healthcarereimagined

Three key ways artificial intelligence is changing what it means to compute.

by Will Douglas Heaven

October 22, 2021

Fall 2021: the season of pumpkins, pecan pies, and peachy new phones. Every year, right on cue, Apple, Samsung, Google, and others drop their latest releases. These fixtures in the consumer tech calendar no longer inspire the surprise and wonder of those heady early days. But behind all the marketing glitz, there’s something remarkable going on. 

Google’s latest offering, the Pixel 6, is the first phone to have a separate chip dedicated to AI that sits alongside its standard processor. And the chip that runs the iPhone has for the last couple of years contained what Apple calls a “neural engine,” also dedicated to AI. Both chips are better suited to the types of computations involved in training and running machine-learning models on our devices, such as the AI that powers your camera. Almost without our noticing, AI has become part of our day-to-day lives. And it’s changing how we think about computing.

What does that mean? Well, computers haven’t changed much in 40 or 50 years. They’re smaller and faster, but they’re still boxes with processors that run instructions from humans. AI changes that on at least three fronts: how computers are made, how they’re programmed, and how they’re used. Ultimately, it will change what they are for. 

“The core of computing is changing from number-crunching to decision-making,” says Pradeep Dubey, director of the parallel computing lab at Intel. Or, as MIT CSAIL director Daniela Rus puts it, AI is freeing computers from their boxes. 

More haste, less speed

The first change concerns how computers—and the chips that control them—are made. Traditional computing gains came as machines got faster at carrying out one calculation after another. For decades the world benefited from chip speed-ups that came with metronomic regularity as chipmakers kept up with Moore’s Law. 

But the deep-learning models that make current AI applications work require a different approach: they need vast numbers of less precise calculations to be carried out all at the same time. That means a new type of chip is required: one that can move data around as quickly as possible, making sure it’s available when and where it’s needed. When deep learning exploded onto the scene a decade or so ago, there were already specialty computer chips available that were pretty good at this: graphics processing units, or GPUs, which were designed to display an entire screenful of pixels dozens of times a second. 

Anything can become a computer. Indeed, most household objects, from toothbrushes to light switches to doorbells, already come in a smart version.

Now chipmakers like Intel and Arm and Nvidia, which supplied many of the first GPUs, are pivoting to make hardware tailored specifically for AI. Google and Facebook are also forcing their way into this industry for the first time, in a race to find an AI edge through hardware. 

For example, the chip inside the Pixel 6 is a new mobile version of Google’s tensor processing unit, or TPU. Unlike traditional chips, which are geared toward ultrafast, precise calculations, TPUs are designed for the high-volume but low-precision calculations required by neural networks. Google has used these chips in-house since 2015: they process people’s photos and natural-language search queries. Google’s sister company DeepMind uses them to train its AIs. 

In the last couple of years, Google has made TPUs available to other companies, and these chips—as well as similar ones being developed by others—are becoming the default inside the world’s data centers.

AI is even helping to design its own computing infrastructure. In 2020, Google used a reinforcement-learning algorithm—a type of AI that learns how to solve a task through trial and error—to design the layout of a new TPU. The AI eventually came up with strange new designs that no human would think of—but they worked. This kind of AI could one day develop better, more efficient chips. 

Show, don’t tell

The second change concerns how computers are told what to do. For the past 40 years we have been programming computers; for the next 40 we will be training them, says Chris Bishop, head of Microsoft Research in the UK. 

Traditionally, to get a computer to do something like recognize speech or identify objects in an image, programmers first had to come up with rules for the computer.

With machine learning, programmers no longer write rules. Instead, they create a neural network that learns those rules for itself. It’s a fundamentally different way of thinking. 

Examples of this are already commonplace: speech recognition and image identification are now standard features on smartphones. Other examples made headlines, as when AlphaZero taught itself to play Go better than humans. Similarly, AlphaFold cracked open a biology problem—working out how proteins fold—that people had struggled with for decades. 

For Bishop, the next big breakthroughs are going to come in molecular simulation: training computers to manipulate the properties of matter, potentially making world-changing leaps in energy usage, food production, manufacturing, and medicine. 

Breathless promises like this are made often. It is also true that deep learning has a track record of surprising us. Two of the biggest leaps of this kind so far—getting computers to behave as if they understand language and to recognize what is in an image—are already changing how we use them.

Computer knows best

For decades, getting a computer to do something meant typing in a command, or at least clicking a button.

Machines no longer need a keyboard or screen for humans to interact with. Anything can become a computer. Indeed, most household objects, from toothbrushes to light switches to doorbells, already come in a smart version. But as they proliferate, we are going to want to spend less time telling them what to do. They should be able to work out what we need without being told.

This is the shift from number-crunching to decision-making that Dubey sees as defining the new era of computing.  

Rus wants us to embrace the cognitive and physical support on offer. She imagines computers that tell us things we need to know when we need to know them and intervene when we need a hand. “When I was a kid, one of my favorite movie [scenes] in the whole world was ‘The Sorcerer’s Apprentice,’” says Rus. “You know how Mickey summons the broom to help him tidy up? We won’t need magic to make that happen.”

We know how that scene ends. Mickey loses control of the broom and makes a big mess. Now that machines are interacting with people and integrating into the chaos of the wider world, everything becomes more uncertain. The computers are out of their boxes.

Article link: https://www-technologyreview-com.cdn.ampproject.org/c/s/www.technologyreview.com/2021/10/22/1037179/ai-reinventing-computers/amp/

Our Next Cyber Talk is on operations and intelligence analysis methods involving searches and analytics performed on external datasets can be very revealing. This exposure includes not only attribution (who is performing it), but also the content of the operation itself (what is being searched for), which may include sensitive information that would be extremely damaging to national security if exposed. Recent advances in an increasingly visible technology category known as Privacy Enhancing Technologies (PETs) are changing the paradigm of secure data usage by allowing sensitive indicators to be securely processed while remaining in the untrusted domain, extending the boundaries of trusted compute.
PETs are transformative because the mission-enabling capabilities they deliver are not making something better; they are making something entirely new possible. Users can encrypt the content of their search, analytic, or machine learning model, ensuring their interests and intents remain secure and private throughout the processing lifecycle. This allows U.S. Government organizations to leverage publicly available, open-source, and/or low-side, government-curated data sources in ways that were never before possible.

Event link: https://www.linkedin.com/events/https-www-zoomgov-com-j-16124336904437132174467072/

Kyle Atwell and Daphne McCurdy | 12.04.22

What role do private military companies (PMCs) such as Russia’s Wagner Group play on the modern battlefield? How should US policymakers and US and allied troops in conflict zones manage threats from armed groups when Russia denies their existence? Is war by private armies a rising trend in modern conflict?

