Aspen Digital

I am pleased to align myself with the Aspen Digital report on Envisioning Cyber Futures with AI.  Both the analysis of AI’s possible impact on cybersecurity (implicitly defined as protection of assets in cyberspace) and the recommendations for action (which are mostly aspirational) are sensible.

I raise two additional points for consideration.  First, the meaning of “good place” and “bad place” necessarily depends on context.  “Good” and “bad” are terms with strong moral and ethical connotations, and in the real world in which we live, those connotations cannot be ignored.  To first approximation, the report associates a “good place” with a world in which AI predominantly helps defenders of cyber systems, and a “bad place” with a world in which AI predominantly helps attackers of cyber systems. 

With canonical understandings of cybersecurity, these associations are understandable: defense is good, offense is bad.  But unfortunately, in the real world these associations aren’t quite so clear.  Bullet-proof vests are defensive—but it is not a good thing when criminals acquire bullet-proof vests.  Similarly, it is not at all clear to me, for example, that Russian use of AI to improve the cyber defenses of systems used to launch cyberattacks against Ukraine should be regarded as “good” or that the U.S. use of AI to improve its cyber attack capabilities against North Korean missile development programs should be regarded as “bad.”

Put differently, what is “good” and what is “bad” depends both on the specific actors involved as well as the actions.  Most importantly, I don’t believe that those in the U.S. Cyber Mission Force responsible for offensive cyber operations should be regarded as living and working in a bad place. But “bad” is an entirely appropriate descriptor for the people trying to steal credit card numbers from us or the hackers trying to feed us election disinformation.

A second important point follows.  Both good actors and bad actors will seek to use AI to improve their defensive and their offensive capabilities.  It is highly unlikely that the capabilities of cyber attack or defense relevant to specific organizations and installations will be uniformly favored by AI.  It is far more likely that AI will give attackers a (probably transient) advantage for attacking installation A and a defender a probably transient advantage for defending installation B.  Defenders will try to use AI to give themselves an advantage and sometimes they will succeed. The same is true for attackers. And neither side will always be successful.

At the same time, this point does not negate the analytical value of positing defense-advantaged and offense-advantaged archetypes as conceptual outcomes (or places, if you will) for how AI will affect defense and offense.  As the report says, establishing these archetypes provides two poles against which to measure potential actions, as well as what interventions would take an organization (or, at times, broader society) towards those futures.