In our contemporary, highly interconnected world, the influence of technology and AI has assumed a paramount and influential role, profoundly affecting cybersecurity. While AI can scrutinize vast volumes of data, detect anomalies, and discern suspicious patterns—significantly aiding in identifying previously unknown or intricate threats—concurrently, deploying AI in cybersecurity introduces numerous challenges. Notably, malicious softwares can harness AI to orchestrate more intricate and evasive attacks, evading detection by AI-based security systems. The impact of AI on cybersecurity is multifaceted, offering enhancements in defensive capabilities while introducing fresh complexities.[1]
The advantages of AI in cybersecurity
1. Reduction in human errors
AI-enabled computers make zero errors if programmed correctly, thus leaving no scope for errors and increasing accuracy and precision as the decisions taken by AI in every step are decided by information previously gathered and a particular set of algorithms. An example is decreased human error attributable to AI in robotic surgery systems. These systems can execute intricate procedures with remarkable precision and accuracy, diminishing the potential for human error and enhancing patient safety within the healthcare sector.
2. 24×7 Availability
AI can work endlessly without breaks, think much faster than humans, and perform multiple tasks at a time with accurate results. It can even handle tedious, repetitive jobs easily with the help of AI algorithms. For example, online customer chatbots offer instant services to individuals 24/7.
3. New Inventions
In practically every field, AI is the driving force behind numerous innovations that are helping humans resolve the majority of challenging issues
4. Enhancing Malware Detection
AI is deployed for enhancing malware detection. Through the analysis of extensive datasets, AI can swiftly recognize patterns suggestive of malicious actions, prompting the system to raise alerts for deeper scrutiny. This approach contributes to the swift identification and elimination of new and unfamiliar malware from systems.
5. Spam Filters and Phishing Protection
Phishing is a form of online fraud where deceptive emails are sent, seemingly originating from reputable sources, to deceive individuals into revealing confidential information. This frequently leads to identity theft or data breaches. Artificial Intelligence (AI) plays a crucial role in identifying and preventing spam emails and recognizing phishing attempts before they reach their recipients, thereby allowing for their prompt blocking. AI is rapidly evolving as an essential tool in the battle against cybercrime, and these are only a few examples of how it enhances cybersecurity efforts.
6. Increased Automation
Artificial Intelligence can be used to automate anything involving extreme labour, like various AI-based applications that can automate the recruitment process.
7. Facilitates quick decision-making
AI assists cybersecurity professionals in gathering reliable information and helps in analyzing data and providing valuable insights at a much faster pace than human beings. AI Systems can help organizations allocate resources effectively and develop proactive security strategies.
The drawbacks of AI in cybersecurity
1. False positives
Among the significant drawbacks of utilizing AI in cybersecurity is the potential for false positives. AI-powered security systems rely on machine learning algorithms that analyze historical data. Nonetheless, when these systems encounter novel and unfamiliar threats that deviate from past patterns, it can lead to false positive alerts. These false positives can give rise to alert fatigue, a scenario where security personnel become inundated by numerous false alarms, ultimately causing them to overlook genuine threats.
2. Not cost-effective
Deploying AI-driven security solutions can pose significant costs, particularly for smaller enterprises operating under budget constraints. This technology necessitates specialized hardware, software, and the expertise of professionals for system development and ongoing maintenance.
3. Use of AI by hackers
Hackers can utilize AI to create more sophisticated assaults and avoid detection by AI-based security technologies. Similarly, while neural fuzzing can aid in detecting vulnerabilities, it can also be used by hackers to obtain information about a target system’s flaws.
4. AI can be biased
This implies that the outcomes of these systems may be influenced by the training data they are exposed to. This situation can carry significant security implications since it can result in false negatives, wherein the system does not correctly identify malicious activities.
5. AI Can Make Mistakes
AI systems are not perfect and have the potential to produce false positives, which occur when the system erroneously identifies a benign activity as malicious. Several factors may contribute to these false positives, including incorrect data labelling or the model needs to be more narrowly trained (overfitting). For businesses, false positives can result in significant costs, causing disruptions in operations and productivity losses. While AI can reduce false positives, it’s crucial to note that if mishandled, it could have adverse consequences.
6. No creativity:
AI cannot think outside the box, which is the most significant advantage. AI can learn over time using pre-fed data and previous experiences, but its approach must be more innovative. For example, Quilbot can write different essays and articles, but they need more basic human reasoning and critical understanding.