Our two guests argue that the Wagner Group plays an important role in Russian military strategy. Russia’s use of PMCs has implications both operationally for US troops on the ground, as well as for US foreign policy more broadly. We discuss at length a February 2018 incident in which the Wagner Group and Syrian partner forces engaged in a multi-hour firefight with US special operations forces in Syria, allegedly resulting in hundreds killed on the Russian/Syrian side.

The conversation concludes with recommendations for both policymakers and practitioners on how to address Russia’s use of plausible deniability and PMCs. The answer is made more pressing by the expanded use of PMCs in combat arms and kinetic roles not just by Russia but other countries, in places such as Nagorno-Karabakh, Libya, and beyond.

Dr. Robert Hamilton is an associate professor of Eurasian studies at the US Army War College and a Black Sea fellow at the Foreign Policy Research Institute. In a thirty-year career in the US Army, spent primarily as a Eurasian foreign area officer, he served overseas in Saudi Arabia, Iraq, Germany, Belarus, Qatar, Afghanistan, the Republic of Georgia, Pakistan, and Kuwait. He is a graduate of the German Armed Forces Staff College and the US Army War College and holds a bachelor of science degree from the United States Military Academy, and a master’s degree in contemporary Russian studies and PhD in political science, both from the University of Virginia. In 2017 he led the US cell for ground deconfliction with Russia in Syria.

Candace Rondeaux is a professor of practice at the School of Politics and Global Studies and a senior fellow with the Center on the Future of War at Arizona State University. She has served as a strategic advisor to the US special inspector general for Afghanistan reconstruction and senior program officer at US Institute of Peace where she launched the RESOLVE Network, a global research consortium on violent extremism. She spent five years living and working in South Asia where she served as South Asia bureau chief for the Washington Post and as senior analyst on Afghanistan for the International Crisis Group. A graduate of Sarah Lawrence College, she holds a bachelor’s degree in Russian area studies, a master’s degree in journalism from New York University, and a master’s degree in public policy from the Woodrow Wilson School of Public and International Affairs at Princeton University. She is the author of the report “Decoding the Wagner Group: Analyzing the Role of Private Military Security Contractors in Russian Proxy Warfare.”

The Irregular Warfare Podcast is a collaboration between the Modern War Institute and Princeton University’s Empirical Studies of Conflict Project. You can listen to the full episode below, and you can find it and subscribe on Apple Podcasts, Stitcher, Spotify, TuneIn, or your favorite podcast app. And be sure to follow the podcast on Twitter!

Article link: https://mwi.usma.edu/russias-wagner-group-and-the-rise-of-mercenary-warfare/

A decade-long quest to become a cyber superpower is paying off for China.

By Patrick Howell O’Neill

February 28, 2022

The “most advanced piece of malware” that China-linked hackers have ever been known to use was revealed today. Dubbed Daxin, the stealthy back door was used in espionage operations against governments around the world for a decade before it was caught.

But the newly discovered malware is no one-off. It’s yet another sign that a decade-long quest to become a cyber superpower is paying off for China. While Beijing’s hackers were once known for simple smash-and-grab operations, the country is now among the best in the world thanks to a strategy of tightened control, big spending, and an infrastructure for feeding hacking tools to the government that is unlike anything else in the world.

This change has been going on for years, driven right from the very top. Soon after he ascended to power, President Xi Jinping began a reorganization of China’s military and intelligence agency, which prioritized cyberwarfare and initiated a “fusion” of military and civilian organizations geared toward boosting the nation’s cyber capabilities

The results are new tools and tactics that have rapidly become more sophisticated and ambitious over the past decade. For example, Chinese government hackers have exploited more powerful zero-day vulnerabilities—previously undiscovered weaknesses in technology for which there is no known defense—than any other nation, according to congressional testimony from Kelli Vanderlee, an intelligence analyst at the cybersecurity firm Mandiant. Researchshows that Beijing exploited six times as many such powerful vulnerabilities in 2021 as in 2020.

China’s offensive cyber capabilities “rival or exceed” those of the United States, said Winnona DeSombre, a research fellow at the Harvard Belfer Center, in congressional testimony on China’s cyber capabilities on February 17. “And its cyber defensive capabilities are able to detect many US operations—in some cases turning our own tools against us.”

Powerful tools

Daxin is just the latest powerful tool linked to China over the past year. It works by hijacking legitimate connections to hide its communications in normal network traffic. The result provides stealth and, on highly secure networks where direct internet connectivity is impossible, allows hackers to communicate across infected computers. The researchers who discovered it, from the cybersecurity firm Symantec, compare it to advanced malware they’ve seen that’s been linked to Western intelligence operations. It’s been in use at least as recently as November 2021.   

And in February of last year,  a massive hacking spree against Microsoft Exchange servers by multiple Chinese groups, beginning with zero-day exploits known as ProxyLogon vulnerabilities, showcased Beijing’s ability to coordinate an offensive so large in scale it seemed chaotic and reckless to outside observers. The onslaught effectively left a door wide open on tens of thousands of vulnerable email servers for any hacker to step through.

A quieter campaign uncovered in May saw multiple Chinese hacking groups use another zero-day vulnerability to successfully hack military, government, and tech industry targets across the United States and Europe.

People at the highest levels of power in China appreciate the importance of cyber capabilities. The CEO of Qihoo 360, the country’s biggest cybersecurity company, famously criticized Chinese researchers doing work outside the country and implored them to “stay in China” to realize the “strategic value” of powerful software vulnerabilities used in cyber-espionage campaigns. Within months, his company was linked to a hacking campaign against the country’s Uyghur minority. 

A wave of stricter regulations followed, tightening the government’s control of the cybersecurity sector and prioritizing the state’s security and intelligence agencies over all else—including the companies whose software is insecure. 

“The Chinese have a unique system reflecting the party-state’s authoritarian model,” says Dakota Cary, an analyst at Georgetown’s Center for Security and Emerging Technology. 

Chinese cyber researchers are effectively banned from attending international hacking events and competitions, tournaments they once dominated. A hacking contest pits some of the world’s best security researchers against one another in a race to find and exploit powerful vulnerabilities in the world’s most popular tech, like iPhones, Teslas, or even the kind of human-machine interfaces that help run modern factories. Prizes worth hundreds of thousands of dollars incentivize people to identify security flaws so that they can be fixed.  

