Policy Insights: Senate Armed Services Committee Discusses AI in Cyber Warfare

Politico reported last week that members of the Senate Armed Services Committee’s cybersecurity subpanel will also dive into how artificial intelligence is being used to advance cyber warfare practices. According to Politico, “While no Pentagon or other Biden administration officials are scheduled to testify, lawmakers will hear from two companies at the forefront of the military’s cyber advances: Google and Microsoft.

Eric Horvitz, a technical fellow and chief scientific officer at Microsoft, plans to focus both on the ways that AI advancements have helped organizations prevent and respond to cyberattacks and the ways that it’s made nation-state hacking groups even stronger. “The DoD, federal and state agencies, and the nation need to stay vigilant and stay ahead of malevolent adversaries,” Horvitz will say in his opening remarks, adding that more investments in research and engineering projects will be needed to do so.

Other witnesses include Andrew Moore, vice president and director of Google Cloud AI, and Andrew Lohn, a senior fellow at Georgetown University’s Center for Security and Emerging Technology. A spokesperson for Sen. Joe Manchin (D-W.V.), who chairs the cyber subcommittee, told MC that the hearing will touch on recommendations from the National Security Commission on Artificial Intelligence, including one calling for a new framework outlining how to defend key AI systems from cyberattacks and another recommending that DoD and the Office of the Director of National Intelligence stand up new hacking teams to test the security of the country’s AI systems.”

Policy Insights: 

Max Heinemeyer, VP of Cyber Innovation from Darktrace:

“Cyberconflict is the new battleground, and we need to take this threat seriously. Attackers will stop at nothing to take down critical infrastructure, hold data for ransom, or worse – launch a nation-state attack that could cause major global disruption. It is excellent news to see increased awareness and calls to action around implementing AI into the nation’s cybersecurity framework.

Our research indicates an increasing use of automation by attackers. Attackers use automation to accelerate their attack paths and ramp up attacks faster for a more substantial ROI. Sophisticated attackers use automation in countless ways to gain entry into an organization’s digital infrastructure to seek out its ‘crown jewels.’ AI is one tool in the automation toolbox available to adversaries. However, when defenders utilize AI, it is much more difficult for attackers to succeed.

AI works with security teams, augmenting their capabilities. AI helps alleviate the pressures already on IT teams, enabling them to be more efficient. AI can handle security tasks, especially at night or on weekends, critical for teams without sufficient human resources or security skills. As threat actors become more aggressive, so too must defenses. Utilizing defensive AI is not a nice-to-have; it is a must-have.”