Organizations must carefully assess the benefits of artificial intelligence (AI) in cybersecurity against the costs and hazards. To provide a layered defence against emerging threats, implementing AI-powered security systems necessitates a complete security strategy that involves other technology and human knowledge. [2]
Cyberattacks and data breaches:
1. Log4Shell Vulnerability
This virus impacted 100s million in 2021, and this zero-day exploit took the security industry by storm before an official CVE identifier could be assigned. This vulnerability sent shockwaves through numerous major infrastructure providers, including Amazon Web Services, Apple’s iCloud, and multiple smaller organizations. Its seriousness was underscored by the Federal Trade Commission (FTC), which issued a warning to companies, urging them to take swift action to address this critical security flaw.
2. DoD & NASA Hacks
This virus attack happened in 2000 and impacted two prominent government organizations in the USA, the Department of Defense (DoD) and NASA, for 21 days. In 1999, a teenage hacker infiltrated the computer systems of both the Department of Defense (DoD) and NASA. During this intrusion, they established backdoor access to the DoD’s servers and acquired software from NASA illicitly, estimated to be valued at approximately $1.7 million.
3. Attack on Saudi Aramco
This famous hack took down the world’s largest oil producers and delayed production in 2012, impacting the wiping of 30,000 computer’ data. The hack took place with a virus known as “Shamoon,” with the sole purpose of finding and destroying data.”
It led to a massive amount of information lost and halted operations at the company. While the cyberattack on Aramco had minimal financial consequences, it stands out as a significant instance where cyberattacks affected the tangible world.
4. Colonial Pipeline Ransomware Attack
In 2021, the most significant attack on oil infrastructure in the United States happened when an oil pipeline system was attacked. The pipeline, managed by Colonial Pipeline, moved gasoline throughout the southeastern part of the United States.
The company was forced to shut down the pipeline after malware infected the system, controlling oil flow through their pipelines.
The consequences of this attack had tangible effects on the real world, particularly in states like Virginia, where 71% of gas stations in Charlotte experienced fuel shortages. Despite the significant adverse outcomes, no formal charges have been filed in connection with the attack, and the perpetrator’s identity remains undisclosed to this day.[3]
5. Islamic Culture and Communication Organization Attack
The hacking incident involving the Iranian hacktivist group known as ‘Uprising till Overthrow’ occurred in July 2022, when they targeted the website and portals of Iran’s Islamic Culture and Communication Organization (ICCO). The attack resulted in the shutdown of six ICCO websites, while 15 others were altered to display images of Massoud Rajaivi, the Iranian Resistance leader. Furthermore, the hackers initiated data destruction on 44 servers and compromised hundreds of computers.
This hacktivist group, believed to have ties to the Albania-based opposition organization Mujahideen-e Khalq (MEK), publicly claimed responsibility for their actions, stating that they had uploaded photographs of Massoud and Maryam Rajavi, leaders of MEK, onto the ICCO’s website. Additionally, the ICCO suffered a significant data loss, including 35 databases containing highly confidential information related to money laundering, espionage, and the whereabouts of individuals linked to terrorist activities overseas.
In a video shared by the hackers, they asserted that they had acquired approximately 200,000 documents, encompassing letters and directives from secret communications with the president’s office, the identities of the organization’s foreign personnel, and a list of the incomes earned by its employees.
6. UK Military Social Media Breach
In July 2022, hackers gained control of the Twitter account belonging to the British Army. During this breach, the British Army’s Twitter account underwent numerous alterations to its name and profile picture. Moreover, the compromised account was employed to promote contests with the aim of winning Angry Apes non-fungible tokens (NFTs), which are pieces of digital art secured on a blockchain. In addition to the Twitter breach, the army’s YouTube page was also hacked, resulting in a name change to ‘Ark Invest.’ The compromised account on YouTube was then used to promote interviews featuring Elon Musk discussing cryptocurrency.[4]
Challenges faced by organizations:
1. Deepfake attacks:
Deepfake technology can generate counterfeit videos or audio recordings that closely mimic authentic content, making it challenging to differentiate between them. Malevolent actors may leverage deepfakes to assume an individual’s identity in a phishing assault. This form of cybercrime collects sensitive information or deceives individuals into engaging in detrimental activities.
2. Denial of service attacks:
Artificial Intelligence also possesses the capacity to facilitate the execution of more advanced and potent distributed denial of service (DDoS) assaults, where numerous systems are employed to inundate a target with traffic.
3. AI phishing attacks:
Cybercriminals employ artificial Intelligence to craft phishing attacks that are increasingly sophisticated and challenging to identify. With the help of AI, malicious actors can rapidly replicate any website and tailor it to closely mimic the original, creating the illusion of genuine access to an internal resource.