Now, however, if Chinese researchers  want to go to international competitions, they require approval, which is rarely granted. And they must submit everything to government authorities beforehand—including any knowledge of software vulnerabilities they might be planning to exploit. No one other country  exerts such tight control over such a vast and talented class of security researchers. 

This mandate was expanded with regulation requiring all software security vulnerabilities to be reported to the government first, giving Chinese officials unparalleled early knowledge that can be used for defensive or offensive hacking operations.

“All of the vulnerability research goes through an equities process where the Chinese government gets right of first refusal,” says Adam Meyers, senior vice president of intelligence at the cybersecurity company CrowdStrike. “They get to choose what they’ll do with this, really increasing the visibility they have into the research being conducted and their ability to find utility in all of it.”

We’ve seen one exception to this rule: an employee of the Chinese cloud computing giant Alibaba reported the famous Log4j vulnerability to developers at Apache instead of first delivering it to Chinese government authorities. The result was a public punishment of Alibaba and implicit warning for anyone else thinking of making a similar move.

China’s stricter policies have an impact well outside the country itself.

Over the last decade, the “bug bounty” model has provided millions of dollars to build a global ecosystem of researchers who find software security vulnerabilities and are paid to report them. Multiple American companies host marketplaces where any tech firm can put its own products up for close examination in exchange for bounties to the researchers. 

By any measurement, China ranks at or near the top in alerting American firms to vulnerabilities in their software. In his congressional testimony last week, Cary said an unnamed large American firm had disclosed to him that Chinese researchers received $4 million in 2021. The American companies benefit from the participation of these Chinese researchers. When the researchers report a bug, the companies can fix it. That’s been the status quo since the bounty programs began booming in popularity a decade ago.

However, as the Chinese government tightens control, this multimillion-dollar ecosystem is now delivering a steady stream of software vulnerabilities to Chinese authorities—effectively funded by the companies and at no cost to Beijing.

“China’s policy that researchers must submit vulnerabilities to the Ministry of Industry and Information Technology creates an incredibly valuable pipeline of software capabilities for the state,” says Cary. “The policy effectively bought at least $4 million worth of research for free.”

Robot Hacking Games

In 2016, a powerful machine called Mayhem won the Cyber Grand Challenge, a cybersecurity competition held by the US Defense Advanced Research Projects Agency.

Mayhem, which belongs to a Pittsburgh company called ForAllSecure, won by automatically detecting, patching, and exploiting software security vulnerabilities. The Pentagon is now using the technology in all military branches. Both the defensive and offensive possibilities were immediately obvious to everyone watching—including Chinese officials.

DARPA hasn’t run a similar program since 2016. China, on the other hand, has put on at least seven “Robot Hacking Games” competitions since 2017, according to Cary’s research. Chinese academic, military, and private-sector teams have all been drawn to competitions overseen by the Chinese military. Official documents tie automated discovery of software vulnerabilities directly to China’s national goals.

As the Robot Hacking Games were beginning, the CEO of Qihoo 360 said automated vulnerability discovery tools were an “assassin’s mace” for China.

“Whoever masters the automatic vulnerability mining technology will have the first opportunity to attack and defend the network,” he said. Claiming that his own company had developed “a fully autonomous automatic vulnerability mining system,” he argued that the technology is the “‘killer’ of network security.”

The Robot Hacking Games are one example of the way Chinese officials at the highest level have been able to see an American success and then smartly make it their own.

“Time and again, China has studied the US system, copied its best attributes, and in many cases expanded the scope and reach,” says Cary.

As the US-China rivalry continues to function as the defining geopolitical relationship of the 21st century, cyber will play an outsize role in what China’s leaders rightfully call a “new era.” It touches everything from commercial competition to technological advancement and even warfare. 

In that new era, Xi’s stated goal is to make China a “cyber superpower.” By any measure, he’s done it.

Article link: https://www.technologyreview.com/2022/02/28/1046575/how-china-built-a-one-of-a-kind-cyber-espionage-behemoth-to-last/

Steve Blank, Joe Felter, Raj Shah/ 11:06 AM EST•February 24, 2022

The Department of Defense, other U.S. government agencies and a bipartisan consensus in Congress realize that China is strategically leveraging diplomacy, information and intelligence, its military might and economic strength, and all other instruments of its national power to redefine the future world order.

Given China’s stated goals and objectives, we should expect continuity in this assessment in the coming decades.

To any dispassionate observer, U.S. responses to China’s aggressive whole-of-government efforts to dominate – especially in the military domain – have been piecemeal and ineffective. The systems (and people) we have in place to respond (requirements, acquisition, budgeting) were designed to optimize lifecycle cost and manage 30-year DOTMLPF processes.

Yet, we need the opposite to compete with our strategic rival – speed, urgency, scale, short life cycle, and attributable systems. Existing DoD systems are not designed to effectively tap into a commercial technology ecosystem that’s now driving most of the DoD-relevant advanced tech (AI/ML, autonomy, biotech, quantum, access to space, semiconductors, etc.)

We must more aggressively and deliberately harness the vast untapped potential of our world-renowned institutions of higher learning, namely the brilliant, innovative and creative students and faculty that flock to America’s flagship universities.

Many among the DoD’s senior military and civilian leaders understand this and have established well-intended innovation initiatives. But the enduring funding and efficacy of such initiatives often hinge on support from visionary individual leaders and are at risk when these key leaders’ tenures end.

The result is that our systems, organizations, headcount, and budget can’t scale to meet the challenge of China and other potential rivals. Our adversaries are innovating faster than our traditional systems can respond.

Many have written about reform of existing DoD systems (fix the planning, programming, budgeting and execution (PPBE) process; scale DoD accelerators and the Defense Innovation Unit; better utilizing existing acquisition authorities, etc.).

All are fine ideas, but they miss a core problem – the DoD has not engaged with commercial industry at scale. Harnessing the extraordinary potential of the U.S. private sector and bringing its vastly superior resources to bear more effectively is the key to prevailing in this strategic competition.

Silicon Valley is ready to get back in the game

For the first two decades after World War II, Silicon Valley was really “defense valley.” It built chips and systems for the DoD and intelligence community. Innovation in Silicon Valley started post-World War II with funding to Stanford University from the Office of Naval Research and then follow-on contracts from all the services to build advanced microwave and electronic systems.

