It’s already week 5 of the “Advanced Cybersecurity and Global Cybersecurity Strategy” course at the European Centre on Privacy and Cybersecurity (ECPC)! This afternoon Mika Lauhde will provide our students with a lecture on Cybersecurity and Artificial Intelligence. 

AI has multiple and diverse roles when it comes to cybersecurity. AI may be used both to compromise organisational security and to defend it. At the same time, AI needs to be protected from attacks (intentional or unintentional), human manipulation, and biased learning. People must also be protected from AI. Current AI solutions mainly represent so-called “weak AI”. Still some time is needed before “strong” or “super AI’s” will become widespread. 

The relationship between AI and cybersecurity can largely be divided into three dimensions of use: 

1. Offensive use of AI: In this dimension, cyber criminals make use of AI to identify and detect passwords or user credentials, also exploiting images and audio which can then be used to commit identify fraud or theft, to carry out more credible phishing attacks, or even to develop new malware. 

2. Defensive use of AI: In this dimension, AI is used to fight against cyberattacks, “creating enormous investigative capabilities by analysing large amounts of information and identifying patterns and anomalies”(see https://ec.europa.eu/info/sites/default/files/communication-eu-security-union-strategy.pdf) which could be applied, e.g., in the financial sector as a preventative measure. 

3. Targeting and exploiting AI: In this dimension, the vitality of establishing cybersecurity requirements for AI is made clear in a situation where there is an  increasing proliferation of AI and its use in highly sensitive sectors (e.g., in the banking and finance, energy, healthcare, and transportation sectors, etc.). 

During this fifth week of the course, our students will take a deep dive into the multidimensional relationship between AI and cybersecurity and the related risk management and governance aspects. Mika’s lecture will also provide a short introduction to how a layered defence for AI can be built and what that would mean from the personnel competence point of view.