Resource includes actionable steps to maximize potential benefits and minimize risks of these emerging technologies
CONTACT: Victoria Comella
Washington, D.C. – January 9, 2024 – The Aspen Institute’s US and Global Cybersecurity Groups today released a new paper, Envisioning Cyber Futures with AI, identifying practical, actionable steps that organizations deploying AI-powered tools can take to maximize potential cybersecurity benefits and minimize risks. This cybersecurity effort is part of the Aspen Digital program, which works at the intersection of technology, information, security, and the public good.
“The release of Aspen’s paper on AI is another example of our collective commitment to support the development and deployment of artificial intelligence capabilities that align to secure by design principles,” said Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA). “As nations and organizations embrace the transformative power of AI, it is important that we provide concrete recommendations to AI end users and cultivate a resilient foundation for the safe development and use of AI systems.”
The explosion of artificial intelligence (AI) has already had a huge impact on cybersecurity. Yet, because these technologies are rapidly evolving, the debate around this challenge isn’t tied to specific capabilities, actions, or outcomes. This deficiency makes it difficult for organizations and governments to make security-conscious decisions as they install AI-enabled tools in their systems.
This is why the Institute’s US and Global Groups held working sessions to develop concrete recommendations for the end-users of AI. “As organizations and individuals entrust more sensitive data to digital systems, the stakes of getting cybersecurity right have never been higher,” said Jeff Greene, Senior Director of Cybersecurity Programs at Aspen Digital.
Developing recommendations for deploying AI tools is complicated by the fact that many of the biggest benefits and risks are not yet happening – or even known. To address this, the Groups brought together a team of experts from across civil society, the private sector, and government to imagine two realistic future scenarios: one where AI disproportionately advantages defenders and one where it disproportionately advantages attackers. The working group then used these futures as poles to develop concrete recommendations that will steer today’s AI end users toward the good future and away from the bad.
“In cybersecurity, attackers have long since held an asymmetric advantage over defenders,” said US Cybersecurity Group member Jonathan W. Welburn, Senior Researcher at RAND Corporation. “However, recent advancements in AI can provide defenders the scale, speed, and information advantage to upend that calculus and give defense the new advantage.”
“The rapid advancements in AI offer great opportunities for the security community which will continue to be met with innovations by the adversary,” said Bobbie Stempfley, Vice President & Business Unit Security Officer at Dell Technologies, also a member of the US Group. “It is important to ensure we don’t lose focus on foundational security principles while we navigate this changing technology landscape.”
Some of the resource’s recommendations include:
- Stay true to cybersecurity principles – The basics of cybersecurity always apply, especially when using AI.
- Proactively manage which decisions AI will be making – AI tools will be making decisions organizations cannot review, so deploy them with forethought and define affirmatively what they will be able to do.
- Don’t live in a silo – AI and cybersecurity practitioners should work together.
- Proactively manage what decisions AI will be making – AI tools will be making decisions organizations cannot review, so deploy them with forethought and care; make affirmative choices as to what they will be able to do.
- Improve logging, log review, and log maintenance – AI-powered attacks will be increasingly difficult to detect; keeping and reviewing data will be essential.
- Be intelligently transparent about AI – Organizations should think about what outcomes they actually hope to achieve through AI transparency and determine how to structure the disclosure accordingly – or whether disclosure is even necessary.
- Make sure your contracts contain AI rules of engagement – Even if an organization doesn’t use AI, its partners likely will. Organizations should consider flowing down their own AI policies to partners and third parties.
- Beware the bandwagon – Install AI tools where it makes operational or other sense. It is OK to say no to AI, or to use other technologies if an AI tool is not warranted.
Envisioning Cyber Futures with AI is available to download on aspendigital.org.
Members of the press are invited to attend Beyond the Clickbait: the Impact of AI on Cybersecurity, on Tuesday, January 16, from 10:00 to 11:30am ET, at the Aspen Institute in Washington, DC. The event will feature Former NSA Deputy Director George Barnes, White House Special Advisor on Artificial Intelligence Ben Buchanan, Gibson Dunn Partner Jane Horvath, Omidyar Network Responsible Technology Director Govind Shivkumar, Dell Technologies VP & Business Unit Security Officer Bobbie Stempfley, Google Senior Engineering Director Amanda Walker, and RAND Corporation Senior Researcher Jonathan W. Welburn. Reporters may learn more and register online.
ABOUT ASPEN DIGITAL
Aspen Digital is a nonpartisan technology and information-focused organization that brings together thinkers and doers to uncover new ideas and spark policies, processes, and procedures that empower communities and strengthen democracy. This future-focused Aspen Institute program inspires collaboration among diverse voices from industry, government, and civil society to ensure our interconnected world is accessible, safe, and inclusive – both online and off. Across its initiatives, Aspen Digital develops methods for elevating promising solutions and turning thought into networked impact. To learn more, visit aspendigital.org or email firstname.lastname@example.org.
ABOUT THE ASPEN INSTITUTE
The Aspen Institute is a global nonprofit organization whose purpose is to ignite human potential to build understanding and create new possibilities for a better world. Founded in 1949, the Institute drives change through dialogue, leadership, and action to help solve society’s greatest challenges. It is headquartered in Washington, DC and has a campus in Aspen, Colorado, as well as an international network of partners. For more information, visit www.aspeninstitute.org.