In early May 2022, Microsoft’s Chief Scientific Officer Eric Horvitz appeared before the US Senate to testify on applications of artificial intelligence in cybersecurity. The written document is available on Microsoft’s official blog and a recording of the session can be seen at the official website from the US Senate Committee on Armed Services. The hearing also had the presence of Andrew Moore from Google and Andrew Lohn from Georgetown University.
In Microsoft’s documents, they point that cybersecurity threats are growing in complexity and scale, and techniques are advancing in sophistication targeting critical infrastructure and accessing confidential data. In 2021 alone, Microsoft’s 365 Defender Suite blocked 9.6 billion malware threats, 35.7 phishing and malicious e-mails, and 25.6 billion attempts to hijack accounts. These numbers are impressive not only for being evidence to the magnitude of cybersecurity challenges, but also indicate incredible resilience.
Cybersecurity has become a bigger challenge in the past few years due to the massive shift to remote working caused by the pandemic lockdowns, especially for the fact that professionals moved from controlled and secured environments to remote connections. Another factor is the fluidity between professional and personal online activities, which can increase vulnerability to cyberattacks, especially through techniques of social engineering. AI technologies, for example, can be used to learn user behavior and trick individuals into performing unintended actions online.
Artificial intelligence has made significant advancements in the past decade in areas of machine vision, natural language processing, speech recognition, diagnosis, reasoning, robotics and machine learning, with impressive accuracy performance in deep neural nets using large amounts of data and computational resources. Breakthroughs have been particularly seen in vision and language. But as well as harnessing the immense opportunities of this technology, society needs to continue applying efforts to understand how the technology is used by malicious actors so that prevention, mitigating, and response activities can be in proper place.
In terms of advancing cybersecurity, AI technologies can be used to automate the interpretation of signals generated during attacks. This can help by providing insights from past attacks to detect and predict patterns in future attacks and also to adapt response during attacks. AI technologies can also help scale, orchestrate and automate response actions, which allow professionals to focus their efforts on attacks that require specialized expertise.
Recommendations include knowledge sharing through best practices and cross-sector partnerships, cybersecurity specific benchmarks, training and education, and R&D investments on machine learning application for every step of the cyber attack chain.
To access the entire document, please visit Microsoft’s official blog post Applications for artificial intelligence in Department of Defense cyber missions. You may also watch the entire hearing by visiting the official website for the US Senate Committee on Armed Services (Subcommittee on Cyber).