than writing scripts and connecting systems.

“We’re not doing that to reduce the number of people. But because the bad guys are getting very good at it, we want to give our analysts an advantage.”

While the real world is more 50 shades of grey than black and white/good versus evil, in the virtual cyber world that BT’s security analysts work in, everything is visualised through the technology as ‘good’ (green) or ‘bad’ (red).

“When you try to get systems to work with humans, visualisation is a very good way of encouraging that,” Mr Azvine explains. “So we built a number of tools in my team that are trying to make the interaction between people and back-end AI systems very simple and interactive, almost like a game interface.

“When we are looking at which computers in the world are sending malware into our network and where that malware is aimed at, we look at the IP addresses of the machines and at patterns that are unusual. The analyst is interactive, not just watching, but giving feedback to the system. We call it cyber-hunting.”

Stopping an attack is one thing, but attributing that attack to a certain criminal element is something entirely different, and BT doesn’t get involved in that aspect of the process unless it’s asked to by law enforcement agencies.

“I don’t have arrest information. But I can tell you we can stop attacks in a fraction of the time it used to take,” says Mr Azvine. “Solving the attacks is very simple when you find them – the problem is that you can’t find them. You’ve got billions of connections every day. That’s the defence that the bad guys have.”

Another area that BT’s researchers are working on, deep into its network, called ‘Nexus’, evokes the film Minority Report in which Tom Cruise utilizes a psychic technology to arrest and convict murderers before they commit their crime. The idea in the movie is you bring data from lots of different sources, combine them, and make a determination of whether there is an attack looming or not.

“The problem with that system is it’s completely driven by Tom Cruise, who is dragging stuff in,” Mr Azvine explains. “Our system is going much deeper into our network and is trying to find anomalies much earlier, it’s monitoring the traffic in our network and trying to say ‘this thing is odd, I’ve never seen it before.”

As advanced as the AI technology now is to be able to complete such tasks, Mr Azvine doesn’t believe that it will replace the role of his ‘superhuman’ cyber analysts - at least for now.

“AI systems today aren’t good enough with certainty to do that – some people say they are, but our tests show they’re not. They make mistakes. When you’re dealing with Siri and it makes a mistake, you think ‘that’s rubbish’, but it probably doesn’t cause a major issue. When it comes to the security of your network, you don’t want an AI system that routinely makes one in 1000 mistakes, because there’s so much more at stake.”

Principal researcher Jonathan Roscoe and his team at BT Applied Research are, among other things, using BT’s AI technology to monitor the bitcoin transactions which are available on the internet after a ransomware attack. “It’s about using AI to find suspicious activities in a number of wallets, and then we use that with the law enforcement agencies to link it to individuals who are behind these attacks,” he explains.

Mr Roscoe is a gamer, and was recruited because of his skills in that area. “We are moving into other exciting ideas like augmented reality, and holographic environments too,” says Mr Azvine. “This is not what people associate with security, but these are the kinds of areas people need to be good at in the future and we are very excited about this.”

When the Wannacry ransomware attack hit in May 2017, it infected more than 200,000 computers across 150 countries and caused untold billions of pounds worth of damage.

So what lies in store for the future - and should we be scared?

Mr Azvine admits he is worried, But then in his position, it would be worrying if he wasn’t. “There is no such thing as perfect security, but all we can do is keep innovating and monitoring what’s going on,” he says. “I’m going to put my neck on the line and say no, I don’t think we’ll have another Wannacry in the next six months.

“When you analyse those kinds of attacks, if you learn the lessons, you can stop them. I live in hope that we can stop those kinds of attacks – I have to.”

As for Brexit, BT’s cyber-team in Suffolk is internationally diverse, and being able to recruit the right people from anywhere in the world is of paramount concern.

“Sharing information is one of the most important aspects of protecting yourself, so I very much hope whatever happens with Brexit, we continue to share information,” says Mr Azvine. “Otherwise, that’s one way criminals will succeed – they can then launch an attack here and then another elsewhere. Cyber attacks don’t know global boundaries.”

Mr Azvine believes that cybersecurity has moved to become a “board level issue” in many companies now, but some sectors are much more engaged in it than others.

“I’ve been active in speaking to people in the manufacturing sector and saying that if you don’t put cybersecurity into your strategy, you could be next,” he says. “We want to raise awareness, and I believe that we are.”

Mr Azvine regularly gives presentations to BT’s corporate customers, and says he used to always be last on the agenda to speak at such events. These days, he is first. “That tells you something - people are now asking for cybersecurity. We see a change in mindset.”