José Manuel Fernandez
Génie informatique et génie logiciel
NSERC/Desjardins/National Bank Industrial Research Chair in Cybersecurity
Industrial Research Chairs program
Senior Chairholder since 2019
Despite the tremendous benefits that the adoption of information technology (IT) has brought us, our increased reliance on IT has rendered individuals and society as a whole more vulnerable to manipulation and disruption. In addition, the cyber threat extends not only to traditional IT infrastructure but also to cyberphysical systems (CPSs) used in critical infrastructure such as electrical networks, water and sanitation, transportation, etc.
Because of the complexity of the threat landscape, the use of artificial intelligence (AI) is being increasingly considered to address such threats. Nonetheless, the use of AI presents important challenges. The vast heterogeneity of IT systems managed by large organizations makes it very hard to use AI techniques such as machine learning (ML) as is. Furthermore, the complexity of the dependencies between actions on the IT infrastructure and their impact on business processes and privacy and inconvenience to users makes the management of cybersecurity of the IT infrastructure to AI unacceptable, without the possibility of adequate explanation of its decisions.
In CPSs, the link between defensive actions and impact in the real world can be more easily predicted through physical models, hence providing a more adequate level of explanation and potential delegation of security for automated systems. However, the possibility of AI-based autonomous attack vectors creates the conditions for an AI-fuelled arms race between attacker and defenders that needs to be understood and planned for. In addition to creating automated CPS cybersecurity solutions with adequate explainability, this Chairholder will aim to understand and model the subsequent arms race.
The key activities of the research chair will be:
- to construct adequate AI-based cybersecurity solutions relying on leveraging the knowledge of humans to create AI-assisted human-based solutions for the management of cybersecurity of large IT infrastructures, and;
- to leverage our knowledge and models of the physical world to train automated AI-based solutions that make adequate and explainable decisions in CPS cybersecurity.
Desjardins and the National Bank of Canada, the two largest financial institutions in Quebec, handle enormous amounts of data in their security operations centres (SOC), from which they manage the security of their IT infrastructures. They both hope that the AI-based tools developed by the Chairholder will make it possible to improve current human-based decision-making processes. In addition, they hope that these tools could be used to detect a wider range of threats, reduce false positives and better manage operational risk.
For the rest of Canadians, this research will help address cybersecurity threats to IT and CPSs at large. The results of the research should contribute to the development of better AI-based cybersecurity solutions and the establishment of best practices that will be made available to Canadian companies operating IT infrastructures and CPSs. In addition, it will contribute to the ongoing efforts of government and the private sector to set up a sustainable cybersecurity ecosystem in Quebec and Canada, by training a total of 50 highly qualified personnel in cybersecurity and AI.
Prof. Fernandez is a full professor in the Computer and Software Engineering Department at Polytechnique Montréal, where he heads the Information Systems Security Research Lab. He has conducted research on several topics in cybersecurity, including CPS cybersecurity, aviation cybersecurity, cybercrime and cyber warfare. Prof. Fernandez holds two bachelor’s degrees from MIT, in mathematics and computer engineering, a master’s degree from the University of Toronto and a Ph.D. from the Université de Montréal. He is also an adjunct professor in the Department of Electrical and Computer Engineering at the Royal Military College of Canada, Kingston, and a member of the L’Observatoire international sur les impacts sociétaux de l’intelligence artificielle et du numérique.
- National Bank of Canada
Génie informatique et génie logiciel