May 26, 2023
At a Glance
- For the first time in 50 years, Singapore created a new branch of the military - to defend against AI-enhanced cyber attacks.
- Singapore developed a cyber-intrusion detection tech to secure cyber-physical assets to avoid another Colonial Pipeline.
Singapore is mobilizing against AI-enhanced digital threats that come from cyber criminals harnessing ChatGPT and other generative AI capabilities.
Brigadier General Edward Chen said while ChatGPT and generative AI has brought AI to the “iPhone moment” of widespread recognition, it also opened the door to exponentially greater cybersecurity threats. He spoke at the recent AI and Defense summit held by Sparkcognition, an AI solutions provider to the private and public sectors.
Chen cited three main impacts of generative AI in cybersecurity: increased human vulnerability, weakened cyber infrastructure, and an expanded digital terrain.
People have always been the weakest link in cybersecurity and ChatGPT has further intensified this vulnerability, he said. It has enabled cyber criminals to craft more sophisticated phishing emails to trick consumers into clicking on them to download malware.
“ChatGPT cyber criminals can generate well-written, believable emails and tailored to specific organizational contexts,” Chen said. “The days of identifying phishing emails through spelling errors and poor grammar have long gone.”
Moreover, criminals can feed ChatGPT harvested user data so they can impersonate people with “amazing accuracy,” Chen said.
Stay updated. Subscribe to the AI Business newsletter
Audio and video are also vulnerable to manipulation. Chen said AI was used to clone a CEO’s voice and tricked a banker into sending $35 million for a fake acquisition. “AI tools can now generate realistic, cloned voices that can be used for nefarious purposes,” Chen said.
What is more troubling is when criminals use text, video and audio together to create misinformation campaigns to create fake news. He said this makes it difficult to discern truth online especially in light of a psychological phenomenon in which the more one sees a message, the more one believes it regardless of whether it is true or not.
Another area of concern is weakened cyber infrastructure. Chen said traditional cyber infrastructure defenses will become obsolete since these use common network sensors and malware scanners to spot malicious activity.
ChatGPT lets hackers quickly create unique malware variants that do not match any known ones so they can evade detection, Chen said. Also, “ChatGPT has lowered the technical bar and significantly reduced the time taken for attackers to develop such advanced malware."
A third outcome is an expanded digital terrain. The attack surface expands exponentially with the broad adoption of ChatGPT, Chen said. As more generative AI apps are developed, the larger the terrain open to attacks.
Moreover, the AI models themselves can be attacked. Because of their complexity, AI models are black boxes where it is not exactly known how they work. Researchers have shown that it is possible to hide malware within deep learning models undetected, Chen said. Also, AI models have access to high computing power that can amplify these attacks. So think twice before downloading an open source AI model unless the source is trusted, Chen advised.
Singapore's singular response
To prepare, Singapore has created a new branch of the military – the first time it has done so in half a century.
Called the Digital and Intelligence Service (DIS), the unit was established by the Singapore Armed Forces to “tackle these nebulous and emerging threats against Singapore and Singaporeans in the digital domain,” said Chen.
DIS has three key initiatives: Train and equip personnel, harness AI to fight AI-enabled hacking and safeguard new digital terrain.
It educates, trains and sensitizes its staff to new threats by doing such things as using generative AI to craft user-targeted emails and seeing which employees fall for them in internal phishing exercises. Those who fall victim will have a one-to-one counseling session with their supervisor.
Second, it works with the iTrust Centre for Research in Cyber Security in Singapore to develop defenses against cyber-physical attacks on operational technology systems – basically using malware to disrupt physical equipment – to avoid what happened in the Colonial Pipeline breach.
Colonial Pipeline was hit with a ransomware attack in 2021 and the company had to halt all oil pipeline operations to prevent the malware from spreading. It paid a ransom of $4.4 million to restore access.
Chen said the iTrust center has developed a cyber intrusion detection technology to secure infrastructure such as water utilities and this will be expanded to power plants, 5G networks and other areas as well.
Third, with an expansion of cyber terrain to protect, DIS will train personnel on the latest generative AI models so they can defend against them. They will participate in cyber exercises.
Read more about:ChatGPT / Generative AI
About the Author(s)
You May Also Like