Assessment Submission

Project Title

AI and Cybersecurity: Emerging threats and future expectations in Defense, Federal Government and Critical Infrastructure

 Blog URL

https://thinkspace.csu.edu.au/bassam11769944

Abstract

In recent decades, artificial intelligence (AI) started to play a vital role across various domains in human life, one of these critical domains is cybersecurity. Technology vendors have widely adopted different AI models and applications like machine learning (ML) and deep learning (DL) to enhance the detection rates of malicious content and different hackers’ techniques, as well as, improve integrations and automation between different technology solutions. However, as expected malicious actors have not been so far behind these massive improvements.

 

The increasing cybersecurity threat against AI systems, or using AI systems is a serious concern for authorities in different organizations and sectors. One of the major sectors that may be targeted or exposed by such cyberattacks is Defence organizations, Federal governments and critical infrastructure.

This research project sheds light on the malicious use of AI applications and the current state of AI-driven cyberattacks against these organizations. The study will also focus on the evolving nature of attacks targeting AI and ML systems for different malicious cyber activities usage, like adversarial attacks, data manipulation, social engineering, disinformation campaigns, and other different type of cyberattacks.

Furthermore, providing a comprehensive understanding of the emerging threats of these types of attacks on Defence organizations, Federal government, and critical infrastructure systems is extremely important as it might lead to catastrophic consequences on all other domains in human life, including business, economy, health, individuals privacy and more.

 

In the research, I will use Meta-Analysis methodology to anticipate the existing and future threats that may be posed by the increase of demand for AI, ML and DL applications based on the existing state and other sophisticate attacks development in the cyber surface. By exploring these areas, this research aims to strengthen our understanding of existing AI threats and future expectations in the cybersecurity landscape, so we can be ready for filling the gaps of these attacks in the present and future.


KEYWORDS for searches: AI, ML, DL, artificial Intelligence, machine learning, deep learning, cybersecurity, future cyber threats, advanced cyberattacks, sophisticated cyberattacks, cyberwarfare, cyber warfare, cyber terrorism

Introduction

My name is Bassam, I am doing my cybersecurity master’s at CSU. I am working as a system engineer at one of the security vendors. Our mission is to develop cybersecurity solutions to protect our customers in various sectors. One of these major sectors are Defence organizations, Federal governments, and other sectors.

 

Background

To start, we need to introduce a brief history and some basic types of machine learning and the way it works. This will help us to understand the impacts and threats that might result from the malicious use of this technology.

 

The birth of the term “Artificial Intelligence” first started in the 1950s, the idea was about inventing a thinking machine that can solve complicated mathematical problems. After 1990 the approach of “Artificial Neural Networks” was developed and the term deep learning (DL) started to rise. The idea this time was simulating the brain’s biologically neural-network function. Since this early stage, military research centres focused in the development of AI to use it in their Intelligence analysis, defence systems development and weapons manufacturing.

 

There are many types of Machine Learning algorithms used in many technologies nowadays, the main primary techniques are supervised machine learning, unsupervised machine learning and reinforcement machine learning.

 

Nowadays, we can see AI systems used in different domains of human life. Similarly, we started to see threat actors using AI or compromising AI systems for malicious purposes. One of the most critical domains that may cause a serious threat is targeting AI systems in Defence organizations, Federal government, and critical infrastructure systems.

 

Purpose and Justification

As we witness the rapid evolution of using AI in different applications across cybersecurity solutions, technology integration, and automation, we can obviously note the emerging threats connected to these areas. Threat actors and state-sponsored attack groups increasingly starting to use highly sophisticated attacks and malware using AI and machine learning techniques, moreover, they started to target AI, ML and DL systems themselves with their malicious attacks, which raised a red flag on the devastating outcomes of the malicious usage of AI/ML/DL technologies in cyberwarfare against nations Defence organization, Federal government, and critical infrastructure systems.

 

In addition, we need to expect the evolving of these types of attacks in the next decade so we can have better visibility and understanding to be ready for its consequences and impacts in order to plan for suitable countermeasures, controls and regulations to protect our systems and lives against these emerging threats.

 

Problem Domain

AI applications are widely used in numerous fields of human life nowadays. However, the more human depends on AI the more threats and impacts it may result in case it gets compromised or used for malicious purposes. And the most serious impact and threats come from using AI in cyberwarfare by attacking other nations’ AI systems or using AI to cause harmful effects in critical infrastructure systems or even starting disinformation campaigns. That is why we need to have an early understanding and cover the tactics and techniques used by malicious actors to have visibility and understanding of how to protect against them and also expect threats that may come in the future.

