Securing Critical Infrastructure in the Age of Artificial Intelligence
Cyber vulnerabilities in critical infrastructure demand constant attention, warned federal officials at the Energy, Infrastructure, and Environment Summit 2023 held at the National Press Club in Washington, D.C., on November 15.
“Any impairment in a critical infrastructure function, any missed opportunity to invest in infrastructure remediation or resilience creates an exploitation pathway for a potential adversary to either hold infrastructure segments hostage or to actually actively exploit them at a time and place of their choosing,” warned David Mussington, executive assistant director for infrastructure security at CISA, the Cybersecurity and Infrastructure Security Agency.
These words underscore a situation that could turn catastrophic if left unattended. Critical infrastructure encompasses both digital and physical services that are crucial to the sustainment of lives and livelihoods.
“We're leaving exploitable vulnerabilities available to adversaries to make our services—our digital and physical services that make the American economy and the American way of life possible—remain vulnerable to exploitation,” Mussington told the audience at the AFCEA Bethesda Chapter event.
Speakers touched on new technologies and, during a panel, an expert drove attendants’ attention toward one in particular.
“The one thing that frightens me that I haven't even heard brought up today,” explained Dave Nelson, chief information officer of the Nuclear Regulatory Commission, as he mentioned that artificial intelligence (AI) is currently under discussion from two distinct points of view in the federal government. One point of view holds AI as a tool to build security and resilience; another revolves around the funds necessary to implement a recent executive order from the White House on this topic.
The integration of AI into cybersecurity efforts is a key factor in protecting critical infrastructure. AI can be harnessed to detect and respond to threats in real time, significantly reducing the window of opportunity for adversaries.
“And adversaries aren’t geniuses,” Mussington explained and stressed how countries like Russia, China, North Korea and Iran are opportunists that will exploit vulnerabilities to maximize damage.
Our adversaries are determined to exploit vulnerabilities and risks that we leave unaddressed.
To safeguard critical infrastructure, event speakers stressed that these areas should be addressed:
1. Investing in Resilience: fortify critical infrastructure against potential threats.
2. Leveraging AI: artificial intelligence can help stay ahead of adversaries by rapidly identifying and mitigating cyber threats.
3. Government Collaboration: the federal government should work closely with private sector partners and continue cross-pollination among agencies.
4. Funding and Prioritization: critical infrastructure security initiatives are essential as the White House’s recent executive order requires actionable plans with measurable results.
Still, at the event opening, Mussington gave a warning.
“Our adversaries are determined to exploit vulnerabilities and risks that we leave unaddressed.”
Vulnerabilities in critical infrastructure pose a danger that must be constantly addressed as federal agencies consider their customers. Avoiding disruptions is part of keeping these services secure and friction as low as possible for employees and the public.