According to a new GCHQ report, due to the increased use and capabilities of artificial intelligence (AI), critical national infrastructure has higher potential cybersecurity threat levels.
GCHQ’s National Cybersecurity Centre (NCSC) warns that the “digital disparity” between organizations that can and cannot respond to AI-enabled threats is set to increase the overall cyber risk in the UK. This makes cybersecurity even more important until 2027 and beyond.
A new report on the impact of AI on cyber threats from now until 2027 says that as AI is using to speed up processes, it will uncover vulnerabilities and further “almost certainly” reduce the time between exploited vulnerabilities and exploitation.
In a harsh warning, the NCSC stated: “AI almost certainly makes the elements of cyber intrusion operations more effective and efficient, leading to increased frequency and intensity of cyber threats.”
With AI models and systems built into the UK’s technology base, the organization believes this will pose increasing threats to critical national infrastructure.
The NCSC report believes that AI cyber development is the most important thing is likely from AI Assist vulnerability research and exploit development (VRED). This allows access to the system through the discovery and exploitation of flaws in the underlying code or configuration in a targeted organization.
By 2027, UK cybersecurity specialists believe that AI-enabled tools will almost certainly enhance the ability of threat actors to leverage known vulnerabilities of threat actors, increasing the amount of attacks on systems that have not been updated with security fixes.
The report states that “system owners are already facing race in identifying and mitigating vulnerabilities before threat actors exploit them.”
“The time between disclosure and exploitation will be reduced for several days, and AI will almost certainly reduce this even further. This is likely to contribute to an increase in threats to critical national infrastructure or its supply chains, particularly to operating technologies with low levels of security.”
The increased use of AI technology has allowed tasks to be embedded in corporate systems, data and operational technologies across a variety of organizations.
Techniques such as direct and indirect rapid injection and supply chain attacks can enable the use of AI systems and promote access to a wider system. The NCSC said the use of supply chains to build or maintain infrastructure has enabled hackers to cyberattack large organizations, such as public entities and large contractors.
With the rise of the threat, NCSC further said that AI will help system owners and software developers protect the system.
NCSC also encourages organizations to follow advice on implementing AI tools safely and maintaining protective security measures in a wider system.
This includes various NCSC documentation and guidance. NCSC publishes it to help organizations take action, including a cyber assessment framework and 10 steps to cybersecurity.
A recent ARUP study revealed that most engineers and architects use AI regularly in their work.
Following the Heathrow blackout in March, Resilience experts spoke to NCE about their lack of preparation for such events and the key national infrastructure managers that “unthinkable” risks should be considered in operation.
Paul Chichester, NCSC Operations Director, said: “We know that AI is changing the cyberthreat landscape, expanding the attack surface, increasing the amount of threats, and promoting malicious capabilities.
“Though these risks are real, AI also presents strong opportunities to boost UK resilience and drive growth, making it vital that organizations take action.
“Organisations need to implement strong cybersecurity practices across AI systems and their dependencies and ensure that modern defenses are in place.”
Like what you read? Click here to receive the new civil engineer’s daily and weekly newsletter.
