CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments.
From iPhone’s Siri to self-driving cars, Artificial Intelligence (AI) is rapidly becoming a part of our lives. While science fiction often popularises the image of AI with human-like robots, AI is more about machines simulating human intelligence processes and performing tasks related to logical reasoning, problem-solving and learning from experiences. The AI that we are familiar with is known as narrow AI (or Weak AI), which is designed to perform specific tasks, such as play chess. Such AI is good at routine work, and the type that can replace jobs of that nature.
Narrow AI has five key features:
Logical reasoning: The ability to perform sophisticated tasks requiring logic and reasoning. E.g. AlphaGo, the current chess champion;
Perception: The ability to process input from sensory apparatus and deduce things from that input. E.g. Image Recognition, such as the latest iPhone’s Face ID feature;
Knowledge Representation: The ability to represent information about the world in analysable format to derive insights. E.g. IBM Watson for Oncology, an artificial intelligence platform trained by leading oncologists at New York’s Memorial Sloan Kettering Cancer Centre (MSK). Doctors can tap on the massive knowledge base of global cancer research and literature and provide oncology care to their patients, even those located in rural areas;
Planning and Navigation: The ability to visualise the future, set goals, and achieve those goals in the best manner possible. E.g. self-driving cars;
Natural language processing: The ability to understand and respond to natural languages in a meaningful way e.g. Alexa by Amazon.
The other type of AI is Strong AI, which aims to develop AI to the point that a machine’s intellectual capability is functionally equal to a human’s. While the AI field is as old as modern computing, beginning as early as the 1950s, for example, the creation of The Logic Theorist program in 1956, the resurgence of interest in AI could be attributed to developments in related subsets such as machine- and deep-learning. With machine-learning, machines are now capable of learning from experience, and in its subset deep-learning, use its deep neural network to work on large data sets. Many countries are also harnessing their nations’ AI development capabilities to grow their economies and to meet their security needs. In Singapore, if AI is adopted, it could help to nearly double Singapore’s annual economic growth by 2035, according to an Accenture Research report.
From a cybersecurity perspective, AI can be both a boon and a bane. Some cybersecurity companies predict that in 2018, cyber attackers are likely to use machine-learning and AI technology to aid in their attacks. On the other hand, security companies are also harnessing AI technology to improve their cyber defence capabilities by looking for indicators of compromise, and to combat cyber-attacks.
SINGAPORE’S AI INITIATIVES
In November 2017, Ministry for Communications and Information launched the “Infocomm Media Industry Transformation Map”, which identified AI as one of the four frontier areas. Besides new funding expected from IMDA, the National Research Foundation’s (NRF) had also said in May 2017 that it is investing up to S$150 million in the AI field over the next five years. In November 2019, Deputy Prime Minister Heng Swee Keat unveiled the National AI Strategy that will see over S$500 million committed to furthering AI capabilities and will start by focusing on five key sectors - transport and logistics, smart cities and estates, safety and security, healthcare, and education.
AI technology companies are also being set up in Singapore. This includes China’s Alibaba which will base one of its global AI research facilities in Singapore, and the United States-based DataRobot that would be setting up a S$15 million Research and Development (R&D) centre here.
AI Singapore, a national initiative, will further enable stakeholders from government agencies, universities, industry, and start-ups to come together to create AI products and develop talents here. More however needs to be done to help Small and Medium Enterprises (SMEs) adopt AI. A study by the Committee on the Future Economy (CFE) showed that many SMEs do not employ AI capabilities due to lack of awareness or expertise, or concerns about breaching data protection regulations.
Read more about Singapore’s National AI Strategy here and AI initiatives here.
TAPPING ON AI FOR CYBERSECURITY DEFENCES
The “bad guys” have started to use automated attacks from Distributed Denial of services (DDoS) attacks to ransomware. Accordingly, advocates of AI for cybersecurity say that AI is the way to go as cyber-attacks increase in scale and volume. Mr Sanjay Aurora, Managing Director, Darktrace Asia Pacific, highlighted that AI’s self-learning abilities could be tapped to detect anomalies and to defend against stealthy “low and slow” attacks. Darktrace, a cybersecurity company, said that AI is the only way to defend networks against the “unknown unknowns” – the inside jobs and novel exploits that an anti-virus scan may not find. Security company FireEye, in its 2018 security predictions highlighted that the security industry would likely see more use of AI in combating cyber-attacks, which will also help to make up for the shortfall of manpower in the sector.
