Impact of Cyberwarfare on AI Business

Interested in being successful using or creating AI in Business? Is competitive edge important for you? Is profitability important? Secret Sauce that will make you the leader for the next 10 years?

If you answered yes to any or all of these questions it is not enough to have a good Product idea or even execution in today’s digital world. The very nature of AI means it will be digital and have large data sets. And your competitors are not the only ones you think -

The stakes are very high and that means innovative companies have to be aware of the cybersecurity risks and understand the reality of a Business Operating Environment today.

In this article I am focusing on China who is a dangerous threat as they have the brain power, motivation, resources and all-encompassing Strategy that all companies and their business leaders have to be aware of so they can the right questions of their stakeholders and set the right risk posture in the company.

They also have a track record of stealing Intellectual Property for establishing their own industry and saving on expensive Research & Development.

Their strategy has been working for their objectives as they are now on a fast track to outpace and speed ahead on AI.

Watch my video on: Data: The new gold? For Whom? Using AI to Weaponize Data and get a better understanding. Also Join the conversation where I talk about with the amount of data we are generating which increases the risks for companies as it makes it easier to get in the wrong hands.

AI is a strategic technology that will lead in the future — Economic impact of AI will be measured in Trillions of dollars. AI is positioned to be the largest contributor to global economy in the next 10 years, raising global GDP by around 15 trillion dollars.

•It is estimated China that China will capture ~7 Trillion Dollars.

•US + Canada stand at 3.7Trillion dollars.

I am a global Cybersecurity & Privacy Strategist with a holistic approach to business value proposition and creation. I admire the strategic approach China has taken on advancing their Cybersecurity Strategy and growth in AI, Quantum technology.

Blown away by their strategic, no holds barred charge for supremacy on economic, political, technical, brainpower for national growth, global infrastructure development strategy to invest in nearly 70 countries and international organizations.

But I am alarmed at their methods and the risks it brings to innovation for the companies and society in the free world.

Also confused on how the Chinese have openly declared their intentions on becoming world leaders in technology and waging cyber warfare amongst other types of warfare but it was treated as being aspirational. It may have been aspirational but so was a trip to the moon. Some interesting things to note:

• 2 Chinese Generals wrote a book in 1990, Unrestricted Warfare just after the gulf war which had demonstrated the military superiority of United States and the Chinese realized the qualitative deficiencies in their military capabilities. The two Chinese strategists talk about the high dependence of the US on technology and discuss how they can use cyberwar to remove that advantage by infiltrating the US systems and knocking powerful systems out and/or diminishing their effect.
• Fast forward to 2015, the People’s Liberation Army (PLA) initiated reforms that brought dramatic changes to its structure, model of warfighting, and organizational culture, including the creation of a Strategic Support Force (SSF) that centralizes most PLA space, cyber, electronic, and psychological warfare capabilities.
• Fast forward to 2017: China has declared intent to invest and lead in AI. They published China’s ‘New Generation Artificial Intelligence Development Plan’ (2017). “• AI innovation and entrepreneurship have become increasingly active, and a number of leading enterprises have accelerated their growth, receiving widespread concern and recognition internationally. Accelerate the accumulation of technological capabilities and massive data resources, the organization integration of both the huge demand for applications and an open market environment, which together constitute China’s unique advantage in AI development.”

They state their Strategic objectives in AI — To achieve economic growth and innovation using AI by 2020.

China has surpassed international scientific and technology papers published and the number of inventions patented. Tsinghua University in Beijing is counted as one of the top 100 AI global institutions.

Main point I will make is China has the intention, resources and people power to achieve their goals to lead in AI. This is dangerous for the free world.

As a Business Leader how does this impact your Company, especially does this affect a privately owned company?

Data and business processes in the cloud

Are you planning to move your data centers (or already have) to the cloud? Any Cloud?

In my presentation I talk about a data hijacking in November 13, 2018:

• Internet Service Providers, ISPs, in Russia, China and Nigeria. This ‘attack on Google’ intercepted search, cloud and business services. Interruptions lasted for nearly 1.5 hours
• In this case it was made possible due to the extensive presence of Chinese owned telecom in the United States that covers all the major ISP exchange points. China Telecom has eight POPS in the US and ten overall in North America.

What is the Risk for a Business from data hijacking?

This is a critical and significant and its not just about availability of the data, even though depending on the systems in questions that can be catastrophic (Emergency services, financial transactions for e.g.).

