The decision by the National Security Agency (NSA) to consolidate its sprawling AI-related national security efforts within a single entity is a smart move at a time when other nation-state and financially driven threat groups are rapidly integrating the advanced technology into their own activities, according to cybersecurity professionals.
During a talk at the National Press Club late last week, Army Gen. Paul Nakasone, the outgoing NSA director, announced the creation of the AI Security Center, which will house the work with AI that is being done throughout national security operations and will reach out to the national laboratories, the private sector, academic institutions, and “select foreign partners.”
Going forward, it will be critical for the United States to maintain its edge in AI as the technology evolves, said Nakasone, who also heads U.S. Cyber Command and is chief of the Central Security Service.
“AI will be increasingly consequential for national security in diplomatic, technological and economic matters for our country and our allies and partners,” he said, according to the Department of Defense (DoD). “Today, the U.S. leads in this critical area, but this lead should not be taken for granted.”
Adversaries “who have for decades used theft and exploitation of our intellectual property to advance their interests will seek to co-opt our advances in AI and corrupt our application of it,” he said.
The AI Arms Race
This comes at a time when bad actors are using AI-based threats like FraudGPT and WormGPT in their activities and other countries like China, Russia, and North Korea also are beginning to leverage the technology in their state-sponsored attacks.
“We’re entering a new era of threats in which defensive cyber AI is necessary to defend against the growing threat of adversarial AI,” Nicole Carignan, vice president of strategic cyber AI at Darktrace, told Techstrong.ai. “Today, the use of AI among threat actors is in its infancy but we do know that our adversaries will learn and apply new AI enabled techniques and it will lower the barrier to entry for attackers.”
In such an environment, pulling the various AI-related security efforts under one roof makes sense and will aid the NSA with its evolving threat-sharing model, which includes the agency being the central source for accurate and reliable threat intelligence, according to Landen Brown, federal CTO at Symmetry Systems.
“While every organization has different architectures and systems, advanced adversaries often re-use TTPs [tactics, techniques, and procedures] for their campaigns,” Brown told Techstrong.ai. “Having an extremely experienced and capable agency focusing on creating threat intelligence to thwart adversary action is a force multiplier.”
DoD Embraces AI
AI is rapidly becoming a key part of the larger national security picture that is emerging. The Department of Defense (DoD) released its Responsible AI Strategy and Implementation Pathway report and in January updated its 2012 directive for responsibly developing autonomous weapon systems to align with its AI standards.
Other examples include DARPA, the U.S. military’s research, hosting a two-year competition called the AI Cyber Competition to drive innovation to create the next generation of AI-based cybersecurity tools. In addition, the Pentagon is turning to AI and automation to help the country counter China’s growing military capabilities.
“Traditional defenses cannot and will not keep up and everyone, whether businesses or nation states, will need the right mix of AI-based tools and policies in place to protect against this new era of threats,” Darktrace’s Carignan said. “Sophisticated AI applications with a deep understanding of the organization or network can provide high fidelity novel threat detection as well as surgical responses to contain a breach or incident in machine speed, they will be vital to that mix.”
Consolidation is Key
Consolidating disparate AI national security efforts will help, Sajeeb Lohani, director of cybersecurity at Bugcrowd, told Techstrong.ai.
“The reality is that each of these different government organizations are performing their own innovations in different capacities,” Lohani said. “Bringing them all under one umbrella implies that they are able to now use these innovations, cross-functionally, and effectively. Depending on the nature of this collaboration, sharing different types of logs and threats being seen within these departments may also aid with identifying larger trends at play.”
This also will be an “overwhelming win” for the private sector, according to Symmetry’s Brown.
“This means that small to medium businesses, hospitals and other private-sector organizations will be the receiver of some of the most impactful threat intelligence to date,” he said. “With the private sector often serving as a stepping stone into government networks for our adversaries, this is mutually beneficial.”
All this will be important given what’s on the horizon, Carignan said.
“As in all arms races, nation state leaders that quickly adopt innovation excel,” she said. “We have seen several generations of arms race. Today the race is for cyber weaponry and AI-powered cyber weapons will be a seismic shift to the landscape. Not only does the U.S. government need to invest heavily in AI innovation, but they need to be prepared for an AI-powered battlefield, both in kinetic and cyber domains.”