The Aspen Institute’s US and Global Cybersecurity Groups released a new report on Tuesday that offers up recommendations on how to safely use AI in cybersecurity and steers organizations toward a “good place” where AI predominantly helps defenders.
The report – released as part of the Aspen Digital program – looks to maximize the benefits of AI tools in cybersecurity and minimize harm.
“The release of Aspen’s paper on AI is another example of our collective commitment to support the development and deployment of artificial intelligence capabilities that align to secure by design principles,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said in a press release.
“As nations and organizations embrace the transformative power of AI, it is important that we provide concrete recommendations to AI end users and cultivate a resilient foundation for the safe development and use of AI systems,” Easterly added.
The report offers seven key recommendations: stay true to cybersecurity principles; don’t live in a silo; proactively manage which decisions AI will be making; improve logging, log review, and log maintenance; be intelligently transparent about AI; make sure your contracts contain AI rules of engagement; and beware of the bandwagon.
It also offers a list of additional recommendations for all organizations, including know what types of data the AI is using. Another general recommendation is to realize that while AI may seem new and shiny, the old cybersecurity rules and best practices still apply.
As for government-specific guidance, the report offers three key recommendations. First, governments should identify high-risk AI tools that could cause extreme harm and monitor their use. Second, promote access to open source cybersecurity tools. And third, provide educational opportunities – supporting university programs and certifications that integrate AI, data science, and cybersecurity skills.
Finally, the report also provides three industry-specific recommendations. These include: stick to the basics, employing existing cybersecurity and secure-by-design principles; make information sharing easy and commonplace; and log by default.
“The rapid advancements in AI offer great opportunities for the security community which will continue to be met with innovations by the adversary,” said Bobbie Stempfley, vice president and business unit security officer at Dell Technologies, also a member of the US Group. “It is important to ensure we don’t lose focus on foundational security principles while we navigate this changing technology landscape.”
“As organizations and individuals entrust more sensitive data to digital systems, the stakes of getting cybersecurity right have never been higher,” added Jeff Greene, senior director of cybersecurity programs at Aspen Digital.