RSA 2019: Are we evaluating AI and machine learning for cybersecurity objectively?

By Tom Sullivan
03:38 PM
Share
Experts at RSA say because the tech does not have a moral compass it can be used for bad just as easily as it can for good purposes.

SAN FRANCISCO — Artificial intelligence and machine learning hold as much promise, and perhaps peril, in the infosec realm as anywhere else. That was among the takeaways from the Tuesday morning keynote sessions here at RSA 2019.

"AI is the new foundation for our entire industry, it will enable us to better defend ourselves, to better detect threats, to out-innovate our adversaries, to solve other key issues," said Steve Grobman, CTO of McAfee. "But we have to ask, are we looking at AI objectively? We cannot only focus on the potential, we must also understand the limitations and how it will be used against us."

Grobman continued with an example of work McAfee did in taking public safety data sets about crime and with 50 lines of python and machine learning to predict whether a crime would be committed in a specific region of the city based on certain parameters.

"We can identify hotspots to train citizens to make the city safer," Grobman said. "But with the low barrier to entry for machine learning, a criminal could use the same data and tools to avoid being arrested."

In addition to safety, public data sets are currently available across a range of areas, such as energy, critical infrastructure, and increasingly healthcare.

"It's a simple classification," said Celeste Fralick, McAfee chief data scientist. "The model has no idea whether it's learning to detect cancer or optimize a crime spree. It's just math."

Fralick also pointed to other top concerns, such as AI for social exploits, generating false content that is highly believable, and the technology's ability to combine the effectiveness of spear-phishing with the scale of traditional phishing.

"Most people don't realize how fragile AI and ML can be," Fralick added.

Adversaries, for instance, could manipulate or poison that goes into the system to generate false positives or false negatives.

Grobman added that despite the reasons for fear and speculation, AI and ML will reshape the human experience as dramatically as tools of the last century did and innovation lights the way forward.

For that to happen, though, AI, ML and the raft of emerging technologies have to be secure, as does the data, according to RSA CTO Zulfikar Ramzan.

"Digital transformation and trust go hand in hand," Ramzan said. "We can innovate all day long but unless people are willing to trust and embrace those technologies it's all for naught."

Twitter: @SullyHIT
Email the writer: tom.sullivan@himssmedia.com

RSA 2019

Hottest news and views from the premier cybersecurity conference. See our full coverage right here.