HP’s Paul McKiernan discusses the impact AI systems like ChatGPT are having in the cybersecurity landscape and the future landscape where bots battle it out on business networks.
While cyberattacks appear to be a constant occurrence, there have been some high-profile attacks that are said to have changed the landscape.
The Solarwinds data breach in 2020 was has been described as a “wake up call” for organisations, as it showed the risks of supply chain attacks.
But for HP’s lead security advisor for EMEA, Paul McKiernan, Stuxnet was the malware that “changed everything” in the cybersecurity landscape.
“After Stuxnet in 2010, manufacturing systems became just as vulnerable as the PCs that controlled them,” McKiernan said. “malware became something which could also impact the physical world.”
McKiernan said he got into cybersecurity through “necessity” as a shift supervisor in 2003, as “the slammer virus” had shut down the production lines where he worked.
Speaking to SiliconRepublic.com, McKiernan believes AI is another area that will impact the cybersecurity landscape by accelerating both attackers and defenders.
“As cybersecurity tools and exploit tools access greater datasets via AI engines, everything will accelerate like never before,” he said.
The short-term impacts
Speaking about AI tools such as ChatGPT, McKiernan said that – like many new inventions – the benefits of these systems will manifest before the “unintended consequences occur”. After this, he believes controls will be put in place to “restore equilibrium”.
“Ultimately, I think that [AI] will revolutionise not just cybersecurity, but just about every network connected technology,” McKiernan said. “Already, we are using ChatGPT to accelerate code development. It is also being used to write ransomware, but you must be clever to get around the built-in controls.
“Like search engines, cyber security tools are already being augmented with OpenAI engines and datasets. Exploit engines will also follow-suite.”
Earlier this year, researchers shared multiple examples of criminals sharing malware created with the help of ChatGPT on hacker forums. The advanced AI chatbot is also being investigated in multiple countries for data privacy, with the EU recently creating a task force focused on ChatGPT.
In terms of controls being put into place, McKiernan noted that the National Institute of Standards and Technology in the US released a framework in January around AI risk management.
The EU is also working on its AI Act, which has reportedly been delayed due to the rapid rise of generative AI systems like ChatGPT.
The future cybersecurity landscape
McKiernan believes the role of cybersecurity operators will be very different in the future, as AI will manage to outpace humans in both attacks and defence and human analysis becomes “too slow”.
“A time will come when cybersecurity bots and exploit bots will be battling it out on business networks,” McKiernan said. “The role of the security operations team will be to interpret which bots are winning and where, and to report back to the human world what is going on.
“There will still be incident response – detection and orchestration will be lightning fast and repetitive. Humans will have to intervene only if the “good bots” are losing the battle.”
In terms of industry changes, McKiernan believes that the companies that move fastest and have access to larger data sets will “become bigger players”.
“The term “next gen” will quickly become obsolete,” McKiernan said. “The last 10 years have seen an explosion of growth in the number of cybersecurity start-ups.
“I expect this to continue, but there is a risk that a few organisations in the world will become even more dominant.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.