Publication Name, URL – The AI Journal Home - The AI Journal
Journalist Name – The AI Journal
Query Response Deadline – Feb 20, 2024 - 5:30 PM
(Response requested through RegulatingAI.org)
Query Title – Looking for AI experts specializing in cybersecurity measures and ethical hacking
Industry/Vertical –Technology, Business
Query Description & Questions –
- What type of data storage systems are most at risk of hacking?
The degree of risk depends on a lot of variables. The most serious risks involve alteration of information which controls critical infrastructure, as in the
attached brief policy statement supported unanimously by top technical experts from electric utilities. At that time, the greatest damage came from backdoors in software or hardware. The ones most at risk are those least able to withstand the rapidly growing system of backdoors and their support systems. In past years, that meant ANY system not using red hat SE Linux, supported by a division at NSA, but that division was disbanded for reasons beyond the scope of this response. But it also meant any system dependent on chips or boards which might have hardware backdoors.
When last I had the data (a few years ago), >90% of the greatest damage from hacks fell into one of these categories. Probably no systems used in the US have the level of protection needed for real security against the most capable adversaries, most of whom have full awareness of the "rainbow book" technologies which are not widely visible in the US, and only now are a very few players becoming aware of the foundations, definitions and capabilities of Quantum Artificial General Intelligence (QAGI), which entails use of quantum superposition to multiply the power of "bromium" technology for detecting hardware backdoors.
- Do you think that the security risk that businesses face is proportionate to the amount of data they have stored?
It is a U=XY kind of thing, a nonlinear relation. More data means more risk, sometimes proportionately, but the TYPE of data is more important on the whole.
- Do you think that cybersecurity protection is a worthwhile financial investment for all businesses that store data digitally, not only for larger corporations but also SMEs and startups?
Again, it is a nonlinear interactive kind of relation.
For example, how much is it worth to the owner of a fleet of vehicles (anything from cars to robots to drones to spacecraft) to get out of their present situation where adversaries already exist with the ability to simply take over everything they own or manage? When there is total vulnerability to losing everything they own , to adversaries who already include just that in their strategic plans, and yet technology capable of really erasing that primary vulnerability, it would seem rational to pay anything less than the total net present value of what they own or manage. (If they manage assets belonging to other, that level of payment would be rational for the manager and the owner cooperating together). Given the uncertainties, of course, that means a very focused RD&D effort, hoping to pay less and get paid for spinoffs later.
- How useful do you think ethical hacking is for data protection, and how frequently do you think it needs to be done to be effective?
And I thought the honest answers to the PREVIOUS question are complicated, with many variables!
Just as there are many types of hack and many types of protection... there are many, many TYPES of ethical hacking, of varying effectiveness,
short term and long term.
In a way, bromium and rainbow book technology offer FORMS of hacking, ways of probing a system for vulnerability, which may be done by humans or AIs or well-designed combined systems. For example, true QAGI (as defined in the published patent disclosure for thermal quantum annealing)
entails the use of millions of Schrodinger cats acting in parallel to try to hack a piece of hardware or software. (For that matter, it could be applied to hack an actual physical plant, like a drone.) With access to the software, one may test it for compliance with proper standards, IF the tester and the original software developer has access to the right variety of rainbow book technology. Of course, there are also issues of how to probe the full system, which includes humans with access dimensions.
- Would you advise businesses to outsource ethical hackers, or hire someone with hacking skills into the business?
They can help, but saving the business requires crucial additional capabilities or partnerships.
Most important is for all of us to rise above "silver bullet" thinking -- to INCLUDE many components. but to INTEGRATE
them into a system which can survive what is coming on us all, much faster than most of us imagine.
- Do you foresee the role of an ethical hacker becoming increasingly important and sought-after in the future?
True AGI (even from the pre-quantum era) requires a very deep understanding of probabilities, as defined by Von Neumann and his follower Howard Raiffa. I do not say what WILL happen, when we now face alternative future paths whose value will be far worse or far better than people now imagine,and when we have not yet shown through our actions that we will choose the better one.
- Do you think there is much risk associated with ethical hacking?
Sure. There is a lot of risk associated with the internet itself, and even with human life.
One bad actor with privileges or dependent on vulnerable tools, could actually terminate all human life on earth, if he had access to some systems I know about.
- What other tools and security measures are most effective for data protection?
The attachment summarizes how it looks for ONE key sector, which is a kind of bell-ringer for others.
In fact, in discussions of rapidly growing financial sector problems, we see the best past accomplishments of the electric power sector,
in multiactor interactions, as a great model for the financial sector -- BUt ALSO in urgent need of more protection. One key challenge is to
overcome the very dangerous designs and systems developed by people who believe in Nash equilibria or
mutual assured destruction, by following Von Neumann and his followers (like Schelling and Axelrod) to develop a stream of designs which can rise more up to Pareto optimality, which will require not only cybersecerity but rules/constraints to amplify transparency and prevent fundamental conflicts of interest form distorting information.
No comments:
Post a Comment