Byย Jeremy Straub, North Dakota State University
The next major cyberattack could involve artificial intelligence (AI) systems. It could even happen soon: at a recent cyber security conference, 62 industry professionals, out of the 100 questioned, said they thought the first AI-enhanced cyberattack could come in the next 12 months.
This doesnโt mean robots will be marching down Main Street. Rather, artificial intelligence will make existing cyber attack efforts โย things like identity theft, denial-of-service attacks and password cracking โ more powerful and more efficient. This is dangerous enough โย this type of hacking can steal money, cause emotional harm and even injure or kill people. Larger attacks can cut power to hundreds of thousands of people, shut down hospitals and even affect national security.
As a scholar who has studied AI decision-making, I can tell you that interpreting human actions is still difficult for AIโs and that humans donโt really trust AI systems to make major decisions. So, unlike in the movies, the capabilities AI could bring to cyber attacks โย and cyber defence โย are not likely to immediately involve computers choosing targets and attacking them on their own.People will still have to create attack AI systems, and launch them at particular targets.
But nevertheless, adding AI to todayโs cyber crime and cyber security world will escalate what is already a rapidly changing arms race between attackers and defenders.
Beyond computersโ lack of need for food and sleep โย needs that limit human hackersโ efforts, even when they work in teams โย automation can make complex attacks much faster and more effective.
To date, the effects of automation have been limited. Very rudimentary AI-like capabilities have for decades given virus programs the ability to self-replicate, spreading from computer to computer without specific human instructions. In addition, programmers have used their skills to automate different elements of hacking efforts. Distributed attacks, for example, involve triggering a remote program on several computers or devices to overwhelm servers. The attack that shut down large sections of the internet in October 2016 used this type of approach. In some cases, common attacks are made available as a script that allows an unsophisticated user to choose a target and launch an attack against it.
AI, however, could help human cybercriminals customise attacks. Spearphishing attacks, for instance, require attackers to have personal information about prospective targets, details like where they bank or what medical insurance company they use. AI systems can help gather, organise and process large databases to connect identifying information, making this type of attack easier and faster to carry out. That reduced workload may drive thieves to launch lots of smaller attacks that go unnoticed for a long period of time โย if detected at all โย due to their more limited impact.
AI systems could even be used to pull information together from multiple sources to identify people who would be particularly vulnerable to attack. Someone who is hospitalised or in a nursing home, for example, might not notice money missing out of their account until long after the thief has gotten away.
AI-enabled attackers will also be much faster to react when they encounter resistance, or when cyber security experts fix weaknesses that had previously allowed entry by unauthorised users. The AI may be able to exploit another vulnerability, or start scanning for new ways into the system โย without waiting for human instructions.
This could mean that human responders and defenders find themselves unable to keep up with the speed of incoming attacks. It may result in a programming and technological arms race, with defenders developing AI assistants to identify and protect against attacks โย or perhaps even AIโs with retaliatory attack capabilities.
Operating autonomously could lead AI systems to attack a system it shouldnโt, or cause unexpected damage. For example, software started by an attacker intending only to steal money might decide to target a hospital computer in a way that causes human injury or death. The potential for unmanned aerial vehicles to operate autonomously has raised similar questions of the need for humans to make the decisions about targets.
The consequences and implications are significant, but most people wonโt notice a big change when the first AI attack is unleashed. For most of those affected, the outcome will be the same as human-triggered attacks. But as we continue to fill our homes, factories, offices and roads with internet-connected robotic systems, the potential effects of an attack by artificial intelligence only grows.
Jeremy Straubย is anย assistant professor of computer science atย North Dakota State University.ย
This article was originally published on The Conversation. Read the original article.
Never miss a story: sign up toย SmartCompanyโsย free daily newsletterย and find our best stories onย Twitter,ย Facebook,ย LinkedInย andย Instagram.
Comments