AI in Cyberspace

Artificial intelligence (AI) stands as a potential game-changer for defenders. As highlighted in a recent Deloitte report, AI can act as a force multiplier, enabling security teams to not only respond swiftly to cyber threats but also to predict and preempt these actions.

However, the flip side is equally true: AI can empower cyber attackers to outpace defenders. In the ever-evolving landscape of cybersecurity, even the most remarkable defensive strides can be quickly eclipsed by the leaps taken by attackers, who have historically enjoyed a systemic advantage in cyberspace. As noted by security expert Dan Geer in 2014, while we notch personal bests in detection, control, and prevention, the opposition is setting world records. Alarmingly, many promising defenses, such as "offensive security" for password cracking or network vulnerability scanning, have unintentionally favored attackers.

To ensure that AI does not fall into this trap, defenders and their supporters must recognize that AI is not a magical solution guaranteeing eternal invulnerability. To win the AI-driven cybersecurity race, investments must be continuous and well-directed, staying ahead of threat actors' innovative use of AI.

It's challenging to predict whether AI will primarily assist offense or defense since each domain is distinct. However, this conundrum can be clarified through two widely recognized frameworks.

The US National Institute of Standards and Technology's Cybersecurity Framework serves as an ideal tool to elucidate the manifold ways in which AI can enhance defense. The table below, though not exhaustive, introduces some of these aspects:

Categorizing AI Advantages for Defenders Using the NIST Framework

NIST Framework Function Ways AI Can Significantly Improve Defense

Identify

• Rapid automated discovery of an organization's devices and software
• Simplified mapping of an organization's supply chain, identifying vulnerabilities and failure points
• Swift identification of software vulnerabilities at scale Protect
• Reduced demand for highly trained cyber defenders
• Lower skill requirements for cyber defenders
• Automatic software patching and dependency updates

Detect

• Swift detection of intrusion attempts through comprehensive data analysis Respond
• Enhanced tracking of adversary activities through rapid log scanning
• Automatic ejection of attackers and faster reverse-engineering
• Reduced false-positive alerts Recover
• Automated infrastructure recovery and data restoration with minimal downtime

While this is just a partial list, there are substantial gains, particularly if AI can reduce the need for highly skilled defenders. Unfortunately, most gains also offer advantages to attackers.

On the offensive side, Lockheed Martin's Cyber Kill Chain framework is a more fitting tool to assess how AI may empower attackers. This framework, suggested by American computer scientist Kathleen Fisher, allows us to explore AI's potential contributions to attackers more comprehensively.

Categorizing AI Advantages for Attackers Using the Cyber Kill Chain Framework

Phase of Cyber Kill Chain Framework Ways AI Can Significantly Improve Offense

• Automated discovery and use of leaked or stolen credentials
• Identification of targets with specific vulnerabilities
• Automatic identification of third-party relationships
• Accelerated credential aggregation Weaponization
• Automated discovery of software vulnerabilities and proof-of-concept exploit creation
• Enhanced obfuscation, impeding reverse-engineering
• Automatic generation of convincing phishing emails
• Deepfake audio and video for impersonation Delivery, exploitation, and installation
• Realistic interaction with defenders
• Generation of false attack traffic Command and control
• Automated privilege escalation and lateral movement
• Orchestration of compromised machines
• Autonomous operation of implanted malware Actions on objectives
• Covert data exfiltration
• Automated data processing and summarization

Again, this list only represents a subset of the many ways AI can aid attackers, demonstrating the advantages it offers when these categories are combined.

Historically, general-purpose technologies have favored attackers due to their concentration and agility, while defenders are dispersed. For defensive innovations to reach their full potential, they need widespread adoption, a process that often involves numerous organizations and individuals. In contrast, attackers can swiftly incorporate offensive innovations into their tactics.

This is why AI's greatest contribution to defense may be in reducing the number of required cyber defenders and the level of expertise they need. The demand for cybersecurity professionals continues to outstrip supply, and training these experts is a time-consuming process. Additionally, human defenders face challenges when dealing with complex, widespread defense tasks.

As organizations increasingly shift their operations to the cloud, major service providers are well-positioned to centralize AI-driven defenses, potentially revolutionizing cybersecurity for a broader audience. The future of cybersecurity lies not in preordained fate but in the code. Thoughtful policies and investments can significantly tip the scales in favor of defenders in the AI arms race.

The US Defense Advanced Research Projects Agency (DARPA) exemplifies this approach with its AI Cyber Challenge, a purely defensive initiative aimed at leveraging AI to secure critical code that underpins daily life. This challenge, backed by leading AI companies, has the potential to transform software security.

These two challenges encapsulate the dynamics perfectly: technologists and policymakers must invest in defensive AI systems that can rapidly identify vulnerabilities, patch them, and secure dependencies before offensive AI can discover, weaponize, and exploit these vulnerabilities.

#business ?#share ?#cybersecurity ?#cyber ?#cybersecurityexperts ?#cyberdefence ?#cybernews ?#cybersecurity ??#blackhawkalert ?#cybercrime ?#essentialeight ?#compliance ?#compliancemanagement ?#riskmanagement ?#cyberriskmanagement ?#acsc ?#cyberrisk ?#australiansmallbusiness ?#financialservices ?#cyberattack ?#malware ?#malwareprotection ?#insurance ?#businessowners ?#technology ?#informationtechnology ?#transformation ?#security ?#business ?#education ?#data ?#consulting ?#webinar ?#smallbusiness ?#leaders ?#australia ?#identitytheft ?#datasecurity ?#growth ?#team ?#events ?#penetrationtesting ?#securityprofessionals ?#engineering ?#infrastructure ?#testing ?#informationsecurity ?#cloudsecurity ?#management ?