Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop (2019)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Prepublication Copy – Subject to Further Editorial Correction Implications of Artificial Intelligence for Cybersecurity PROCEEDINGS OF A WORKSHOP Anne Johnson and Emily Grumbling, Rapporteurs Computer Science and Telecommunications Board Intelligence Community Studies Board Division on Engineering and Physical Sciences PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION 

THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001 This project was supported by Award Number 2014-14041100003-021 with the Office of the Director of National Intelligence. Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for this project. International Standard Book Number-13: 978-0-309-XXXXX-X International Standard Book Number-10: 0-309-XXXXX-X Digital Object Identifier: https://doi.org/10.17226/25488 Additional copies of this summary are available from the National Academies Press, 500 Fifth Street NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313; http://www.nap.edu/. Copyright 2019 by the National Academy of Sciences. All rights reserved. Printed in the United States of America National Academies of Sciences, Engineering, and Medicine. 2019. Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: https://doi.org/10.17226/25488. PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION 

The National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Marcia McNutt is president. The National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. John L. Anderson, is president. The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president. The three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine. Learn more about the National Academies of Sciences, Engineering, and Medicine at www.national-academies.org. PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION 

Consensus Study Reports published by the National Academies of Sciences, Engineering, and Medicine document the evidence-based consensus on the study’s statement of task by an authoring committee of experts. Reports typically include findings, conclusions, and recommendations based on information gathered by the committee and the committee’s deliberations. Each report has been subjected to a rigorous and independent peer-review process and it represents the position of the National Academies on the statement of task. Proceedings published by the National Academies of Sciences, Engineering, and Medicine chronicle the presentations and discussions at a workshop, symposium, or other event convened by the National Academies. The statements and opinions contained in proceedings are those of the participants and are not endorsed by other participants, the planning committee, or the National Academies. For information about other products and activities of the National Academies, please visit www.nationalacademies.org/about/whatwedo. PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION 

PLANNING COMMITTEE FOR A WORKSHOP ON IMPLICATIONS OF ARTIFICIAL INTELLIGENCE FOR CYBERSECURITY FREDERICK R. CHANG, NAE,1 Southern Methodist University, Chair KATHLEEN FISHER, Tufts University ERIC HORVITZ, NAE, Microsoft Corporation SUBBARAO KAMBHAMPATI, Arizona State University WENKE LEE, Georgia Institute of Technology JOHN MANFERDELLI, Northeastern University PHIL VENABLES, Goldman Sachs Staff EMILY GRUMBLING, Program Officer, Workshop Director KATIRIA ORTIZ, Associate Program Officer JON EISENBERG, Senior Board Director SHENAE BRADLEY, Administrative Assistant 1 Member, National Academy of Engineering. PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION v 

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD FARNAM JAHANIAN, Carnegie Mellon University, Chair LUIZ ANDRÉ BARROSO, Google, Inc. STEVEN M. BELLOVIN, NAE,1 Columbia University ROBERT F. BRAMMER, Brammer Technology, LLC DAVID CULLER, NAE, University of California, Berkeley EDWARD FRANK, NAE, Cloud Parity, Inc. LAURA HAAS, NAE, University of Massachusetts, Amherst MARK HOROWITZ, NAE, Stanford University ERIC HORVITZ, NAE, Microsoft Corporation VIJAY KUMAR, NAE, University of Pennsylvania BETH MYNATT, Georgia Institute of Technology CRAIG PARTRIDGE, Colorado State University DANIELA RUS, NAE, Massachusetts Institute of Technology FRED B. SCHNEIDER, NAE, Cornell University MARGO SELTZER, NAE, University of British Columbia MOSHE VARDI, NAS2/NAE, Rice University Staff JON EISENBERG, Senior Director LYNETTE I. MILLETT, Associate Director SHENAE BRADLEY, Administrative Assistant EMILY GRUMBLING, Program Officer RENEE HAWKINS, Financial and Administrative Manager KATIRIA ORTIZ, Associate Program Officer For more information on CSTB, see its website at http://www.cstb.org, write to CSTB, National Academies of Sciences, Engineering, and Medicine, 500 Fifth Street, NW, Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu. 1 Member, National Academy of Engineering. 2 Member, National Academy of Sciences. PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION vi 