 

There are many academic research articles, books, and reports that started to focus on these areas, however, most of these researches are covering a partial part of the malicious use of AI in specific fields and just I can see a few talking about future expectations of these emerging threats. Thus, I found it important to shed more light on these areas.

 

 

 

Research Questions

The following are the main questions that will be addressed in this research:

 

  • What are the main techniques that threat actors are using in their AI-driven attacks?
  • What are the expected attacks using AI and ML or targeting AI, ML and DL in the next decade based on the current state and other development in sophisticated attacks?

Sub question:

  • What are the impacts of AI-driven attacks on Defence organizations, Federal governments, and critical infrastructure?

 

Research Methodology

Meta-Analysis research methodology with a combination of qualitative and quantitative data analysis.

How the Research will be undertaken

The research will be undertaken by using meta-analysis research methodology to have a deep insight into my research of AI-driven threats and future expectations.  This methodology will help me to consolidate data from various resources like academic journals, research papers, studies, reports, white papers, attack analysis reports and technical documents in order to identify different patterns of AI-driven attacks plus attacks that targetting both AI and ML systems. By combining both qualitative and quantitative data analysis, my goal is to have a comprehensive understanding of the current state of such attacks.

 

The benefit of using Meta-analysis research methodology is that it will allow me to compare and correlate data from different resources and compare their results, attack patterns and expectations, which make the data more generalized and efficient. Also, it will allow me to apply a combination of correlation and descriptive approaches to the result of my research,

 

This should result also in the target prediction of future threats of using AI engines in cyberattacks or targeting AI and ML systems themselves. Also, I will use my industry experience, knowledge and study papers on other advanced cyberattacks and malware to enhance the expectation of the evolving of AI-driven attacks in the future.

 

In addition, by applying the Meta-analysis methodology, I can utilize my personal experience and knowledge in the cybersecurity field, and use this knowledge to enrich the research with more valuable insights and expectations.

 

As this research will use Meta-analysis research methodology to gather, combine and correlate data from different resources. I will do the required citation for data that will be taken from these resources. The compliance requirements of workplace, Industry or government regulations are not applicable to this research. Also, there should not be any policies impacted by my research findings.

 

 

 

Data Collection

All resources that will be used in this project will be referenced in APA7 format style and will be mentioned in both assessment documents and the research project blog.

 

 

Any Ethical Issues?

As this research will use meta-analysis research methodology to gather, combine and correlate data from different resources. I will do the required citation for data that will be taken from these resources. The compliance requirements of workplace, Industry or government regulations are not applicable to this research. Also, there should not be any policies impacted by my research findings

 

 

 

Research and Professional Ethics Statement

In my research, I will strictly consider academic ethics. All collected data from different research papers, journals, reports and any other resources will be referenced to their authors respecting the efforts that they have done in their research and to protect their copyrights. The referencing will be done in APA7 citation format as per CSU requirements and will do my best efforts to avoid any plagiarism in my research papers and my research project blog and future seminar on my project. In addition, I will commit to the honesty and accuracy of collecting and using my research data.

 

As I’m following meta-research methodology in collecting and combining data from different academic and professional published resources, the potential risk in collecting and using data will be in a low-risk and harmful profile. All resources used in this research will be cited correctly, and I will use my own style in explaining and describing the collected data to avoid any chance of plagiarism. The research idea and subject were introduced in the assessment 1 phase and got the acceptance with some modifications that will be considered in this research proposal and future work in my research. During my research, I will use a CSU license to access external academic research libraries if applicable.

 

All tools that I will use in this research are already licensed and all resources will be collected in ethical ways. All the resources will be mentioned either in the research paper and references will be mentioned in the research project blog.

 

Summary of My Preliminary Literature Review

In this research, I have chosen some well-reputed academic journals, books, reports and other technical whitepapers and articles. The following is an overview of the main sources that I will use in my research:

 

 

  • Artificial Intelligence Timeline.

This article represents the history of using artificial intelligence in military research and development. I have used this website as a historical reference for the early stage of using AI in the military before starting to use it in other sectors of human life.

 

 

  • The Emerging Threat of Ai-driven Cyber Attacks: A Review

This research article explores the relationship between artificial intelligence and explains multiple examples of using AI to enhance security solution capabilities against different threats and vulnerability detection. It also dives into the existing and future expectations of using AI in different malicious activities.

 

  • Hacking the AI – the Next Generation of Hijacked Systems

This research paper was published in 2020 at the 12th International Conference of Cyber Conflict (CyCon). The article discusses the potential impacts of using AI systems to conduct cyber attacks and the complex challenges of securing AI. In addition, It discusses the malicious use of AI in disinformation campaigns and the concept of deepfake and how hard to detect compromised or suspicious AI systems.