1. Organizational security is focused on protecting data.
2. Security is not focused on the ISPs and how they are routing and heir network of ISPs.
3. Having a Foreign State controlled ISP, an openly hostile one like China is harmful to American companies in particular. It’s akin to securing your house and driveway as a company but everything going in and coming in the driveway is going across an ISP. In the digital world, all data in and out of your company will flow across a ISPs network. Encryption will not help protect always, but that’s a different topic.

This is one example.

No organization today can afford to ignore China — whether you have a operation in China or business market in China or Intellectual Property that can be used for internal companies growth in China.

I am going to explain why.

Applications that are collecting data on global users with no restrictions:

Another is Social media companies with different media — text, images, videos, aggregating a lot of personal data . This is a risk for all companies including Facebook, Twitter, Instagram but a significantly more risk when the company is foreign owned with advanced AI algorithms that are not transparent — TikTok is a company with a Chinese owned Parent company ByteDance. as of last month, “China’s government has acquired a 1 percent stake in and one of three seats on the board of Beijing ByteDance Technology Co. Ltd., the subsidiary that holds licenses that underpin the company’s domestic video- and information-sharing platforms”.

Strategic Data Breaches

Office of Personnel Management, OPM, Breach away 21.5 million records from the federal government’s background investigation database. This includes security clearance data and sensitive data such as previous psychological and behavioral issues on file.

Anthem Breach with 78 million names, birth dates and Social Security numbers compromised.

“If you look, just look at the Equifax breach alone, which I consider one of the greatest counterintelligence successes by the Chinese Communist Party, they have all the financial data for every single American adult. The Chinese have more data than we have on ourselves.” William Evanina, former director of the National Counterintelligence and Security Center.

World’s major developed countries are taking the development of AI as a major strategy to enhance national competitiveness and protect national security

Call to Action for Business leaders

A well-designed AI system can significantly improve the bottom line for a Business. However, there is a potential for damage financially or to reputation of epic proportions if these systems are deployed without due care.

Examine your company’s data and business model to understand the data that is required for business value. Have the right protection, accountability and access in place for sensitive data. Sensitive data is not just regulated data.

Cybercriminals follow money but there are strategic and powerful bad actors who pose a higher risk.

Institute basic security practices, keep a full inventory of all Artificial Intelligence and Machine Learning projects;

Have Governance in place at the outset and take a holistic approach to building AI systems with Trust because these are complex systems and unlike in conventional systems we cannot go back and add components. For e.g.: Amazons recruiting tool which had gender bias and they tried to tweak it to eliminate at but they could not and had to scrap the system or Alphabets sidewalk project which was aborted due to issues with ethics and cost upward of 50m dollars.

Supply chain can be an attack vector, example if you need to reuse models trained by large corporations and modify them slightly for task at hand due large resources (data + computation) required to train algorithms — the models themselves can be attacked by adversaries so vendor’s security evaluation is important.

Last and most important: Think of a risk based holistic approach to building AI capability and products so you can avoid wasted time and incur huge costs when regulators wake up and start enforcing restrictions on data or countries you can work with.

I will end with a recent FTC action on AI alleged misrepresentations by the photo-storage service, which trained its facial-recognition system with users’ photos

@stake:
1.Using facial recognition by default for a majority of users and not allowing them to disable the feature.
2.Inconsistency with Everalbum’s claims that facial recognition would be inactive unless affirmatively enabled.
3.Storing users’ photos and videos indefinitely, notwithstanding representations Everalbum would permanently delete users’ files upon deactivation of their accounts misrepresentations
@Outcome
FTC requires Everalbum to reverse its technological advances from the misconduct. Specifically, Everalbum must delete the facial-recognition models and algorithms Everalbum developed with biometric information from consumers who had not affirmatively consented to the practice. Everalbum also has to discard photos and videos in deactivated accounts as well as facial feature details derived from those images

Its been a pleasure writing on this critical topic.

About me: I am a leading voice in Security & Privacy and Trusted AI. In Q4 2020, global non-for profit, Women in Cybersecurity (WiCyS), asked me to launch a Global WiCyS Trusted AI initiative to establish Trust in AI.

I also published a revolutionary risk based holistic AI governance framework, an Artificial Intelligence Transparency, Integrity, Privacy & Security, AI TIPS Model©. I regularly publish and present at global industry events. She has an undergraduate degree in Psychology and a master’s in computer science and AI.

I have a background in Artificial Intelligence, Security of IoT, and integrating security into product design. Please connect with me through email at pamela.gupta@outsecure.com, on LinkedIn or Twitter.