Cybercriminals hammering midsized American businesses are displaying skills previously limited to expert government hackers from China and Russia, according to SentinelOne’s Alex Stamos.
Mr. Stamos hopes new artificial intelligence tools will level the playing field for businesses working to combat threats identical to the government-sponsored cyberattackers he witnessed as chief security officer at Facebook before leaving the company in 2018.
Businesses with 5,000 to 10,000 employees and which lack huge cybersecurity teams are facing threats previously only encountered by network defenders working at defense contractors, in the oil and gas sector, and at major banks, he told the House Homeland Security Committee on Tuesday.
“Those kinds of companies are having an extremely difficult time because of professionalized cybercrime,” Mr. Stamos said. “The quality of the cybercriminals has come up to the level that I used to only see from state actors four or five years ago.”
Mr. Stamos said his team at Facebook included Chinese and Russian language experts and people who responded to cyberattacks for hundreds of companies and who worked in the American intelligence community.
“There is no way an insurance company in one of your districts can go hire those people but what you can do through AI is we can enable more normal IT folks, who don’t have to have years of experience fighting the Russians and the Chinese and the Iranians, we can enable them to have a much greater capabilities and that’s one of the ways I think AI can be really positive,” Mr. Stamos said.
Artificial intelligence is a field of science and engineering that combines advanced computing and statistical analysis to enable machines to complete complex tasks.
AI-fueled cyber combat has lawmakers fearing that the U.S. government and businesses are headed toward a future where machines battle machines and humans can’t keep up.
Rep. Carlos Gimenez, Florida Republican, questioned whether America must win the AI arms race to ensure it does not fall victim to enemy nations.
“It appears to me that what we’re heading for is cyberattacks are going to be launched by artificial intelligence networks and they’re going to be guarded against by artificial intelligence networks and that it’s who has the smartest artificial intelligence is going to win the race or is going to win out in that battle or war,” Mr. Gimenez said at the hearing.
Mr. Stamos agreed and explained he worries that AI-powered malware will make advanced cyberattacks far easier to accomplish through lower costs and limited human involvement.
“My real fear is that we’re going to have AI-generated malware that won’t need that [human involvement],” he told lawmakers. “If you drop it inside of an air-gapped network in a critical infrastructure network it will be able to intelligently figure out, ‘Oh, this bug here, this bug here’ and take down the power grid even if you have an air gap.”
An air gap is a security measure used to isolate multiple systems from linking, such as a computer connecting to WiFi.
Cybersecurity defenders are struggling to keep up with digital attacks on critical infrastructure. The Chinese military is increasing its effort to burrow into American infrastructure such as power and water utilities, communications systems and transportation systems, according to recent reports.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.