4. Skill gap and workforce readiness:
The ever-advancing landscape of AI technology necessitates a proficient workforce capable of creating, deploying, and overseeing AI systems for cybersecurity. Organizations must allocate resources toward training programs and initiatives to mitigate this skill gap and equip cybersecurity experts with the requisite competence in AI. This will ensure their personnel are adequately prepared to leverage AI’s potential in combating cyber threats.[5][6]
AI vs. cybersecurity. Which is better?
AI can improve cybersecurity but can simultaneously be a tool used by hackers for cyberattacks as they can launch more sophisticated attacks by learning from data to understand potential targets and vulnerabilities.
AI can be good or evil, and governments and organizations should understand the risks and benefits and how to prevent cyberattacks before adopting AI into their security strategy.
Therefore, Governments and organizations should invest in AI-based vulnerability management systems. As digital transformation projects increase in number and scale, so will the number of cyberattacks. And as the sophistication of attacks grows, traditional security approaches will become increasingly ineffective.[7]
Ethical considerations in AI-based cybersecurity:
Data privacy and security are critical ethical considerations for cybersecurity professionals in the realm of cybersecurity. Cybersecurity professionals should perform their functions based on moral principles, protect individuals’ sensitive information from cyber threats, and protect users’ privacy and data security.
To maintain system security, cybersecurity experts often require privileged access to data to perform tasks like white hat hacking, also called ethical hacking. White hat hacking involves penetrating secured systems using hacking techniques and tools to assess the security of networks, methods, and software, with the goal of pinpointing vulnerabilities. Engaging in cybersecurity research to understand how to overcome system safeguards allows professionals to develop defences against potential threats.
White hat hacking presents an illustrative case of ethical concerns within the cybersecurity field. It necessitates the trustworthiness of the hacker in upholding the confidentiality of encountered information. A solid moral foundation is a cornerstone, aiding professionals in making ethical choices when confronted with critical cybersecurity dilemmas.
To ensure data privacy and security, robust security mechanisms and provisions must be implemented, a diverse and inclusive dataset must be used, and transparent policies and processes must be established.[8]
Salient provisions of Cyber Laws:
1. Information Technology Act, 2000(INDIA)-
- Section 43 – Penalty for damage to a computer, computer system, etc.– If someone without permission accesses a computer, computer system, or computer network , downloads or extracts data, introduces a computer contaminant or virus, damages or disrupts the system, denies access to authorized users, provides assistance to facilitate access, charges services to another user’s account, destroys or alters information, or steals or conceals computer source code with the intention to cause damage, they will be liable to pay damages by way of compensation to the affected person not exceeding 1 crore rupees. This includes tampering with the system, destroying or altering information, or stealing or concealing source code.[9]
- Section 65 – Tampering with the computer’s source code documents– This provision pertains to an individual who knowingly conceals, modifies, or deletes any computer source code utilized in a computer, program, system, or network when legal obligations mandate the preservation of said source code. It also extends to any person who induces another to engage in such actions. Violations may result in imprisonment for a maximum of three years or a fine of up to two lakh rupees, or both in specific instances.[10]
- Section 66 – Hacking of a Computer System– This provision addresses individuals engaged in computer system intrusions. Intrusion entails the deliberate or knowing act of causing harm or loss to the public or another individual, as well as the destruction or removal of data stored in a computer resource, diminishing its usefulness or worth, or causing harm through any means. Violations may result in a prison sentence of up to three years or a fine of up to two lakh rupees, or both, in specific circumstances.[11]
2. United States of America-
- Health Insurance Portability and Accountability Act (HIPAA) (1996): Enacted by the 104th United States Congress, HIPAA was designed to oversee and modernize the flow of medical and healthcare information. Violations of this legislation carry penalties ranging from $50 to $50,000 per record, along with potential prison sentences of 1 to 10 years.
- Gramm-Leach-Bliley Act (1999): Passed by the 106th United States Congress, the Gramm-Leach-Bliley Act mandates that financial institutions, such as those offering loans, financial advice, or insurance, must disclose their information-sharing policies to clients and safeguard sensitive data. Violators of this act face a maximum fine of $100,000 and a maximum prison term of 5 years.
- Homeland Security Act (2002): The Homeland Security Act incorporates the Federal Information Security Management Act (FISMA), recognizing the critical importance of information security to the economic and national security interests of the United States.
