America’s new National Cybersecurity Strategy Implementation Plan, published earlier this month, is already attracting heavy criticism not for what it does include but for what it seems to ignore completely.
Skepticism concerning the report that began in the cybersecurity sector is rapidly becoming a national concern across the US. Last week, Newsweek published an opinion that the Biden/Harris plan “seems stuck in time, as if it was written when Biden was elected and left to collect dust as tech evolves rapidly.”
As far as it goes, the plan is highly laudable – or it would have been two and a half years ago when Biden and Harris were elected. The most damning criticism leveled at the plan by the mainstream and the cybersecurity media is that it takes no account of the revolutionary advances in artificial intelligence (AI) made over the last 18 months.
Although the socio-economic impact of the recent radical advances in AI in terms of job losses has been much debated in the White House and mainstream media across the globe, scant attention has been paid to the full impact of AI. The average smartphone now enjoys access to more computing power than all the computers in the US when it put a man on the moon in 1969. AI could make today’s smartphones appear obsolete and primitive as a digital calculator from 1969 (priced at up to $25,000 at the time). AI will enable superb real-time simultaneous translation during video conferences and phone calls and link all previously unconnected devices and services.
The downside is that AI’s new frontiers could become a Wild West for cybercrime without firm legislation from an informed government. It is not only smartphone users who will become targets, as organizations of all kinds will become vulnerable to attack without rapid adjustments. Not only will the smartphones used by staff to access their emails and other parts of the corporate network have more entry points for cybercriminals, but threat actors are also using AI to up their game. Relatively inexperienced hackers are now discovering they can use AI-powered services such as Microsoft-backed ChatGPT to carry out professional and highly orchestrated spear-phishing attacks targeting key individuals such as CFOs and accounts personnel.
The IT industry’s remorseless drive to connect everything from toasters to nuclear power stations to the Internet, sometimes called the Internet of Things (IoT), will further exacerbate the problem.
A report published by McKinsey as long ago as November 2021 already highlighted the huge cybersecurity problems ahead. The McKinsey report, IoT value set to accelerate through 2030: Where and how to capture it, also predicted that the combination of AI and IoT could be devastating regarding cybersecurity.
“The potential economic value that the IoT could unlock is large and growing. By 2030, we estimate that it could enable $5.5 trillion to $12.6 trillion in value globally, including the value captured by consumers and customers of IoT products and services,” said the report, predicting a rapid increase in the number of devices that are constantly being connected to the internet.
But McKinsey’s prediction of a cybercrime crisis, if the government did not firmly address the looming cybersecurity challenge appears to have gone woefully unnoticed and unheeded by the Biden administration. Unless swiftly and effectively remedied, the absence of effective government in the world of cyber can only result in a cybercrime tsunami.
“Allowing AI into IoT requires the same level of federal and state scrutiny as for electricity or water. AI is an incredibly serious national security risk for consumers, enterprises, and state-owned infrastructure alike. And AI-enabled IoT—well, that’s a treasure trove to be exploited by bad actors and foreign states,” said the McKinsey report.
