Network security

AI and network security

In the realm of network security, the integration of AI in cybersecurity defence strategies can fortify them. But malicious actors have also recognised the potential of AI and are increasingly exploiting its capabilities to carry out malicious acts in cyberspace. By integrating AI technologies, organisations can improve threat detection, response automation, and system protection, enhancing their resilience against cyber threats.

Leveraging the benefits of AI for network security

AI can provide advanced capabilities for threat detection, automated response, and overall system protection. By examining a massive amount of data, including network traffic, system logs, user activity, and malware signatures, AI-powered cybersecurity solutions use machine learning algorithms to detect and identify possible risks. This assists in the identification of trends and abnormalities that might suggest security breaches, allowing for proactive monitoring and alerting of security teams via intrusion detection and prevention systems.

AI approaches can also detect abnormal behaviour by creating baselines of typical behaviour and detecting suspicious activities, assisting in uncovering insider threats or zero-day attacks.

AI plays an important role in identifying and mitigating malware attacks by studying code samples, network traffic, and behavioural patterns, increasing detection speed and accuracy to keep up with developing threats. AI-powered user behaviour analytics monitor activity to detect insider threats, compromised accounts, or unauthorised access attempts, contributing to overall system security. Furthermore, AI is used in adversarial machine learning to fight against attacks on AI systems that aim to identify and mitigate flaws that attackers may exploit. AI also allows for automated response and remediation by initiating steps such as blocking malicious IP addresses, isolating compromised devices, and applying security patches and upgrades.

Use of AI to harm network security

Through data poisoning, AI-driven cyberattacks, and the evasion of AI-based defences, AI can be used to attack network and information systems. Adversarial attacks, for instance, exploit AI vulnerabilities by manipulating inputs, resulting in misleading outputs or circumvention of security safeguards. Attackers can insert malicious data into AI model training to compromise its behaviour and performance, committing data poisoning. AI-driven cyberattacks employ AI techniques to automate and optimise phishing campaigns, password cracking, and vulnerability identification. Attackers may devise strategies to circumvent AI-based protections by examining algorithms and exploiting their flaws.

Learn more on AI Governance

Cybersecurity is among the main concerns of governments, internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss. Yet, when the internet was first invented, security was not a concern for the inventors. In fact, the internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open. Cybersecurity came into sharper focus with the internet expansion beyond the circle of the internet pioneers. The internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.

Today, the cybersecurity framework includes policy principles, instruments, and institutions dealing with cybersecurity. It is an umbrella concept covering (a) critical information infrastructure protection (CIIP), (b) cybercrime, and (c) cyberconflict. As a policy space, cybersecurity is in its formative phase, with the ensuing conceptual and terminological confusion. We often hear about other terms that are used without the necessary policy precision: cyber-riots, cyberterrorism, cybersabotage, etc. In particular, cyberterrorism came into sharper focus after 9/11, when an increasing number of cyberterrorist attacks were reported. Cyberterrorists use similar tools to cybercriminals, but for a different end. While cybercriminals are motivated mainly by financial gain, cyberterrorists aim to cause major public disruption and chaos.

Cybersecurity policy initiatives

Cybersecurity is tackled through various national, regional, and global initiatives. The main ones are described below.

At national level, a growing volume of legislation and jurisprudence deals with cybersecurity, with a focus on combating cybercrime, and more and more the protection of critical information infrastructure from sabotage and attacks as a result of terrorism or conflicts. It is difficult to find a developed country without some initiative focusing on cybersecurity.

See also: Cybersecurity, cybercrime, and child online protection in Africa: National approaches and elements of foreign policy | Continental and regional policies

At international level, the ITU is the most active organisation; it has produced a large number of security frameworks, architectures, and standards, including X.509, which provides the basis for the public key infrastructure (PKI), used, for example, in the secure version of HTTP(S) (HyperText Transfer Protocol (Secure)). ITU moved beyond strictly technical aspects and launched the Global Cybersecurity Agenda. This initiative encompasses legal measures, policy cooperation, and capacity building. Furthermore, at WCIT-12, new articles on security and robustness of networks and on unsolicited bulk electronic communications (usually referred to as spam) were added to the ITRs.

A major international legal instrument related to cybersecurity is the Council of Europe’s Convention on Cybercrime, which entered into force on 1 July 2004. Some countries have established bilateral arrangements. The USA has bilateral agreements on legal cooperation in criminal matters with more than 20 other countries (Mutual Legal Assistance in Criminal Matters Treaties (MLATs)). These agreements also apply in cybercrime cases.

The Commonwealth Cybercrime Initiative (CCI) was given its mandate from Heads of government of the Commonwealth in 2011 to improve legislation and the capacity of member states to tackle cyber crime. Dozens of partners involved with CCI assist interested countries with providing scoping missions, capacity building programmes, and model law outlines in the fields of cybercrime and cybersecurity in general.

The G8 also has a few initiatives in the field of cybersecurity designed to improve cooperation between law enforcement agencies. It formed a Subgroup on High Tech Crime to address the establishment of 24/7 communication between the cybersecurity centres of member states, to train staff, and to improve state-based legal systems that will combat cybercrime and promote cooperation between the ICT industry and law enforcement agencies.

The United Nations General Assembly passed several resolutions on a yearly basis on ‘developments in the field of information and telecommunications in the context of international security’, specifically resolutions 53/70 in 1998, 54/49 in 1999, 55/28 in 2000, 56/19 in 2001, 57/239 in 2002, and 58/199 in 2003. Since 1998, all subsequent resolutions have included similar content, without any significant improvement. Apart from these routine resolutions, the main breakthrough was in the recent set of recommendations for negotiations of the cybersecurity treaty, which were submitted to the UN Secretary General by 15 member states, including all permanent members of the UN Security Council.