Artificial intelligence offers promise – and peril – in cyberthreat landscape: US national security official
Threats – which could come in the form of malware, ransomware, or even information campaigns – are becoming more sophisticated and are targeted at governments, businesses and individuals.
SINGAPORE: Artificial intelligence (AI) is a double-edged sword for cybersecurity, given its potential to anticipate potential threats and at the same time give adversaries more tools to penetrate systems, said a United States national security official.
“AI really does bring peril, but also promise in the area of cybersecurity,” said Ms Anne Neuberger, deputy national security advisor for cyber and emerging technology at the United States National Security Council, on Wednesday (Oct 18). The council is the US president's principal forum for national security and foreign policy decision making.
AI could help the council more quickly find anomalous activity, she told CNA on the sidelines of the Singapore International Cyber Week held from Monday to Thursday.
“We see AI potentially help us both generate more secure code, find vulnerabilities in code and accelerate development of patches," she said.
GROWING CYBERSECURITY RISKS
The US is already using AI to its advantage. It has launched efforts that bring together defensive hackers from around the world, “so that the defensive use of AI to combat cyber attacks and cybercrime is one step ahead of offensive activity”.
On the flipside, the technology could also be used to “find vulnerabilities and generate malicious software more rapidly, and then generate more targeted cyberattacks and potential multi-step cyberattacks”, cautioned Ms Neuberger.
This comes as cybersecurity risks grow across the world.
Threats, which could come in the form of malware, ransomware, or even information campaigns, are becoming more sophisticated and are targeted at governments, businesses and individuals, according to observers.
Nations’ state-backed cyberattacks have been on the rise, with China, Iran, North Korea and Russia being called out for their actions over the last couple of years.
"The threats that countries bring in cyberspace is a real one," said Ms Neuberger, adding that cybercrime is disrupting companies, hospitals and other organisations around the world, and affecting the vulnerable population.
MORE COUNTRIES TACKLING CYBERTHREATS
Countries across the world are now more aware that attackers can disrupt or take down their cyber infrastructure, and are trying to combat these cyber risks.
In March, the US, for instance, unveiled its national cybersecurity strategy to strengthen the country's ability to fend off threats.
This involves ensuring that the most capable and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk and realigning incentives to favour long-term investments in cybersecurity.
Part of the national strategy includes boosting technology governance to make tech companies more accountable for their actions, while ensuring fair competition and enhancing privacy protections.
“The first piece starts with encouraging companies who are building tech to build more secure technology,” said Ms Neuberger, adding that tightening partnership among countries and getting them to share threat information upon discovery are also crucial to taking down disruptive activities.
ELECTION INTERFERENCE, DISINFORMATION A CONCERN
Election interference and disinformation are also a concern when it comes to cybersecurity threats, said Ms Neuberger.
Deepfake videos and other deceptive uses of AI have been used to spread misinformation and influence elections around the world.
In the US, about half of Americans believe AI will hurt the presidential election next year, according to a poll by media firm Axios and intelligence company Morning Consult. These respondents expect misinformation spread by AI to impact who wins the White House race.
“Elections are truly the crown jewel of democracies,” said Ms Neuberger.
“So we work closely with democracies around the world to help ensure that election infrastructure can withstand those cybersecurity threats. It's certainly a priority.”
She added that it is important to educate voters to scrutinise what they see online, particularly related to election information.
“We are concerned about AI-driven disinformation, deepfakes, and the scope and scale of what's possible,” said Ms Neuberger, adding that the US has been working with AI companies on watermarking or marking content that is AI-generated to help users.
Meanwhile, the Biden administration has been working to secure infrastructure, banks, utilities and hospitals against cyberattacks.
“I think what's really important is that everything starts with defence,” said Ms Neuberger.
“Fundamentally, one needs to combine defensive and offensive strategy, but using any offensive capabilities requires being able to really defend one's networks first, and that's really been the reason the strategy has put so much focus on securing critical services.”
