We sat down with John Hammond, principal security researcher at Huntress, a managed security platform founded by a former NSA agent, to discuss the potential impact of OpenAI’s work with the Pentagon and how ransomware is shaping the public sector.
What is the potential impact of OpenAI’s work with the Pentagon in enhancing or potentially compromising cybersecurity measures and developing open-source cybersecurity tools?
I tend to be an optimist regarding the OpenAI and Pentagon partnership, especially in respect to cybersecurity. I think we will see greater usage of artificial intelligence in bolstering cybersecurity defenses, using this new modern technology to better baseline our infrastructure and to better detect anomalies. With that said, I am hesitant that it will foster growth and development for open-source tooling… while these powers come together, it makes clear sense to hold what could certainly be national strength very close to the chest. Open-source and publicly available tools might be much less of a priority for OpenAI and the Pentagon while they research and innovate for their own efforts.
Amidst landscape changes and recent ransomware attacks on critical infrastructure in sectors like oil, gas, water, and mining, can initiatives like this could prove valuable?
I do have a glass-half-full perspective on this, and I would agree that this initiative is valuable considering the recent cybersecurity attacks. While our industry is improving, sharpening defenses and becoming more proactive against threats -- new innovation and collaboration is certainly welcome.
How can OpenAI contribute to global cybersecurity efforts, especially as geopolitical tensions rise?
The best use of artificial intelligence and OpenAI’s solution for cybersecurity is primarily for defensive efforts -- using the technology to understand and assess what are necessary hardening settings or configurations, it might help evaluate the security of computers and networks at a significantly large scale. Think of the security considerations when setting up a new server, or deploying some new service, and picture an AI working alongside you to spot-check and course-correct for the implementation that maximizes security. While global tensions rise and more ill-intended actors are looking to use artificial intelligence for more nefarious offensive purposes, our industry can work ahead and harness it for better defense.
What are the types of ransomware attacks that have created a shift in the critical infrastructure landscape?
Supply chain threats are the most sinister attacks -- especially when introducing ransomware -- because you can’t possibly see it coming. Organizations tend to be completely oblivious to a weakness or vulnerability in the tech stack of a third-party provider, and the fallout is a trickle-down effect that affects all the companies and businesses that source provides for. These supply chain have created the most shift in the critical infrastructure and shook up the landscape to remind us that we should take inventory and work towards transparent communication with all vendors and key players within our supply chain. Additionally, recent ransomware incidents have avoided actually encrypting all the data -- they simply steal and exfiltrate private information. This makes it much less clear when an attack has taken place… unless an organization has the telemetry and visibility to detect that malicious activity, they may not even realize there has been a breach until their confidential information is published on the dark web.
What is the delicate balance between fostering innovation and ensuring national security?
Innovation in the AI space does need to have a certain delicate grace, even if the technology can greatly benefit national security --- because the population genuinely has a sort of fear as to what artificial intelligence could really do. Even if individuals won’t say it out loud, between media influences or any science fiction story, there is a peculiar paranoia and subtle fear, uncertainty and doubt that an OpenAI and Pentagon partnership might bring some strange, Terminator-inspired future. I am not so alarmist personally, but I think further innovation, research and development across sectors will drive humanity forward. While there is a delicate balance, new technologies and new solutions will come to life and inherently bolster national security.
Comments