The first major contract for the fledging semiconductor companies was for the guidance systems for the Minuteman II intercontinental ballistic missile and then the Apollo spacecraft. During the Cold War, Lockheed was Silicon Valley’s largest employer, building three generations of submarine launch ballistic missiles, satellites and other weapons systems. Arguably, our ability to mobilize the resources of Silicon Valley was critical to the U.S. ultimately prevailing in the Cold War competition with the Soviet Union.

Prevailing in this century’s strategic competition will require us to bring similar resources and talent to bear. Today, Silicon Valley sits at ground zero of a technology ecosystem that dwarfs the DoD, its prime contractors and federal labs. This ecosystem thrives on the toughest problems, moves with speed and urgency and, when incentivized, can bring capital and people at an enormous scale to solve these problems.

But the DoD is reluctant to acknowledge that this is a resource to tap at scale and speed. And because it hasn’t fully acknowledged it, it hasn’t considered what would be possible if you could marshal those resources.

And because it hasn’t imagined it, it hasn’t thought about what types of incentives could move the more than $300 billion per year in VC investments (versus $112 billion for DoD’s Research, Development, Test and Evaluation (RDT&E) Program or $132 billion in procurement) into areas that support dual-use activities with the potential to bolster our national security. (Think massive tax incentives, etc.)

The adage “to a hammer everything looks like a nail” aptly describes the answer to problem sets like threats to sovereignty and international law. Most thinking has been restricted to having more/better versions of existing weapon systems (ships, carriers, boomers, etc.) rather than alternate operational concepts and weapons that can be rapidly deployed to deter or win a war in the South China Sea or in the Baltics or Kaliningrad corridor.

It almost seems that conversations about new systems and concepts built around small, cheap, attributable, autonomous, lethal, mass, distributed, short-lifecycle projects from new vendors are prohibited. Yet, these are exactly the solutions an innovation ecosystem would rally around. Imagine, for example, 50 SpaceX equivalents helping to build a 21st-century DoD.

Bringing America’s best and brightest to strategic competition

Focusing and unleashing the power of the United States’ private sector and of Silicon Valley, in particular, with its unmatched innovation and extraordinary capital investment potential, can reverse the U.S. slide in capabilities relative to China and maintain our edge across a range of critical technologies.

Beyond that, we must more aggressively and deliberately harness the vast untapped potential of our world-renowned institutions of higher learning, namely the brilliant, innovative, and creative students and faculty that flock to America’s flagship universities.

We’ve succeeded at this before. Stanford and nearly every other major U.S. research university were integral to the military innovation ecosystem during the Cold War. What was unique in Silicon Valley, however, was that Stanford’s engineering department actively encouraged professors and graduate students to start military electronics companies, taking the best people and commercializing the technology to help win the race against the Soviet Union.

Inspired by this historic precedent, we recently established the Stanford Gordian Knot Center for National Security Innovation to harness Silicon Valley’s technology, talent, capital, speed, and passion for tough problems and help the United States prevail in this new era of strategic competition.

We must further advance efforts that coordinate resources across Silicon Valley and other innovation ecosystems. At our top universities, we must scale national security innovation education; train national security innovators; offer insight, integration, and policy outreach; and provide a continual output of minimal viable products that can act as catalysts for solutions to the toughest problems.

The stakes are too high not to bring all our resources and our very best human capital to the table.

Article link: https://techcrunch.com/2022/02/24/the-us-must-harness-the-power-of-silicon-valley-to-spur-military-innovation/

Esperanto Techology’s chip heralds new era in open-source architecture; Intel set to cash in

SAMUEL K. MOORE

24 FEB 2022

The adoption of RISC-V, a free and open-source computer instruction set architecture first introduced in 2010, is taking off like a rocket. And much of the fuel for this rocket is coming from demand for AI and machine learning. According to the research firm Semico, the number of chips that include at least some RISC-V technology will grow 73.6 percent per year to 2027, when there will be some 25 billion AI chips produced, accounting for US $291 billion in revenue.

The increase from what was still an upstart idea just a few years ago to today is impressive, but for AI it also represents something of a sea change, says Dave Ditzel, whose company Esperanto Technologies has created the first high-performance RISC-V AI processor intended to compete against powerful GPUs in AI-recommendation systems. According to Ditzel, during the early mania for machine learning and AI, people assumed general-purpose computer architectures—x86 and Arm—would never keep up with GPUs and more purpose-built accelerator architectures. 

“We set out to prove all those people wrong,” he says. “RISC-V seemed like an ideal base to solve a lot of the kinds of computation people wanted to do for artificial intelligence.” 

With the company’s first silicon—a 1,092-core AI processor—in the hands of a set of early partners and a major development deal with Intel [see sidebar], he might soon be proved right. 

Ditzel’s entire career has been defined by the theory behind RISC-V. RISC, as you may know, stands for reduced instruction set computer. It was the idea that you could make a smaller, lower-power but better-performing processor by slimming down the core set of instructions it can execute. IEEE Fellow David Patterson coined the term in a seminal paper in 1980. Ditzel, his student, was the coauthor. Ditzel went on to work on RISC processors at Bell Labs and Sun Microsystems before cofounding Transmeta, which made a low-power processor meant to compete against Intel by translating x86 code for a RISC architecture. 

With Esperanto, Ditzel saw RISC-V as a way to accelerate AI with relatively low power consumption. At a basic level, a more complex instruction set architecture means you need more transistors on the silicon to make up the processor, each one leaking a bit of current when off and consuming power when it switches states. “That was what was attractive about RISC-V,” he says. “It had a simple instruction set.” 

The Core

The core of RISC-V is a set of just 47 instructions. The actual number of x86 instructions is oddly difficult to enumerate, but it’s likely near 1,000. Arm’s instruction set is thought to be much smaller, but still considerably larger than RISC-V’s. But simply using a slim set of instructions wouldn’t be enough to achieve the computing power Esperanto was aiming for, says Ditzel. “Most of the RISC-V cores out there aren’t that small or that energy efficient. So it’s not just a question of us taking a RISC-V core and slapping 1,000 of them on a chip. We had to completely redesign the CPU so that it would fit into those very tough constraints.”

Notably missing from the RISC-V instruction set at the time Ditzel and his colleagues started work were the “vector” instructions needed to efficiently do the math of machine learning, such as matrix multiplication. So Esperanto engineers came up with their own. As embodied in the architecture of the processor core, the ET-Minion, these included units that do 8-bit integer vectors and both 32- and 16-bit floating-point vectors. There are also units that do more complex “tensor” instructions, and systems related to the efficient movement of data and instructions related to the arrangement of ET-Minion cores on the chip. 

