{"id":82992,"date":"2023-10-18T15:00:09","date_gmt":"2023-10-18T04:00:09","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=82992"},"modified":"2023-10-18T15:12:57","modified_gmt":"2023-10-18T04:12:57","slug":"the-impact-of-artificial-intelligence-on-cyber-offence-and-defence","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/","title":{"rendered":"The impact of artificial intelligence on cyber offence and defence"},"content":{"rendered":"
<\/figure>\n

To make cyberspace more defensible\u2014a goal championed by Columbia University<\/a> and called for in the 2023 US National Cybersecurity Strategy<\/a>\u2014innovations must not just strengthen defences, but give a sustained advantage to defenders relative to attackers.<\/p>\n

Artificial intelligence has the potential to be a game-changer for defenders. As a recent Deloitte report<\/a> put it, \u2018AI can be a force multiplier, enabling security teams not only to respond faster than cyberattackers can move but also to anticipate these moves and act in advance\u2019.<\/p>\n

Yet this is no less true if we switch it around: AI can enable cyberattackers to move faster than defenders can respond.<\/p>\n

Even the best defensive advances have been quickly overtaken by greater leaps made by attackers, who have long had the systemic advantage in cyberspace<\/a>. As security expert Dan Geer said in 2014<\/a>, \u2018Whether in detection, control or prevention, we are notching personal bests, but all the while the opposition is setting world records\u2019. Most dishearteningly, many promising defences\u2014such as \u2018offensive security\u2019 to crack passwords or scan networks for vulnerabilities\u2014have ended up boosting attackers more than defenders.<\/p>\n

For AI to avoid this fate, defenders, and those that fund new research and innovation, must remember that AI is not a magic wand that grants lasting invulnerability. For defenders to win the cybersecurity<\/a> arms race<\/a> in AI<\/a>, investments must be constantly refreshed and well targeted to stay ahead of threat actors\u2019 own innovative use of AI.<\/p>\n

It\u2019s hard to assess which side AI will assist more, the offense or the defence, since each is unique. But such apples-to-oranges comparisons can be clarified using two widely used frameworks.<\/p>\n

The US National\u00a0Institute of Standards and Technology\u2019s Cybersecurity Framework<\/a> can be used to highlight the many ways AI can help defence, while the Cyber Kill Chain<\/a> framework, developed by Lockheed Martin, can do the same for AI\u2019s uses by attackers.<\/p>\n

This more structured approach can help technologists and policymakers target their investments and ensure that AI doesn\u2019t follow the path of so many other technologies, nudging along defenders but turbocharging the offence.<\/p>\n

Gains from AI for the defence<\/strong><\/p>\n

The NIST framework is an ideal architecture to cover all the ways AI might aid defenders. Table 1, while not meant to be a complete list, serves as an introduction.<\/p>\n

Table 1: Using the NIST framework to categorise AI advantages for defenders<\/strong><\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
NIST framework function<\/strong><\/td>\nWays AI might radically improve defence<\/strong><\/td>\n<\/tr>\n
Identify<\/td>\n\u2013 Rapid automated discovery of an organisation\u2019s devices and software<\/td>\n<\/tr>\n
\u2013 Easier mapping of an organisation\u2019s supply chain and its possible vulnerabilities and points of failure<\/td>\n<\/tr>\n
\u2013 Identification of software vulnerabilities at speed and scale<\/td>\n<\/tr>\n
Protect<\/td>\n\u2013 Reduce demand for trained cyber defenders<\/td>\n<\/tr>\n
\u2013 Reduce skill levels necessary for cyber defenders<\/td>\n<\/tr>\n
\u2013 Automatically patch software and associated dependencies<\/td>\n<\/tr>\n
Detect<\/td>\n\u2013 Rapidly spot attempted intrusions by examining data at scale and speed, with few false-positive alerts<\/td>\n<\/tr>\n
Respond<\/td>\n\u2013 Vastly improved tracking of adversary activity by rapidly scanning logs and other behaviour<\/td>\n<\/tr>\n
\u2013 Automatic ejection of attackers, wherever found, at speed<\/td>\n<\/tr>\n
\u2013 Faster reverse-engineering and de-obfuscation, to understand how malware works to more quickly defeat and attribute it<\/td>\n<\/tr>\n
\u2013 Substantial reduction in false-positive alerts for human follow-up<\/td>\n<\/tr>\n
Recover<\/td>\n\u2013 Automatically rebuild compromised infrastructure and restore lost data with minimum downtime<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Even though this is just a subset, there are still substantial gains, especially if AI can drastically reduce the number of highly skilled defenders. Unfortunately, most of the other gains are directly matched by corresponding gains to attackers.<\/p>\n

