AI and the Imperative to Take Cybersecurity PrecautionsThornton-Trump of Cyjax, Wedgbury of Airbus on AI's Privacy and Regulatory Concerns
The use of artificial intelligence can profoundly improve operations and services across many industries, but the multifaceted relationship between AI and cybersecurity calls for new measures to address security, privacy and regulatory concerns through the right protocols and procedures.
When organizations feed data into an AI system, they may not understand the consequences of the generated output, said Ian Thornton-Trump, CISO of Cyjax Ltd. "GDPR specifies that you can't make decisions about things without a human consultation," he said. "That's where the aspirations of machine learning and AI might run up to a major regulatory hurdle in terms of decisions being made about people working in your business or customers."
Adam Wedgbury, head of enterprise security architecture at Airbus, also emphasized concerns associated with adversarial AI, the possibility of data inference and the challenges in determining what happens to data once it is used to train an AI model.
"The question comes from how you deploy the system - whether you use it as part of your security posture or as part of a critical decision-making process. But fundamentally, adversarial AI is a threat actor trying to change or break your model to get a different decision, Wedgbury said.
In this video interview with Information Security Media Group at ISMG's London Cybersecurity Summit 2023, Thornton-Trump and Wedgbury also discussed:
- The role of CISOs in AI integration and their responsibility for data security;
- AI's potential contributions to vulnerability management, threat detection and log analysis;
- The challenges of achieving a universal, global regulatory framework for AI.
Thornton-Trump has more than 25 years of experience in IT and IT security. He served with the CF Military Intelligence Branch and the CF Military Police Reserves and is part of the global faculty of CompTIA.
At Airbus, Wedgbury is responsible for building and maintaining the core security controls framework, in addition to the design of security standards and architecture patterns.