The resulting system-on-chip, ET-SoC-1, is made up of 1,088 of the ET-Minion cores along with four cores called ET-Maxions, which help govern the Minions’ work. The chip’s 24 billion transistors take up 570 square millimeters. That puts it at around half the size of the popular AI accelerator Nvidia A100. Those two chips follow very different philosophies. 

The ET-SoC-1 was designed to accelerate AI in power-constrained data centers at the heart of boards that fit into the peripheral component interconnect express (PCIe) slot of already installed servers. That meant the board had only 120 watts of power available, but it would have to provide at least 100 trillion operations per second to be worthwhile. Esperanto managed more than 800 trillion in that power envelope. 

Most AI accelerators are built around a single chip that uses the bulk of the board’s power budget, Esperanto.ai principal architect Jayesh Iyer told technologists at the RISC-V Summit in December. “Esperanto’s approach is to use multiple low-power chips, which still fits within the power budget,” he said. 

Each chip consumes 20 W when performing a recommender-system benchmark neural network—less than one-tenth what the A100 can draw—and there are six on the board. That combination of power and performance was achieved by reducing the chips’ operating voltages without the expected sacrifice in performance. (Generally, a higher operating voltage means you can run the chip’s clock faster and get more computing done.) At 0.75 volts, the nominal voltage for the ET-SoC-1’s manufacturing process, a single chip would blow way past the board’s power budget. But when dropping the voltage to about 0.4 V, you can run six chips from the board’s 120 W and achieve better than a fourfold boost in recommender-system performance over the single higher-voltage chip. At that voltage, each ET-Minion core is consuming only about 10 milliwatts. 

“Low voltage operation is the key differentiator for Esperanto’s ET-minion [core] design,” said Iyer. It informed architectural and circuit-level decisions, he said. For instance, the core’s pipeline for the RISC-V integer instructions is made up of the fewest number of logic gates per clock cycle, allowing a higher clock rate at the reduced voltage. And when the core is performing long tensor computations, that pipeline is shut down to save energy. 

Other AI Processors

Other recently developed AI processors have also turned to a combination of RISC-V and their own custom machine-learning acceleration. For example, Ceremorphic, which recently came out of stealth with its Hierarchical Learning Processor, uses both a RISC-V and an Arm core along with its own custom machine-learning and floating-point arithmetic units. And Intel’s upcoming Mobileye EyeQ Ultra will have 12 RISC-V cores with its neural-network accelerators in a chip meant to provide the intelligence for Level 4 autonomous driving. 

Intel’s Big Bet on RISC-V

In perhaps its biggest move to jump-start its manufacturing business, Intel said it would create a US $1 billion fund to support startups and other potential customers of Intel Foundry Services. Though the company didn’t say where the first funds will go in announcing the fund, it is planning “investments and offerings that will strengthen the ecosystem and help drive further adoption of RISC-V.”

Putting its weight behind RISC-V was a smart move, because it makes the company seem more like a manufacturing partner than a competitor, according to Semico Research principal analyst Rich Wawrzyniak. “All at once they not only validated the RISC-V architecture, they said they’re open for business,” he says. “They’re not going to restrict people in terms of the CPU designs they want to build. That itself is probably more important than anything else.”

Intel says it will help RISC-V companies innovate faster by prioritizing their manufacturing runs and working with them to codevelop manufacturing technology that works for their designs, among other things. Intel, which is now a member of RISC-V International, singled out four major collaborations with RISC-V heavyweights that it expects will attract foundry customers:

Andes Technology: The San Jose–based company designs RISC-V processor cores for embedded systems. And through the new deal, Intel Foundry Services customers can integrate its low-power cores. Intel’s foundry capacity “ensures that SoC designs based on Andes RISC-V processor cores will achieve the production ramp and volume successfully,” said CEO Frankwell Lin, in a press release.

Esperanto Technologies:The company’s current 1,092-core chip is made using TSMC’s N7 process. Through a strategic partnership, “Esperanto is getting access to Intel’s advanced technology nodes,” says CEO Dave Ditzel. The company could make the next generation of its SoC using the Intel 3 process, he says. “That’s not one but actually two generations ahead of its current design.” With that, Esperanto could increase the number of cores on its chips or make those chips smaller. The latter is more likely, he says. Different numbers of 1,092-core chiplets could then be combined in a package using Intel’s chiplet packaging technologies to tackle a variety of tasks.

SiFive: The Silicon Valley designer of RISC-V cores and development tools partnered with Intel Foundry Services to produce SiFive’s P550 multicore processors in the foundry’s Intel 4 manufacturing process, which is set to come on line later this year. The resulting chips will go to developer boards meant to drive growth in RISC-V. It’s worth noting that SiFive extended an existing partnership with Samsung last April to integrate custom AI accelerator blocks with SiFive’s RISC-V blocks using Samsung’s foundry technology.

Ventana Microsystems: The startup has a deal to make its data-center-class tech available to Intel Foundry Services customers. Foundry customers will be able to integrate Ventana’s data-center-class cores into their SoCs using Intel’s “leading manufacturing process,” or use its multicore chiplets to rapidly make custom systems.

Turning to RISC-V was both a business and technical move for embedded AI processor firm Kneron. The company has been selling chips and intellectual property using Arm CPU cores and its custom accelerator infrastructure. But last November Kneron released its first RISC-V-based tech in the KL530, aimed at supporting autonomous driving with a relatively new type of neural network called a vision transformer. According to Kneron CEO Albert Liu, the RISC-V architecture makes it easier to preprocess neural-network models so they run more efficiently. However, “it also made sense in light of the potential Arm acquisition by Nvidia last year to de-risk ourselves of any possible business decisions that could impact us,” he says. That deal fell apart in February but would have put the provider of Kneron’s previous CPU core architecture in the hands of a competitor. 

Future RISC-V processors will be able to tackle machine-learning-related operations using an open-source set of instructions agreed upon by the community. RISC-V International, the body that governs the codification of the core instruction set architecture and new extensions, ratified a set of just over 100 vector instructions in December 2021. 

With the new vector instructions, “somebody doing their own thing in AI doesn’t have to start from scratch,” says the organization’s CTO, Mark Himelstein. “They can use the instructions that other companies are using. They can use the tools that other companies are using. And then they can innovate in the implementation or power consumption, or performance, or whatever it is their added value is.” 

Even with the vector extensions, promoting machine learning remains a top priority for the RISC-V community, says Himelstein. Most of the development of ML-related extensions to RISC-V is happening in the organization’s graphics special interest group, which merged with the machine-learning group “because they wanted the same things,” he says. But other groups, such as those interested in high-performance and data-center computing, are also focusing on ML-related extensions. It’s Himelstein’s job to make sure the efforts converge where they can. 