Gains from AI for the offence<\/strong><\/p>\n

While the NIST framework is the right tool for the defence, Lockheed Martin\u2019s Cyber Kill Chain is a better framework for assessing how AI might boost the attacker side of the arms race, an idea earlier proposed<\/a> by American computer scientist Kathleen Fisher. (MITRE ATT&CK<\/a>, another offence-themed framework, may be even better but is substantially more complex than can be easily examined in a short article.)<\/p>\n

Table 2: Using the Cyber Kill Chain framework to categorise AI advantages for attackers<\/strong><\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Phase of Cyber Kill Chain framework<\/strong><\/td>\nWays AI might radically improve offence<\/strong><\/td>\n<\/tr>\n
Reconnaissance<\/td>\n\u2013 Automatically find, purchase and use leaked and stolen credentials<\/td>\n<\/tr>\n
\u2013 Automatically sort to find all targets with a specific vulnerability (broad) or information on a precise target (deep; for example, an obscure posting that details a hard-coded password)<\/td>\n<\/tr>\n
\u2013 Automatically identify supply-chain or other third-party relationships that might be affected to impact the primary target<\/td>\n<\/tr>\n
\u2013 Accelerate the scale and speed at which access brokers can identify and aggregate stolen credentials<\/td>\n<\/tr>\n
Weaponisation<\/td>\n\u2013 Automatically discover software vulnerabilities and write proof-of-concept exploits, at speed and scale<\/td>\n<\/tr>\n
\u2013 Substantially improve obfuscation, hindering reverse-engineering and attribution<\/td>\n<\/tr>\n
\u2013 Automatically write superior phishing emails, such as by reading extensive correspondence of an executive and mimicking their style<\/td>\n<\/tr>\n
\u2013 Create deepfake audio and video to impersonate senior executives in order to trick employees<\/td>\n<\/tr>\n
Delivery, exploitation and installation<\/td>\n\u2013 Realistically interact in parallel with defenders at many organisations to convince them to install malware or do the attacker\u2019s bidding<\/td>\n<\/tr>\n
\u2013 Generating false attack traffic to distract defenders<\/td>\n<\/tr>\n
Command and control<\/td>\n\u2013 Faster breakout: automated privilege escalation and lateral movement<\/td>\n<\/tr>\n
\u2013 Automatic orchestration of vast numbers of compromised machines<\/td>\n<\/tr>\n
\u2013 Ability for implanted malware to act independently without having to communicate back to human handlers for instructions<\/td>\n<\/tr>\n
Actions on objectives<\/td>\n\u2013 Automated covert exfiltration of data with a less detectable pattern<\/td>\n<\/tr>\n
\u2013 Automated processing to identify, translate and summarise data that meets specified collection requirements<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Again, even though this is just a likely subset of the many ways AI will aid the offence, it demonstrates the advantage that it can bring, especially when the categories are combined.<\/p>\n

Analysis and next steps<\/strong><\/p>\n

Unfortunately, general-purpose technologies have historically advantaged the offence, since defenders are spread out within and across organisations, while attackers are concentrated. To deliver their full benefit, defensive innovations usually need to be implemented in thousands of organisations (and sometimes by billions of people), whereas focused groups of attackers can incorporate offensive innovations with greater agility.<\/p>\n

This is one reason why AI\u2019s greatest help to the defence may be in reducing the number of cyber defenders required and the level of skills they need.<\/p>\n

The US alone needs hundreds of thousands of additional cybersecurity workers\u2014positions that are unlikely ever to be filled. Those who are hired will take years to build the necessary skills to take on advanced attackers. Humans, moreover, struggle with complex and diffuse tasks like defence at scale.<\/p>\n

As more organisations move their computing and network tasks to the cloud, the major service providers will be well placed to concentrate AI-driven defences. The scale of AI might completely revolutionise defence, not just for the few that can afford advanced tools but for everyone on the internet.<\/p>\n

The future is not written in stone but in code. Smart policies and investments now can make a major difference to tip the balance to the defence in the AI arms race. For instance, the US Defense Advanced Research Projects Agency\u2014responsible for the development of technologies for use by the military\u2014is making transformative investments, apparently having learned from experience.<\/p>\n

In 2016, DARPA hosted the final round of its Cyber Grand Challenge<\/a> to create \u2018some of the most sophisticated automated bug-hunting systems ever developed\u2019. But these computers were playing offence as well as defence. To win, they \u2018needed to exploit vulnerabilities<\/a> in their adversaries\u2019 software\u2019 and hack them. Autonomous offensive systems may be a natural investment for the military, but unfortunately would boost the offence\u2019s advantages.<\/p>\n