Read more about tapping on AI for cybersecurity defences here.
AI AS AN ENABLER IN INTELLIGENCE
Intelligence agencies have long faced the challenges of collecting and sifting through large amounts of data. By automating more of the grunt work of sifting through data, an analyst would have more time to analyse the last incident, and hopefully more accurately anticipate the next one. US intelligence agencies, like the Central Intelligence Agency, have started to adopt AI capabilities for their intelligence purposes. The CIA currently runs more than a hundred AI projects, many of which are in collaboration with developers in Silicon Valley. These AI models help to predict significant future events, by finding correlations in data shifts, automatic tagging of images and videos, and finding useful patterns in social media for example.
Read more about spy agencies turning to AI for advantage here.
CHINA’S FACE RECOGNITION SYSTEM FOR LAW ENFORCEMENT PURPOSES
China is developing a nation-wide face recognition system that aims to identify any one of its 1.3 billion citizens within three seconds. The project launched by the Ministry of Public Security, China’s internal security agency, aims to use this facial recognition technology for security and law enforcement purposes as the agency would be able to pick out suspects even in large crowds. The system will store an unprecedented amount of data on Chinese citizens which brings about perennial privacy and cybersecurity concerns such as data thefts.
Read more about the project here.
RUSSIAN PRESIDENT TELLS RUSSIAN CHILDREN THAT WHOEVER LEADS IN AI WILL RULE THE WORLD
Russian President Vladimir Putin spoke to Russian children on 1 September 2017, the start of the school year in Russia, about Artificial Intelligence as the future, not only for Russians, but also for mankind. His remarks, subsequently reported by various media, elicited concerns from some like businessman Elon Musk, who tweeted on 4 September 2017: “China, Russia, soon all countries w [sic] strong computer science. Competition for AI superiority at national level most likely cause of WW3 imo.”
Read a media report on Putin’s remarks to Russian students about AI here.
AUDI ARABIA GRANTS A ROBOT SOPHIA CITIZENSHIP
Sophia is the first robot to be given citizenship in the world. However, no details about her Saudi Arabia citizenship are available. Made by Hanson Robotics, a company based in Hong Kong, Sophia is capable of interacting and displaying human emotions. While this may have been seen as a publicity stunt, it had also raised questions about if or how international law will handle the rise of AI-powered populations.
Read more about robot Sophia here or view the video here.
VOICE-ACTIVATED DIGITAL ASSISTANTS HACKED
AI-based digital assistants like any other Internet of Things (IoT) devices are no stranger to cybersecurity threats. In October 2017, IoT security company Armis announced that over 20 million Amazon Echo and Google Home devices running on Android and Linux were vulnerable to attacks via the BlueBorne vulnerability. BlueBorne is a set of eight vulnerabilities in the Bluetooth implementations deployed on Android, iOS, Microsoft, and Linux. BlueBorne allows attackers to take over devices that are Bluetooth-enabled, to run malicious code on the Operating System or firmware.
Read more about the Blueborne vulnerability here.
SOURCES INCLUDE: Civil Service College, Today, Business Insider, South China Morning Post, Yahoo, The Verge, Bleeping Computer and TechCrunch.
Quantum computers have been getting much attention in recent years, especially for its potential to be exponentially more powerful than today’s supercomputers. To illustrate this point, Google and Canada-based quantum computing company D-Wave Systems conducted an experiment – It has shown that a problem which takes current computers 10,000 years to solve can be processed within a second by quantum computers. In cybersecurity, some experts have highlighted concerns that quantum computing can quickly and easily crack complex encryption, compromising the confidentiality and integrity of digital communications we deem as secured today. This edition of CyberSense aims to shed light on quantum computers and their potential.
What are quantum computers?
Current computers process and store information in units called bits, which exist as two binary states of either ‘0’ or ‘1’. Quantum computers, however, invoke the concepts of quantum physics, where the quantum bit or qubit exists in multiple states which can be ‘0’, ‘1’, or some proportion of both a ‘0’ and ‘1’ at the same time. By allowing more information to be processed and stored in such multiple states at the same time, quantum computers become more efficient and powerful operationally. Understand more about the principles behind quantum computers here.