Despite RISC-V’s successes, Arm is the market leader in many of the markets where a lot of new AI functions are being added, and it is likely to still be so five years from now, with RISC-V capturing about 15 percent of total revenue in the market for CPU core designs, says Semico Research principal analyst Rich Wawrzyniak. “It’s not 50 percent, but it’s not 5 percent either. And if you think about how long RISC-V has been around, that’s pretty fast growth.”

Article link: https://spectrum.ieee.org/risc-v-ai

Two instances of the homegrown electronic health record have been moved to the cloud as part of a pilot project, but it’s not clear if funding or support exists for more cloud migration as VA transitions to a commercial electronic health record.

ADAM MAZMANIAN | 

FEBRUARY 22, 2022 10:00 AM ET

Kurt DelBene, the new chief information officer at the Department of Veterans Affairs, said he planned to continue support of the agency’s homegrown electronic health records system during the transition to a commercial system scheduled to be completed in 2028.

The modernization project, launched in 2017 with a planned $16 billion budget, has its own section of the VA’s budget outside the Office of Information and Technology, and its leader reports to the agency’s deputy secretary, Donald Remy. But OI&T is deeply enmeshed in the shift to the same Cerner commercial electronic health record system, providing support for infrastructure development and readiness.

At the same time, OI&T is responsible for keeping the Veterans Health Information Systems and Technology Architecture (Vista) operational. For now, most patient care is handled through Vista; the Cerner product is up and running at the Mann Grandstaff Medical Center in Spokane, Wash., and a few more deployments are scheduled in the near term.

“We’re going to be using Vista for a period of time, and during that we can’t falter on delivering great care to veterans,” DelBene said on a Feb. 17 call with reporters. “So I think of Vista as a system that we absolutely have to continue to modernize. The health care landscape changes, and Vista needs to change and continue with the great support as it has had before.”

Todd Simpson, VA’s deputy assistant secretary of DevSecOps, said on the same call that two of the 130 separate instances of Vista have been put into VA’s Amazon Web Services cloud as part of a pilot. In addition, all the backup data for Vista has been moved into the cloud.

Simpson said it was possible that more instances of Vista could be moved to the cloud. “It comes down to funding and overall strategic direction driven from [Electronic Health Record Modernization], leadership and of course the customer,” meaning the Veterans Health Administration.

Funding is a big issue for Vista, in part because its costs are difficult to measure. The homegrown application now has 130 separate instances in use at different VA facilities. 

Because of the way the legacy system has sprawled into multiple systems, “VA lacks a comprehensive definition of Vista and cannot accurately report Vista costs,” the agency stated in its 2022 budget request.

Additionally, DelBene said plans to sunset Vista will have to wait for the EHRM project to advance. “Part of that is further out,” DelBene said. “My major commitment is to continue to support necessary changes. Then we’ll figure out what transition looks like.”

Article link:
https://fcw.com/2022/02/vista-modernization-still-priority-va-funding-question/362219/

Jared Serbu Feb. 18, 2022

An influx of money from the CARES Act helped the Department of the Navy (DON) make major strides in modernizing its networks. Now, leaders say, it’s time to focus on bolstering those networks’ cybersecurity, including with a major pivot from compliance-driven approaches to a new philosophy called “Cyber Ready,” which focuses instead on continuous monitoring and ongoing risk assessments.

The idea of keeping constant tabs on a system’s cyber health certainly isn’t new — indeed, it’s central to the National Institute of Standards and Technology Risk Management Framework DoD already uses to authorize systems on its networks, as a theoretical matter anyway.

But Navy IT leaders think they’ve hit on a new framing that will help with the cultural changes needed to actually, finally, move away from checklist-based, single-point-in-time security approvals.

Aaron Weis, the Navy Department’s CIO, said describing the problem in terms of “readiness,” akin to the way the military measures its servicemembers and weapons systems’ ability to execute missions on a day-to-day basis, has found a good deal of resonance in the Navy and Marine Corps.

“The whole approach is that we measure readiness in a very holistic way, and it’s something that you dynamically manage,” he said this week at the Navy Department’s annual IT conference in San Diego. “It’s taking the way that we measure ourselves in a very complete way and bringing that to the topic of cybersecurity, and my sense is we’ve really hit on a message that resonates — an approach that can bear fruit — and we’ve gotten really favorable engagement on this idea.”

Exactly what “Cyber Ready” looks like in practice is still to be determined. The concept has only been under discussion since October, and the DON plans to test it with a handful of pilot projects in the coming year before drawing any broad policy conclusions.

But Weis said a key objective is to move away from the current practice of granting systems an Authority to Operate (ATO) once every three years. That approach, he said, incentivizes “bad behavior.”

“One of the things that we’re saying as part of Cyber Ready is that the idea of a three-year ATO is wrongheaded — you fill out a giant spreadsheet and do 10,000 pushups and then you get an ATO that’s good for three years,” he said. “People get that ATO and they go, ‘Yeah, job done.’ And then what happens? Over the next three years, that system hasn’t evolved or been updated. It’s no longer secured, and it ends up as a high-risk escalation that ends up on my desk. We need to get to this idea that you’re always earning your ATO. There are a lot of snazzy phrases for that, like continuous ATO, but the idea is you’re always earning and re-earning your ATO every day.”

And Navy IT leaders think their technology developers are hungry for changes along these lines.

Jane Rathbun, the deputy assistant secretary of the Navy for information warfare and enterprise services, said the acquisition community is often frustrated by the process of building new systems and only turning them over to cybersecurity officials for review and approval once they’re ready to deploy.

She said developers would actually prefer to have the CISO community embedded in their programs from the start.

“They also see a need for common platforms so that they can abstract the actual capability from the IT infrastructure, so that that can be prepared and ATO’d — and not repeated every time we want to add real capability to the Navy and to the Marine Corps,” she said. “They want inheritance. If we’ve gotten Marine Corps approval on some platform or solution that we now want to use in the Navy, we’re all one big happy family. We don’t need to be doing things twice … They do agree that they must comply with cybersecurity, and they want to do that. That’s never been the problem, it’s just about how we get there.”

Cyber Ready also dovetails with an effort the Navy has already had underway for the past two years to streamline its implementation of the Risk Management Framework. Since then, the Navy has reduced the number of security controls it considers “critical” from about 600 to just 72.

And Rear Adm. Susan BryerJoyner, the Navy’s chief information security officer, said her service is looking for ways to automate security checks for many of those remaining controls.

