Data musician. Digital Jedi. Protector.
March 23, 2021
A cyber warfare expert and former US Navy Captain, Greg Porpora has used his expertise at IBM for the last nine years to develop methods that incorporate artificial intelligence to keep America's digital infrastructure safe from attacks. Porpora was selected to be part of the Industry Academy’s inaugural class of Distinguished Industry Leaders, prestigious thinkers who are globally recognized for their industry-transforming work and leadership.
You grew up spending many summers at your grandparents’ house in Puerto Rico, where you helped tend to their farm. Now you're a successful cybersecurity expert. What do you think of that life journey?
It's just unbelievable. I’ve been able to work with the Department of Defense and many other intelligence agencies. Thinking about it now, when I was growing up, I would have been lucky to even recognize the names of some of these agencies, never mind thinking that I'd someday provide valuable work to them in defense of the nation.
You find ways to use machine learning to thwart cybersecurity attacks — like a Jedi Master for the cutting-edge technology we depend on to keep our data safe.
I use my experience as an engineer and in military to take a problem — something like malware — and turn it inside-out. If you have an iPhone or an Android, you’re probably familiar with updates to fix bugs in applications and make sure your device stays secure. But imagine if, unknowingly, Google got hacked and they accidentally put out an update that allowed a bad actor to read your phone. That would impact hundreds of millions of people.
And you’ve been working on ways to prevent that from happening?
Yes. I’ll try to use an analogy. Think about a .WAV file when you're listening to music. It's just data — ones and zeroes just like you’d find in software code. Well, it turns out that data has a frequency response. If you play a .WAV file on an acoustic synthesizer you hear music. Software code works the same way. When I play software code, I hear the weirdest music you've ever heard. If someone blows into a clarinet, you’ll hear musical notes. When software code is played, it produces system calls, function calls, and operating codes.
So you hear data sing?
Exactly, I hear data sing. And by hearing data sing, a person can characterize what that data is, and how well it’s protected. And that's what I figured out, spectral analysis on code.
So looking at the broad sweep of global cybersecurity, what's the state-of-play? Are private industry and governments generally a step-ahead of the bad guys?
Think of it this way: A bad actor could attack you in thousands of ways. How do you fend against that? If you put defenses on your window, they’ll come through the chimney. There are more ways to attack than defend, so the attacker always has the advantage. My work is all about applying machine and deep learning to our defense tools, because what we're trying to do is become more adaptive. When we detect that something is wrong, we need to be able to respond quickly. Imagine a bad actor storms into your system with a weapon. Our job is to get inside of and deactivate that weapon before it ever has a chance to go off.
How has the pandemic impacted the industry?
We’ll get through the pandemic, but it will have fundamentally changed the fabric of society. You see it already in how we work, how we interact with our doctors, and even in the education system. Because of Covid-19, so much is happening digitally now, including over video calls. What that has done is increase the number of opportunities bad actors have to attack us.
What's the top thing you tell people in government or potential clients about IBM — what's the biggest boon to choosing to work with this company?
It comes down to the way we approach problems. We are constantly thinking outside the box, taking a problem and turning it on its head. Once we find an answer, we have the research power, the expertise, and the ability to scale it using cutting-edge technologies such as Quantum Computing and AI. We're take the approach of 'Trust nothing, verify everything.'
On Nov. 9, IBM CEO Arvind Krishna signed a letter that was sent to President Joe Biden and the new administration. In it he called for modernizing America's digital infrastructure. Why is that a good idea?
The digital infrastructure is the entire fabric of society. If that gets compromised a bad actor can create havoc. An attacker no longer has to attack us with kinetic energy weapons like missiles or bombs. They can do it with cyber weapons.
How much cash does the typical person carry on them? Probably not a lot, right? Many transactions are now made with Apple Pay or a credit card. Imagine if the network was taken down and suddenly you have use cash. Protecting the digital infrastructure is absolutely paramount.
So should people be terrified on a day-to-day basis, or are they in pretty good hands? How would you characterize the current situation?
I would say this: You hope for the best but you plan for the worst. No, people shouldn't be terrified, but we should be actively working to protect and make ourselves more resilient.
What did it feel like to be honored by IBM in its first class of Distinguished Industry Leaders?
Especially here at IBM, we have a broad array of incredibly talented individuals, and for me to be selected out of that entire group was truly humbling. When you're in the first class of anything, you pioneer the pathway.