Google’s Sycamore processor which researchers claimed in October 2019 can perform a calculation that would take thousands of years in 200 seconds with its quantum computer
Quantum computers as a disruptor
Quantum computers will disrupt and impact every industry. They will allow the weatherman to forecast the weather more accurately by building better forecasting models. Personalised drug development will become more affordable and prevalent, as quantum computing enables scientists to model and determine viable drug options quicker. Artificial intelligence will also benefit from faster feedback, process big data more quickly, and therefore self-correct with significantly shorter learning times.
Can I buy a quantum computer?
Contrary to popular belief, quantum computers are meant to complement (and not replace) current computers, which are powerful enough to meet our daily requirements. Presently, highly specialised conditions and large spaces for physical infrastructure are required to produce qubits for quantum computers and ensure reliability of calculations, which make quantum computers impractical for most commercial purposes. Experts also believe that quantum computers need at least 1 million qubits to become commercially practical, a milestone that remains unattainable. Read on to understand engineering challenges in building quantum computers by clicking here.
Therefore, many technological difficulties remain to be overcome to achieve a commercially viable quantum computer. You can still own one, if you have US$15 million to spare, which is the asking price for a quantum computer by D-Wave Systems.
Current developments of quantum computing
Besides the looming trade war, the United States and China are waging a separate battle to determine who dominates the next information age. Technology giants IBM and Google have so far created working quantum computers with processing powers below 100 qubits. At the national level, the United States government’s 2018 National Quantum Initiative Act funds quantum computing research to the tune of about US$1 billion over 5 years. China is not letting up its efforts either, and is building a US$10-billion National Laboratory for Quantum Information Sciences that will also boost related home-grown cybersecurity efforts. Read more about US and Chinese efforts to become quantum computing superpowers here and here.
POTENTIAL RISKS THAT QUANTUM COMPUTING BRING TO CYBERSECURITY
An unintended consequence of quantum computing, however, includes breaking common cryptographic systems that currently underpin cybersecurity. Quantum computers can easily defeat conventional encryption systems (based on complex mathematical problems involving large prime factors) that current computers may require millions of years to overcome. Watch DigiCert’s video presentation to find out how long it takes exactly for current computers to break a conventional security key here.
A potential security scenario would be cybercriminals and nation-state actors capturing and storing encrypted data at present, in the hope that quantum computers can decrypt it in several years’ time. A report here suggests that there is “a one-in-seven chance that some fundamental public-key cryptography tools will be broken by quantum computers by 2026, and a 50 per cent chance of the same by 2031.”
It took vast resources and many years by countries and enterprises worldwide to mitigate the Y2K bug in the late 20th century. The well-laid preparations resulted in a non-event eventually for most computer users. Likewise, it is never too early to start identifying all possible risks to various sectors posed by quantum computing now, and implement essential cybersecurity solutions as soon as possible. In 2016, the National Institute of Standards and Technology (NIST) has identified various public-key cryptographic systems that could be compromised by powerful quantum computers. Read NIST’s report here.
While researchers agree that present symmetric cryptographic systems, such as AES, will be quantum-resistant as long as key sizes are large enough at 256 bits and above, research is on-going to develop new quantum computing-safe security protocols. Quantum key distribution (QKD), a form of quantum cryptography, transmits encoded information in a way that any attempt to eavesdrop will be quickly detected, thereby greatly improving the assurance that the transmitted information remains entirely private. Learn how quantum physics can be harnessed to defend against attacks by quantum computers by watching a TED presentation here.
EFFORTS TO COUNTER QUANTUM COMPUTING SECURITY CONCERNS FOR SINGAPORE
The NUS-Singtel Cyber Security Research and Development Laboratory was launched in 2016 by Singapore’s National Research Foundation (NRF), National University of Singapore (NUS) and Singtel. It was tasked with developing and implementing future-ready cybersecurity systems, including quantum cryptographic systems for future quantum computers and networks. Singtel was also expected to implement QKD for delivering encrypted information over its dark/optical fibre network. Researchers at the Centre for Quantum Technologies (CQT) have also made significant contributions to quantum cryptography over the years. The most recent includes developing a QKD system based on efficient “toolboxes” to enhance the security of high-speed quantum communication.
Find out more about efforts to future-ready Singapore’s cybersecurity in the era of quantum computing here and here.
SOURCES INCLUDE: DigiCert, The Verge, IBM, TED, MIT Technology Review, Forbes, Bloomberg, Business Insider, Global Risk Institute, Google, D-Wave Systems, Wired, Medium, NIST, and Centre for Quantum Technologies