“We also have a commercial solutions opening for the tools that allow us to automate the workflows associated with the compliance checks, because there will still be compliance checks,” she said. “This is not the ticket to say nobody ever has to scan or patch again. This is the ticket that says we’re going to figure out a better way of understanding how well you’re scanning and patching. And on a near-real-time basis, we’re going to identify the vulnerabilities the Fleet Cyber Command commander needs to know about to order a network maneuver when we have unacceptable risk on the network.”

The new approach is also likely to lean heavily on automated approaches to red-teaming and penetration testing, according to Renata Spinks, the Marine Corps’ CISO.

While there’s definitely no intention to eliminate human red teams, the sea services do need ways to test their defenses against real-world threats on a much more ongoing basis, she said. And the frequency of those checks will often be determined by how much risk the DON is willing to accept for a particular system or segment of the network.

“If we use real-time information from the people who are closest to the network, our policy should align to what’s been proven. We shouldn’t set policy and try to make people retrofit their systems with some grand new idea, because that policy is going to be reversed,” she said. “Pen testing will not only tell me how ready you are, but it will also teach me the new things that the adversary is doing. What are some of the things that maybe we’ve become complacent about? Or, do passwords need to be 16 characters? Maybe that’s no longer effective. We need to know how to be ready for the next thing, not if it occurs, but when it occurs.”

Article link: https://federalnewsnetwork-com.cdn.ampproject.org/c/s/federalnewsnetwork.com/navy/2022/02/navy-plans-to-become-cyber-ready-by-ditching-compliance-obsessed-ato-processes/?

Written by Billy Mitchell
Feb 10, 2022 | FEDSCOOP

The Department of Defense must take space into consideration while developing a zero-trust security framework across its enterprise, CIO John Sherman said Thursday.

The DOD‘s evolving mission in space defense with the recent standup of the U.S. Space Force will be inherently digitally focused. And as the U.S. competes more with near-peer adversaries like China and Russia, securing and defending assets in space from cyberthreats is a growing concern for Sherman, he said at AFCEA NOVA’s Space Force IT Day.

“I want to extend [zero trust] to not only when you think terrestrial domain and kind of traditional networks,” he said. “I think the space piece has got to be a critical part of this discussion. And I look forward to engaging the Department of the Air Force and our Space Force colleagues as we see how this can be applied.”

Sherman said the adoption of a zero-trust framework is a top priority for his office, adding that the topic is “very much prominent right now with the president’s [cybersecurity] executive order of last year.” He highlighted the Defense Information Systems Agency’s Thunderdome program and the move to Microsoft Office 365 as “examples of what a zero-trust framework can look like for the entire Department of Defense.”

And there’s no reason space should be thought of any differently, Sherman said.

“How does zero trust relate when we’re talking about things in orbit? I think it relates in many ways,” he said. “As you look at the entire segment, from the space segment down to the ground, there’s plenty of opportunities for us to microsegment, to think differently about access, about multifactor authentication, about not trusting any piece of that in a way that we have in the past and assuming a very sophisticated adversary is trying to get to our most precious data and dataflows on there.”

Sherman said the department is dealing with a host of technical debt after it spent much of the past decade “kick[ing] the can down the road a bit” while conducting operations in Iraq, Afghanistan and the Middle East. Encryption is one area in particular that “we have to get after with alacrity now,” Sherman, if the U.S. is to maintain its defense prowess.

“Cybersecurity has to be considered a survivability imperative, just like chaff, flares, armor or other capabilities,” he said. “And as we get to on-orbit capabilities, which get into other types of classifications, you can let your imagination run in terms of other types of defensive things we have to have. Cyber cannot be an option anymore.”

Sherman also hopes the Cybersecurity Maturity Model Certification (CMMC) — which was recently transferred to Sherman’s oversight — will “help raise the waterline” for the security of defense information handled by DOD’s industrial partners. And while contractors may be concerned by the costs imposed by CMMC, Sherman said it’s more costly to deal with the consequences of not being secure.

“You know what else costs money: exfiltration of data you and your company have spent blood sweat, tears, and a lot of money to develop that’s going to end up on a weapon platform in Shanghai or outside of Moscow,” Sherman said. “We’re not gonna let that happen on our watch. This is basic hygiene to raise the water level to make sure we can protect our sensitive data so when our service members have to go into action, they’re not going to have an unfair position because our adversaries have already stolen key data and technologies that will put them at an advantage.”

Article link: https://www.fedscoop.com/space-is-a-critical-part-of-dods-move-to-zero-trust-cio-says/

Asheem Chandna Contributor

Feb 10, 2022,12:00pm EST

I have followed the evolution of cybersecurity for almost three decades. The one constant is that as quickly as the underlying technology advances, so, too, does the cyber threat.

To understand how things might play out in the coming years, I spoke with four cybersecurity experts, each of whom brings a different lens: a national security leader; a pioneering technologist; a veteran CISO inside one of the most sophisticated technology companies; and a prominent cryptography professor whose students will invariably shape the course of the field.

They are unified on one point: cybersecurity has never been more central and more complex. No one can afford to fall behind.

The National Security Dilemma

Richard A. Clarke’s experience in cybersecurity and counter terrorism stretches across three decades of service at the State Department, the Pentagon, and as counselor to three US presidents. Today he remains an indispensable advisor to countries and businesses on cyber risk and one of the preeminent thought leaders in the space.

As a national security matter, Clarke believes the US government is well-organized for cyber defense, but persistently falls short of providing adequate funding. In a recent conversation with me, he suggested that most informal, criminal hacking organizations around the world could probably be shut down by a combination of the NSA, CIA, FBI, and Cyber Command – “if only the US was willing to expand the resources it now devotes to counter-cyber warfare.”

Nation-state cyber terror is a different issue. “Iran, Russia, China all have cyber vulnerability. But so do we,” he points out. In the current conflict between Russia and the Ukraine, he worries that every non-cyber move by the US – say, shutting down Russian access to the SWIFT messaging system – could trigger a damaging retaliatory strike against US critical infrastructure.

“The problem is that we don’t know how to handle the escalation of cyber warfare between countries,” he told me. New strategies need to be developed. He cites the 1965 seminal work by strategist Herman Kahn, On Escalation, which addressed how major powers could contain and manage the risks of nuclear conflict. “We need a similar roadmap for managing escalation in cyber attacks.”

Clarke’s concern for businesses is a repetition of the SolarWinds attack that went undetected for months. “The biggest threat to most companies is a cyber attack that comes through the software supply chain. That’s what happened to SolarWinds. Today, every company gets a staggering number of software updates every month.”  

