Our digital society thrives on the successes of science and technology. Connected devices, and the information that flows through them, are everywhere. Megatrends, like the accelerated pace of innovation and rapid urbanization, will transform our economies and culture. But technological progress is not reserved for the good guys. Digital dependency on a shared infrastructure invites the bad guys in as well.

Boris Balacheff, Chief Technologist for Security Research and Innovation at HP, describes the challenge: “The more machines, the more critical our cyber-security problem becomes. Increased attacker sophistication means devices are now attacked at the deepest levels, including firmware and embedded software. In this new threat landscape, we cannot just rely on manual human intervention. We have to change the paradigm.”

For Balacheff and many other experts, this means mapping out a smarter security game plan for the age of distributed devices. Traditional perimeter and software-centric endpoint security will not suffice. Their first line of defense: “self-healing” capabilities at the machine hardware level; not only to detect when they’re under attack, but also to shut off and restore the system to a clean working state without human intervention. Response must be quick, as breaches can now have massive economic, social and geo-political ramifications.

Daniel Dobrygowski, Head of Governance and Policy for the World Economic Forum Centre for Cybersecurity says, “Imagine a future where quantum computing – magnitudes faster than today’s machines – is used only by those who can build, buy, or steal the technology. The competitive advantage for the quantum-enabled companies and countries would be massive. They would have the ability to decide how and whether to share the upsides or launch sophisticated digital attacks not even imaginable today.”

For Balacheff, the only way to compete with attackers is to rethink their design. “We need to move from designing machines with simple protection mechanisms to designing devices with ‘cyber-resilience’ right from the beginning of the hardware and firmware design. This means building machines that can autonomously fight off a growing family of debilitating hardware and firmware attacks. It means engineering in new security architecture constructs for resilience at the device design level. We won’t be able to bolt it on after the fact.”

This means changing the historical architecture of the machine. Case in point: today, it typically takes months before a software compromise is detected. It’s then days or weeks (if at all) before a compromised machine can be stabilized. Self-healing machines give us a chance to fight emerging threats by being able to recover and update machines at scale, from the hardware up, without the wait.

Consider the human body: it’s not designed to squelch all attacks, but it can repair itself when damage occurs. Mechanical self-healing likewise aims to create a system that continually checks and optimizes its own state, and responds quickly to changing conditions. Self-healing machines can address threats that start at their own deepest levels, via behavioral analytics techniques that gauge how the machine should run compared to how it’s actually running. Spotting a suspiciously odd action or pattern triggers a signal to clean up the machine.

For twenty years, HP Labs has been reinventing computer security for the modern day. Its latest step in innovation brings design for cyber-resilience down to the hardware level. In PCs, HP designs machines with hardware-enforced security monitoring, detection and automatic secure device recovery with HP Sure Run and HP Sure Recover. HPs Enterprise printers integrate a four-part self-healing approach: HP Sure Start (checks the BIOS code and, if compromised, self-heals to a good state); whitelisting (authenticates firmware during startup to determine if it is running legit code); run-time intrusion detection (monitors memory activity continually to detect and stop attacks) and Connection Inspector (detects suspicious network behavior, a key signal of malware).

As cybercriminals continue to innovate, HP believes the industry will likewise need to continue reinventing device security. As attackers invest in new capabilities, like artificial intelligence, so too should the inventors of tomorrow’s device security architectures. The design of self-healing machines cannot just be reactive, responding to attacks that it detects. Instead, it must become proactive – machines must be designed to spot and fix their own flaws before someone else does. They’ll need to think ahead a few moves — a game of three-dimensional chess against intruders.

“In the age of smart cities, artificial intelligence, and mobile-first communities, the road to a successful digital future leads through security,” according to the World Economic Forum’s Global Centre for Cybersecurity and the UC Berkeley Center for Long Term Cybersecurity. “It will require trust and a concerted effort by law enforcement, the private sector, the public sector, and civil society. We hope to identify ways in which we can prepare and work together through public-private partnership to build a safer cyberspace.”

International governments and private industry will need to work cooperatively to meet the many challenges emerging at the intersection of innovation and security for the public good. Breakthroughs like 3D digital printing, personalized healthcare, or AI and machine learning hard-wired into ubiquitous devices all require a high level of security to assure the safety of our cyber-physical future.

The good news is that the effort and expense of self-healing machines will pay off across a broad range of use. They could reduce the load of supporting past products that still require security updates. They could detect signs of normal wear and tear early enough to predict coming malfunctions. In fact, some IoT devices are already connected to ultrasonic and vibration sensors, which lets a monitoring system elsewhere predict problems based on sound anomalies.

Self-healing machines may never be trusted to guard themselves — many companies will want a human in the loop — but they are an essential component of any plan. “We need to continue to reinvent the security of the machines that we will depend upon for years to come,” said Balacheff. “It’s our only way to win.”