IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Will Artificial Intelligence Help or Hurt Cyber Defense?

The world seems focused on new developments in artificial intelligence to help with a wide range of problems, including staffing shortages. But will AI help or harm security teams?

shutterstock-artificial-intelligence-ai.jpg
A few months ago, I asked the question: “Are Bots and Robots the Answer to Worker Shortages?

The blog lists plenty of examples of robot breakthroughs. Here are a few more from recent months:

PYMNTS.com: Record Number of Robots Sold to Help Fill Jobs

“The labor shortage triggered by COVID-19 has been a boon to robot sales as businesses scramble to fill jobs amid increasing consumer demands for goods and services post-pandemic.

“Orders for robotics January through October reached 29,000 units for a record $1.48 billion compared to last year’s $1.09 billion, topping 2017’s record for the same time period of $1.47 billion, the Association for Advancing Automation (A3) said in a press release.”

International Business Times: Robots Filling Vacant Jobs Amid Ongoing ‘Great Resignation’

“The U.S. is struggling with a labor shortage that is hobbling its economic recovery, but companies are not sitting still as they work to keep production up and running. As these job vacancies increase, they are turning to automation to pick up any slack.

“Orders for new robots have reached an all-time high in 2021.”

The Guardian: Robots: stealing our jobs or solving labour shortages?

“From fast food to farming, Covid-19 has accelerated the rise of the worker robots. This in turn will put more jobs at risk and makes the need to reframe society ever more urgent.”

Nevertheless, the article from The Guardian also points out:

“There can be no doubt that the pandemic and the associated worker shortage are accelerating the drive toward deploying artificial intelligence, robotics and other forms of automation. In the UK, the trend is being further amplified as Brexit’s impact on the workforce becomes evident. However, the reality is that most of these technologies are unlikely to arrive in time to offer a solution to the immediate challenges faced by employers. …

“Over the course of a decade or more, however, the overall impact of artificial intelligence and robotics on the job market is likely to be significant and in some specific areas the technologies may lead to dramatic change within the next few years. And many workers will soon confront the reality that the encroachment of automation technology will not be limited to the often low-paying and less desirable occupations where worker shortages are currently concentrated. Indeed, many of the jobs that employers are struggling to fill may prove to be highly resistant to automation. At the same time, better-paying positions that workers definitely want to retain will be squarely in the sights as AI and robotics continue their relentless advance.”

Which brings us to the question of AI. The number of current (and future) jobs that can truly be filled by robots will depend on advances in AI — which many are putting under the umbrella of “automation.”

For example, one recent article offers “43 Jobs That’ll Soon Be Lost to Automation”: “Workers have long feared losing jobs to newcomers, but the threat has changed in the digital age, with automated technologies posing a new form of competition. With 2.3 million already present in the global workforce, robots are now projected to supplant 20 million manufacturing jobs by 2030, including 1.5 million in the United States. The shock of a pandemic is expected to accelerate this shift, as industries turn to technology to alleviate financial losses. The jobs that follow are poised to become increasingly automated, including order-taker positions at your local McDonald's.”

More recently, VentureBeat wrote that “Security AI is the next big thing.”

This hostile threat landscape has led organizations such as Microsoft to use AI as part of their internal and external cybersecurity strategy. “We’re seeing this incredible increase in the volume of attacks, from human-operated ransomware through all different kinds of zero-day attacks,” said Ann Johnson, corporate vice president of security, compliance and identity at Microsoft.

One of the most high-profile uses of AI this year occurred at the Olympic Games in Tokyo, when Darktrace AI identified a malicious Raspberry Pi Internet of Things (IoT) device that an intruder had planted into the office of a national sporting body directly involved in the Olympics. The solution detected the device port scanning nearby devices, blocked the connections, and supplied human analysts with insights into the scanning activity so they could investigate further.

“Darktrace was able to weed out that there was something new in the environment that was displaying interesting behavior,” Darktrace Global Chief Information Security Officer Mike Beck said. Beck noted there was a distinct change in behavior in terms of the communication profiles that exist inside that environment.

THE DARK SIDE OF AI


Back in May, I wrote this piece asking, “AI Is Everywhere — Should We Be Excited or Concerned?”

I covered plenty of good, bad and ugly examples of AI in that blog, and I also previewed a talk by Bruce Schneier that he gave at the 2021 RSA Conference. Schneier believes that, initially, AI analysis will favor hackers. “When AIs are able to discover vulnerabilities in computer code, it will be a boon to hackers everywhere,” he said.

Here is that full keynote presentation by Schneier:

Continuing on this theme, Fortune Magazine writes that “Cybersecurity experts warn of A.I.’s drawbacks in combating threats”:

“The large part of the problem, as both experts see it, is that attackers are using A.I. and automation on a less complex but still very effective scale that allows them to exploit flaws in security systems. …

“'The bad guys are crushing many of us in terms of automation,' he said. 'They're getting much, much better at using intelligent systems and A.I. to do reconnaissance, which allows them to narrow down targets very effectively. They're usually using AI to decompose software to figure out where vulnerabilities exist extraordinarily effectively.'

“When asked to offer advice at the conclusion of the event, Roese offered up a simple idea: ‘Don’t view A.I. in the security context as an added feature. You have to treat it as a core component of all things security, just like all things business process or all things application. Don’t compartmentalize it into a specialist team that, in isolation, deals with A.I. Develop and invest in the capability across the entire organization because it’s a tool, and if you don’t use it everywhere, you’re basically leaving something on the table.’”

The Council on Foreign Relations recently wrote about AI code generation and cybersecurity, stating that AI will revolutionize the way that we write computer programs. The U.S. government and industries need to invest in AI as a cybersecurity tool.

I also like this article by Lisa O’Reilly describing how “The Future of Browser Security Lies in AI and Machine Learning”:

“With software becoming more secure and adept at defending against malware, the cyberattack threat environment has shifted towards phishing. But unlike in the past, where these attacks were predominantly email-driven, hackers are now focused on multiple channels such as mobile devices, apps, and web pages. Since phishing is a human problem that exploits emotions and deals with the psychology of fear and uncertainty, conventional computing methods are not sufficient to defend against them. One of the biggest problems? The browser.”

FINAL THOUGHTS


As I keep coming back to this topic of robots, AI, jobs, the future and cybersecurity, I ponder what current solutions will become problems. What are we creating now that we will later regret? It’s a very difficult topic to get your arms around, and one that I believe we need to keep re-examining.

The Pew Research Center wrote this detailed article earlier this year which describes their worries in AI:

“A large number of respondents argued that geopolitical and economic competition are the main drivers for AI developers, while moral concerns take a back seat. A share of these experts said creators of AI tools work in groups that have little or no incentive to design systems that address ethical concerns.

"Some respondents noted that, even if workable ethics requirements might be established, they could not be applied or governed because most AI design is proprietary, hidden and complex. How can harmful AI 'outcomes' be diagnosed and addressed if the basis for AI “decisions” cannot be discerned? Some of these experts also note that existing AI systems and databases are often used to build new AI applications. That means the biases and ethically troubling aspects of current systems are being designed into the new systems. They say diagnosing and unwinding the pre-existing problems may be difficult if not impossible to achieve.”

What do you think? What excites you most about AI? What worries you most about AI?

I started a LinkedIn discussion on this topic recently, and I hope you join in.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.