DARPA\u2019s new experiment, the AI Cyber Challenge<\/a>, is purely defensive\u2014with no offensive capture-the-flag component\u2014\u2018to leverage advances in AI to develop systems that can automatically secure the critical code that underpins daily life\u2019. With nearly US$20 million of prize money, and backed by leading companies in AI (Anthropic, Google, Microsoft and OpenAI), this DARPA challenge could revolutionise software security.<\/p>\n

These two challenges encapsulate the dynamics perfectly: technologists and policymakers need to invest so that defensive AIs are faster at finding vulnerabilities and patching them and their associated dependencies within an enterprise than offensive AIs are at discovering, weaponising and exploiting those vulnerabilities.<\/p>\n

With global spending on AI for cybersecurity<\/a> forecast to increase by US$19 billion between 2021 and 2025, the opportunity to finally give the defence an advantage over the offence has rarely looked brighter.<\/p>\n","protected":false},"excerpt":{"rendered":"

To make cyberspace more defensible\u2014a goal championed by Columbia University and called for in the 2023 US National Cybersecurity Strategy\u2014innovations must not just strengthen defences, but give a sustained advantage to defenders relative to attackers. …<\/p>\n","protected":false},"author":1834,"featured_media":82997,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[1291,391,713,2138,1114],"class_list":["post-82992","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-artificial-intelligence","tag-cyber","tag-cyberattack","tag-cybersecurity","tag-defence","dinkus-of-minds-and-machines-an-ai-series"],"acf":[],"yoast_head":"\nThe impact of artificial intelligence on cyber offence and defence | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The impact of artificial intelligence on cyber offence and defence | The Strategist\" \/>\n<meta property=\"og:description\" content=\"To make cyberspace more defensible\u2014a goal championed by Columbia University and called for in the 2023 US National Cybersecurity Strategy\u2014innovations must not just strengthen defences, but give a sustained advantage to defenders relative to attackers. ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-18T04:00:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-18T04:12:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1306804009.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"713\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jason Healey\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jason Healey\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1306804009.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1306804009.jpg\",\"width\":1000,\"height\":713},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/\",\"name\":\"The impact of artificial intelligence on cyber offence and defence | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/#primaryimage\"},\"datePublished\":\"2023-10-18T04:00:09+00:00\",\"dateModified\":\"2023-10-18T04:12:57+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/665aad934106dd213cb49cb32ab8c2d4\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The impact of artificial intelligence on cyber offence and defence\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/665aad934106dd213cb49cb32ab8c2d4\",\"name\":\"Jason Healey\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d840e1f98a50a7a68d266dea559f7319?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d840e1f98a50a7a68d266dea559f7319?s=96&d=mm&r=g\",\"caption\":\"Jason Healey\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/jason-healey\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The impact of artificial intelligence on cyber offence and defence | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/","og_locale":"en_US","og_type":"article","og_title":"The impact of artificial intelligence on cyber offence and defence | The Strategist","og_description":"To make cyberspace more defensible\u2014a goal championed by Columbia University and called for in the 2023 US National Cybersecurity Strategy\u2014innovations must not just strengthen defences, but give a sustained advantage to defenders relative to attackers. ...","og_url":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2023-10-18T04:00:09+00:00","article_modified_time":"2023-10-18T04:12:57+00:00","og_image":[{"width":1000,"height":713,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1306804009.jpg","type":"image\/jpeg"}],"author":"Jason Healey","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Jason Healey","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1306804009.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/10\/GettyImages-1306804009.jpg","width":1000,"height":713},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/","url":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/","name":"The impact of artificial intelligence on cyber offence and defence | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/#primaryimage"},"datePublished":"2023-10-18T04:00:09+00:00","dateModified":"2023-10-18T04:12:57+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/665aad934106dd213cb49cb32ab8c2d4"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"The impact of artificial intelligence on cyber offence and defence"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/665aad934106dd213cb49cb32ab8c2d4","name":"Jason Healey","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d840e1f98a50a7a68d266dea559f7319?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d840e1f98a50a7a68d266dea559f7319?s=96&d=mm&r=g","caption":"Jason Healey"},"url":"https:\/\/www.aspistrategist.ru\/author\/jason-healey\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/82992"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1834"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=82992"}],"version-history":[{"count":19,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/82992\/revisions"}],"predecessor-version":[{"id":83039,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/82992\/revisions\/83039"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/82997"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=82992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=82992"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=82992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}