 

  • Artificially intelligent cyberattacks

This report was published by Swedish Defence Research Agency in 2020. The reports trace the evolution of cyber threats connected to AI and the growing malicious usage of AI in the future focusing on the part of cyber defence and cyber warfare. The report addresses also some questions about the implementation of AI and how ready organizations are for these new types of threats, the required technologies and more.

 

  • AI and the Future of Cyber Competition

This research paper was published by CNET “Center for Security and Emerging Technology” at the University of Georgetown. The research discussed the actual vulnerabilities in security solutions powered by AI. and the potential of compromising AI systems in the early stage of development in order to manipulate the primary purposes of using these AI systems in cybersecurity. The study emphasizes that the United States and its alliances must be ready for these new emerging AI threats and security supply chains.

 

  • CYBERSECURITY OF AI AND STANDARDISATION

This report was published in April 2023 by European Union Agency for Cybersecurity (ENISA). The report is addressing the existing gaps in establishing standardisation and guidelines in order to effectively secure AI systems. And the criticality of taking serious and fast steps towards establishing the necessary standards to protect AI systems against being compromised especially since it is fastly applied in different sectors like critical infrastructure and services.

  • Recent advances and applications of machine learning in solid-state materials science study address the early start of artificial intelligence

This study was published in 2019 and addresses the usage of AI in solid-state materials, the research has a very good explanation of the different types of machine learning and the different use for each type. This research is giving a good understanding of how machine learning works, and different applications for each type of machine learning, which can give us an idea about the different areas of threats and impacts that may be caused by compromising AI systems.

Project Plan

This project plan was designed in a simple way based on the research project’s main tasks and assessments. The time frame of the tasks is scheduled time and updates are taken into consideration while designing the project plan. The research methodology is also taken into consideration. All project tasks will be completed by one person. I will update all tasks on the blog and will create a page for the weekly project updates.

 

Deliverables

The following are the deliverables of the project:

  1. assessment 1: project brief and blog setup – 18 days
  2. assessment 2: project proposal and plan – 20 days
  3. assessment 3: an annotated bibliography and reflection – 30 days
    Including research and literature review and blog update
  4. assessment 4, final report, presentation, and blog progress – 22 days

This image requires alt text, but the alt text is currently blank. Either add alt text or mark the image as decorative.

 

Work Breakdown in Gantt Chart Structure

This image requires alt text, but the alt text is currently blank. Either add alt text or mark the image as decorative.

 

Risk Analysis

A risk analysis for the project has been completed. The details are in the following table.

 

Risk ID Description Likelihood Consequence Treatment
1 Project subject and relation to my field of study MEDIUM MEDIUM Revise the subject and make it more connected to the field
2 Project scope and research will take more than 12 weeks  

MEDIUM

  

MEDIUM

 Modify the scope to be more aligned with the project time
4 Some tasks may need more time than the project schedule LOW HIGH Modify the schedule or ask for an extension
5 Research questions are not answered exactly as planned  

MEDIUM

  

HIGH

 Revise the research points and extracted data to focus and the required results

 

References

 

Military Embedded Systems. (2019, January). Artificial Intelligence Timeline. https://militaryembedded.com/ai/machine-learning/artificial-intelligence-timeline

 

Hadlington, L., Binder, J., Gardner, S., Karanika-Murray, M., & Knight, S. (2023, May). The use of artificial intelligence in a military context: Development of the attitudes toward AI in defense (AAID) scale. Frontiers. https://www.frontiersin.org/articles/10.3389/fpsyg.2023.1164810/full

 

`Hartmann, K., & Steup, C. (2020). Hacking the AI – the next generation of hijacked systems. 2020 12th International Conference on Cyber Conflict (CyCon). https://doi.org/10.23919/cycon49761.2020.9131724

 

Zouave, E., Bruce, M., Colde, K., Jaitner, M., Rodhe, I., & Gustafsson, T. (2020 , Marsh). Artificially intelligent cyberattacks (FOI-R–4947—SE). FOI. https://www.statsvet.uu.se/digitalAssets/769/c_769530-l_3-k_rapport-foi-vt20.pdf

 

Hoffman, W. (2021, January). AI and the Future of Cyber Competition. Georgetown University, CSET Department. https://cset.georgetown.edu/publication/ai-and-the-future-of-cyber-competition/

 

Bezombes, P., Brunessaux, S., & Cadzow, S. (2023). Cybersecurity of AI and standardisation. ENISA. https://www.enisa.europa.eu/publications/cybersecurity-of-ai-and-standardisation

 

Schmidt, J., Marques, M. R., Botti, S., & Marques, M. A. (2019). Recent advances and applications of machine learning in solid-state materials science. npj Computational Materials, 5(1). https://doi.org/10.1038/s41524-019-0221-0