INTELLIGENCE COMMUNITY STUDIES BOARD FREDERICK R. CHANG, NAE,1 Southern Methodist University, Co-Chair ROBERT C. DYNES, NAS,2 University of California, San Diego, Co-Chair JOEL F. BRENNER, MIT/Joel Brenner, LLC ROBERT A. BRODOWSKI, The MITRE Corporation ROBERT T. CARDILLO, The Cardillo Group, LLC TOMÁS DÍAZ DE LA RUBIA, Purdue University Discovery Park ROBERT A. FEIN, McLean Hospital/Harvard Medical School MIRIAM E. JOHN, Independent Consultant ANITA K. JONES, NAE, University of Virginia STEVEN E. KOONIN, New York University ROBERT H. LATIFF, R. Latiff Associates RICHARD H. LEDGETT, JR., Institute for Defense Analyses MARK M. LOWENTHAL, Intelligence & Security Academy, LLC MICHAEL A. MARLETTA, NAS/NAM,3 University of California, Berkeley L. ROGER MASON, JR., Peraton JASON G. MATHENY, Georgetown University CARMEN L. MIDDLETON, Common Table Consulting WILLIAM C. OSTENDORFF, United States Naval Academy DAVID A. RELMAN, Stanford University ELIZABETH RINDSKOPF PARKER, Retired, State Bar of California SAMUEL S. VISNER, The MITRE Corporation DAVID A. WHELAN, University of California, San Diego Staff ALAN SHAW, Director CARYN LESLIE, Senior Program Officer CHRIS JONES, Financial Manager MARGUERITE SCHNEIDER, Administrative Coordinator DIONNA ALI, Research Associate NATHANIEL DEBEVOISE, Senior Program Assistant 1 Member, National Academy of Engineering. 2 Member, National Academy of Sciences. 3 Member, National Academy of Medicine. PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION vii 



Acknowledgment of Reviewers This Proceedings of a Workshop has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published proceedings as sound as possible and to ensure that the proceedings meets institutional standards for clarity, objectivity and responsiveness to the charge. The review comments and draft manuscript remain confidential to protect the integrity of the process. We wish to thank the following individuals for their review of this proceedings: Kathleen Fisher, Tufts University, Eric Grosse, Independent Consultant, Eric Horvitz, NAE,1 Microsoft Corporation, and Una-May O’Reilly, Massachusetts Institute of Technology. Although the reviewers listed above have provided many constructive comments and suggestions, they did not see the final draft of the Proceedings of a Workshop before its release. The review of this proceedings was overseen by Steven M. Bellovin, NAE, Columbia University. He was responsible for making certain that an independent examination of this proceedings was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this proceedings rests entirely with the rapporteurs and the National Academies. 1 Member, National Academy of Engineering. PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION ix 



Contents 1 INTRODUCTION AND CONTEXT 1-1 Opening Remarks, 1-2 The State of Artificial Intelligence, 1-4 2 ARTIFICIAL INTELLIGENCE AND THE LANDSCAPE OF CYBER ENGAGEMENTS 2-1 Introduction and Context, 2-1 Artificial Intelligence and Machine Learning in Cyberattacks: Insights from Hacking Competitions, 2-3 Some Thoughts on the Use of AI/ML in Cyberattacks: Economic and Practical Considerations, 2-6 Artificial Intelligence and Cyber Strategy, 2-8 Panel Discussion, 2-11 3 CURRENTLY DEPLOYED ARTIFICIAL INTELLIGENCE/MACHINE LEARNING TOOLS FOR CYBER DEFENSE OPERATIONS 3-1 AI/ML in Anomaly Detection, 3-2 AI for Identifying Novel Phishing Attacks, 3-4 Selected ML Applications at CrowdStrike, 3-6 Panel Discussion, 3-8 4 ADVERSARIAL ARTIFICIAL INTELLIGENCE FOR CYBERSECURITY: R&D AND EMERGING AREAS 4-1 Adversarial Attacks on Machine Learning, 4-1 Emerging Areas at the Intersection of AI and Cybersecurity, 4-2 Is Robust ML Really Robust?, 4-6 Artificial Adversarial Intelligence for Cybersecurity, 4-8 Panel Discussion, 4-10 5 SECURITY RISKS OF ARTIFICIAL INTELLIGENCE-ENABLED SYSTEMS 5-1 Security and Privacy in Machine Learning, 5-1 Secure Learning in Adversarial Physical Environments, 5-5 Working Toward Formally Robust ML, 5-7 Panel Discussion, 5-9 6 DEEP FAKES 6-1 Deep Fakes: Where Are We?, 6-2 Detection of Forged/Synthetic Content: Visual, Audio, and Text, 6-4 Panel Discussion, 6-6 PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION xi 

7 WRAP-UP DISCUSSION: IDENTIFYING KEY IMPLICATIONS AND OPEN QUESTIONS 7-1 Workshop Takeaways, 7-9 Concluding Remarks, 7-10 APPENDIXES A Workshop Agenda A-1 B Additional Discussion Questions from Sponsor B-1 C Steering Committee and Staff Biographies C-1 D Speaker Biographies D-1 E Abbreviations and Acronyms E-1 PREPUBLICATION COPY – SUBJECT TO FURTHER EDITORIAL CORRECTION xii