Companies are vulnerable with no clear place to seek help. “The US government would likely come to the aid of a major defense contractor hit by a cyber attack,” Clarke said. “Large banks might also expect support. But other companies need more clarity about whether or when US government resources would be deployed to help them recover from an attack.”

The Problem of Cybersecurity Complexity

Nir Zuk, the legendary founder and CTO of Palo Alto Networks, remains frustrated by a fundamental truth of cybersecurity: customers have no credible way of knowing whether the products they’ve purchased actually work. Failures are only discovered after an attack has breached their security.

Zuk believes this is one reason why cybersecurity conversations have moved up the ladder of the enterprise hierarchy, from engineers to the CISO to the CEO and the board. He sees growing awareness at all levels of business that simply buying the latest vendor “solution” is no longer a viable strategy. Enterprises must understand why cybersecurity is growing both more sophisticated and more difficult to manage.

According to Zuk, operationalizing cyber systems is the bottleneck. Customers can’t keep up with the volume of information generated by cloud and machine learning technology. An alert about a potential breach might show the whole chain of the attack, stretching back into the architecture of the interconnected components in the cloud. “It’s very hard for any human to absorb and respond to all that information,” Zuk says.

This dynamic makes automation of security crucial and inevitable. But Zuk worries most vendors and companies will get it backwards. Rather than “adding one more automated feature to human tools,” he advocates thinking about automated security the way Tesla thinks about autonomous driving: first create the autonomous products, then add the human factor.

Two threats concern him. First, ransomware continues to spread with impunity. No foolproof system exists against an attacker who only needs to be lucky enough to breach your system once. The best antidote, he argues, is to turn the tables by focusing on how to detect a breach once it has penetrated the system; that’s when the attacker must hide 100% of the time. But he quickly concedes that a good backup and data protection plan may still be the best strategy.

Supply chain attacks are the second major threat and are hard to prevent because the enterprise that is victimized is not the first target of attack. Instead, hackers are going after the vendors in their supply chain, exactly what happened in the SolarWinds attack.

The problems, Zuk believes, are knowable. The challenge is how companies will respond.

The New Corporate Imperative

Phil Venables was already an established and highly respected figure in cybersecurity when he joined Alphabet as Google Cloud CISO. He spent over two decades at Goldman Sachs as both CISO and chief operational risk officer.   

When he looks at today’s risk landscape, he sees many companies still thinking about cybersecurity the wrong way. “Companies are rushing to invest in cyber software without modernizing their underlying technology,” says Venables. “They are effectively trying to build a fortress on sand.”

Venables argues the cloud should be viewed as a “digital immune system.”  He concedes this may sound self-interested for Google’s Cloud CISO. But his case is hard to refute. Writing recently in Forbes, he described the cloud’s persistent ability to update, adapt, and respond to shifting threats as “an accelerating feedback loop” for enterprise IT leaders.   

In the coming years both executives and corporate directors will need to become more sophisticated, Venables believes. Not about the technology itself, but about how to build security into products and processes. Venables argues, business leaders should be prepared to talk about the digital underpinning and security of a product, just as knowledgeably as they would about supply chains or customer relationships. “Think about secure products, not security products.” 

Venables proposes an exercise for a board. Instead of quizzing CEOs and their teams about patch updates or the latest security scanners, directors should ask simply how often the organization updates its software. Not long ago, IT teams boasted about quarterly updates.  Venables says that leading-edge companies are typically updating software multiple times a day, or more. That’s the reality of an agile approach to cybersecurity.

The Next Frontier

Dan Boneh is a leading professor in applied cryptography and the co-director of Stanford’s computer security lab. He enjoys a distinct advantage in the world of cybersecurity: he sees what new problems fascinate his students.

Not surprisingly, they are gravitating to a set of problems around blockchain security. One involves the scalability of cryptocurrencies such as Bitcoin or Ethereum, which currently are restricted to conducting about 15 transactions a second. Yet as demand goes up, this limitation is causing transaction fees to rise. The research question is how to move far beyond the 15 transaction-per-second limit without compromising the integrity of the system.

The other security issue with blockchain is privacy. While the virtual ledger offers efficiency and accountability for all types of enterprise transactions, the very nature of blockchain requires that the information can be viewed by others. This is a challenge for companies that want to pay suppliers or even employees through a blockchain system. Researchers are exploring how this can be done securely, without compromising competitive or personal information.

Boneh and his students are also focused on a threat that he believes remains overlooked by most enterprises: adversarial machine learning. For some time, engineers have been refining machine learning algorithms so that a robot or a vehicle can reliably recognize patterns: say, defects in a product or the difference between a stop sign and a yield sign. But Boneh points out that “a growing number of results show how to attack these models.” 

Some are breaking into the training data algorithms that make machine learning possible. Others are extracting the model and effectively stealing it so that those with malicious intent can query it for the purpose of infiltration. As machine learning becomes more essential to advanced business operations, a new front of vulnerability opens.

He sees other technical vulnerabilities in the world of cyber defense: how to secure code depositories such as GitHub or how to protect package management systems that automate the uploading and updating of software. The fundamental problem, he argues, is that “the security industry is reactive. It is always focused on last year’s problems.” His research and students are a valuable counterweight to that tendency.

Cybersecurity Remains Foundational

While each of these experts have a distinct vantage point, they affirm that, in the midst of much technology innovation, cybersecurity remains foundational, growing, and increasingly complex.  As they point out, AI and machine learning, the balance of security and privacy, the vulnerability of supply chains, the growth of the cloud and blockchain, and the demand for automation are fueling frenzied activity in this space.

We see it in venture capital. During the past two years, there has been a surge of entrepreneurs with new approaches to cybersecurity, and nearly all of them are magnets for capital. Barely a day goes by when I don’t hear from a fledgling cyber start-up. Today there are over two dozen pure play cybersecurity companies that have gone public. More will inevitably follow. The demand is unrelenting.

The reasons are obvious. Cybersecurity has become a kind of virtuous circle. At one time, a breach of a legacy server inside a corporation was disruptive, but its consequences limited. In a world increasingly dependent on interconnected services and users, any single breach has deep ramifications and the potential to create havoc. Cybersecurity remains a long game.

Article link: https://www.forbes.com/sites/asheemchandna/2022/02/10/the-long-game-in-cybersecurity/?

(Disclosure: Greylock is a founding investor at Palo Alto Networks and I am on the company’s board of directors.)