3. European Union-
- European Union Agency for Cybersecurity (ENISA): ENISA serves as a regulatory body tasked with (i) outlining recommended procedures for addressing security breaches, (ii) establishing policies and facilitating their implementation, and (iii) providing direct assistance.
- NIS Directive: Enacted into law in 2016 by the European Parliament, the Network and Information Systems (NIS) Directive aims to bolster cybersecurity across all EU networks. It primarily focuses on operators of essential services (OESs) and digital service providers (DSPs), mandating them to report any incidents to the Computer Security Incident Response Teams (CSIRT).
- EU Cybersecurity Act: In the realm of digital goods, services, and processes, the EU Cybersecurity Act introduces a certification framework for businesses operating within the EU.
- EU GDPR: The EU General Data Protection Regulation (GDPR) seeks to establish a consistent standard for data protection across all EU member states. [12]
Conclusion:
In the rapidly evolving realm of cybersecurity, the integration of artificial Intelligence represents a pivotal advancement. As evidenced throughout this article, AI’s capacity for rapid threat detection and response, its potential for automating routine tasks, and its role in bolstering digital defences are beyond dispute. Nevertheless, this transformative technology also presents its unique set of challenges, including ethical considerations, vulnerabilities, and the imperative for ongoing human supervision.
In the face of progressively sophisticated cyber threats, the collaboration between human experts and AI systems emerges as a promising solution. Collectively, they can harness the swiftness and precision of AI while benefitting from the intuitive, nuanced understanding offered by human analysts.
Organizations must welcome AI as a formidable ally while remaining vigilant in addressing the associated risks. The bedrock principles of robust cybersecurity invariably encompass fortified security protocols, a diverse and inclusive dataset, and well-defined policies and procedures. When amalgamated with the capabilities of AI, these foundational tenets will guide us toward a safer, more resilient digital environment.
In conclusion, the synergy between AI and cybersecurity represents a dynamic and transformative force, and our responsibility is to harness this potential judiciously. While we navigate the ever-evolving threat terrain, the fusion of human expertise and artificial Intelligence will be the cornerstone of effective cybersecurity strategies, ultimately securing our digital future.
[1] Ethan Noble, The Impact of Artificial Intelligence on Cybersecurity, (Oct. 22, 2022), https://www.cm-alliance.com/cybersecurity-blog/the-impact-of-artificial-intelligence-on-cybersecurity.
[2] Iulia Radu, The Impact of AI on Cybersecurity: Advantages and Disadvantages, (Sept. 19, 2023), https://www.ntrinsic.net/resources/blog/the-impact-of-ai-on-cybersecurity/.
[3] Jacob Fox, 8 Biggest Cyberattacks in History, Cobalt (Sept. 18, 2023), https://www.cobalt.io/blog/biggest-cybersecurity-attacks-in-history.
[4] Recent Cyber Attacks in 2022, Fortinet https://www.fortinet.com/resources/cyberglossary/recent-cyber-attacks.
[5] Amit Dubey, Artificial Intelligence: Confronting Challenges in Cybersecurity, WIONews (Seot. 6, 2023, 10:35 p.m.), https://www.wionews.com/opinions-blogs/artificial-intelligence-confronting-challenges-in-cybersecurity-614139.
[6] Dangers and Challenges of AI in Cybersecurity. Are You Prepared?, Devoteam (Sept. 16, 2023, 10:39), https://www.devoteam.com/expert-view/dangers-and-challenges-of-ai-in-cybersecurity/.
[7] Cayley Wetzig, AI And Machine Learning: How Vulnerabilities Impact Enterprise Cybersecurity, ThriveDX (Sept. 18, 2023), https://thrivedx.com/resources/article/ai-vs-cybersecurity-which-is-better.
[8] Besnik Limaj, Ethical Considerations in AI-Powered Cybersecurity, Medium (Sept. 20, 2023), https://medium.com/@besniklimaj/ethical-considerations-in-ai-powered-cybersecurity-45cd83db90e0.
[9] Information Technology Act, 2000, § 43, No. 21, Acts of Parliament, 1949 (India).
[10] Information Technology Act, 2000, § 65, No. 21, Acts of Parliament, 1949 (India).
[11] Information Technology Act, 2000, § 66, No. 21, Acts of Parliament, 1949 (India).
[12] Preetigha Narasimman, Cyber Security Laws and Regulations of 2023, Knowlegehut(Sept. 21, 2023), https://www.knowledgehut.com/blog/security/cyber-security-laws.
Author: Umang Shewani
Juris Centre 