Nation state attacks, the rapid evolution of cybersecurity attacks and the technology behind them pose a sustained risk to the U.K. and its allies unless new defensive capabilities are brought to the fore.
By John E. Dunn
The U.K. must rapidly develop cybersecurity capabilities if it is to hold back cybercriminals energized by nation state programs, new business models in ransomware, and the rapid evolution of artificial general intelligence (AGI), minister of state for security Tom Tugendhat, MP told the CYBERUK conference in Belfast.
Opening the second day of the National Cyber Security Centre (NCSC) annual industry conference, Tugendhat painted a bleak picture. One of threats facing democratic nations from authoritarian regimes willing to invest heavily in disruptive nation state attacks they now see as a tool for geo-political influence.
Chief among these today was ransomware, a type of threat which had democratized cybercrime through platforms that were now available for anyone to hire, he said.
Despite its immense promise, the sudden ascent of artificial intelligence capabilities could amplify the threat level many times over.
“AI can enhance our security, but it can also threaten it. Our AI capabilities will be at the heart of our mission to protect the U.K.,” said Tugendhat.
“The goal of AGI is looking more open and possible. It is difficult to overstate what this would mean for all of us. Super-intelligent computers that learn and develop autonomously would transform our society and our world.”
Through utilizing AI, cybercrime would be able to find and exploit weaknesses in systems as they occurred much more cheaply and rapidly. They could also be used to overwhelm trust gatekeepers such as traditional news sources, flooding democracies with disinformation on a huge scale.
AI Warfare
According to Tugendhat, the war in Ukraine was the first major conflict in which AI was playing a major role, with the country using the technology to rapidly identify patterns of Russian military behavior on a large scale.
“They’re not just finding needles in the haystack but finding out what the haystack itself is saying,” he said.
However, in the medium term there was little stopping countries such as Russia from having access to the same capabilities which would be used to sow chaos alongside a broader sphere of threat types.
“Russia has been trying to invade Ukraine’s cyberspace as much as its physical space. The threat of further fallout from the conflict is very real. We are seeing an overlap of state threats, organized crime, and terrorism brough to together online and offline.”
However, AI also threatened authoritarian regimes with the development of the technology in the U.S. and U.K. as a major capability. To fulfil this, the U.K would need to ensure it could safely be controlled, Tugendhat said.
His message seemed to be that governments would need to intervene in the market through regulation rather than leaving the technology to take its own course.
This would happen, “not in some King Canute-like attempt to stop the inevitable but in a national mission to ensure that as super-intelligence computers arrive, they make the world safer and more secure,” he said.
Diversity In Cyber Call
During the keynote panel discussion that followed Tugendhat’s speech, the issue of human capital emerged in comments made by Bella Powell, director of the recently formed Cyber Directorate in Government Security Group (GSG).
She noted the tendency to focus on technical challenges such as AI, which risked missing the fundamental issue of people. This started with the simple issue of diversity in cyber recruitment which was part of fostering a diversity of thought.
“Despite the fantastic progress we’ve made in this profession we are still chronically lacking in diversity. That’s going to cause us major challenges unless we face up to it.” she said. “We don’t talk as much about reducing the inherent bias we have in our human machinery.”
Tacking this by expanding the talent pool would be an important competitive advantage for countries able to address this issue, she said.
“I’d like to be able to look back in 2033 and say that we fixed that problem.”
Diversity, equity and inclusion (DEI) in cybersecurity is a key focus for (ISC)² as it works to expand the talent pool through education and professional development. A range of DEI resources can be found at https://www.isc2.org/dei.
Military Digitalization
Ukraine was a recurring theme during CYBERUK, with a presentation by Claire Fry, director functional integration – digital, at the U.K. Ministry of Defence (MoD), outlining how this conflict has changed perceptions of digital warfare.
Ukraine had shown how digital and information warfare was now a critical component of every war effort that had been used to hold back a much larger enemy.
Despite the difficult situation the country was in, digital technologies had rapidly become fundamental to the economy and war effort, she said.
“Their aim is to build the most convenient country in the world with no paper, no bureaucracy, and 100 percent of government services online.”
This included electronic ID cards, used to make digital payments to the population even when they were fleeing the effects of war. This had been carefully secured from front to back, enabling data sharing across numerous spheres of government and society.
“This is an example of how digital and cyber advantage have clearly led to strategic advantage and resilience,” said Fry.