Spies, cyber experts brace for AI era

Presented by

With help from Maggie Miller

Driving the Day

Artificial intelligence will reshape both the threats U.S. intelligence agencies face and how they fight them, say a trio of top cyber officials.

HAPPY MONDAY, and welcome to Morning Cybersecurity! I was a big believer in the “under-promise, over-deliver” mantra. And then I posted the following messages in a team Slack where we share our daily to-do lists:

May 1: “Haircut.” May 2: “Haircut (today is the day!)”. May 3: “Haircut (finally)”.

For what it’s worth, I did have other plans those days. No, I did not get my haircut on May 3rd. And yes, I did get it on May 6th!

Got tips, feedback or other commentary? Send them my way at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.

At the Agencies

A REVOLUTION IN INTELLIGENCE AFFAIRS — It’s still too early to tell whether brilliant but soulless robots will mean good or bad news for the red, white and blue.

But judging by the two days your now-freshly coiffed MC host spent at last week’s Vanderbilt summit on modern conflict and emerging threats, two things are clear: Artificial intelligence is changing the way the U.S. intelligence community keeps the country safe — and who they’re keeping it safe from.

“I can’t think of anything” that’s changed the modern threat landscape more than the smartphone, Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the NSA, told me during a small press gaggle at the tail-end of the conference.

And that, continued the four-star, is “going to be the level of what AI will be to our economy and how we conduct operations.”

Helping the good guys — AI will give government agencies a leg up in their signals intelligence and cybersecurity missions, Nakasone and other U.S. officials told me last week.

For example, Naksone said the nation’s cyber warriors are already using it to ferret out needles of anomalous behavior in the haystack of the command’s 1.4 million daily network users. In another press gaggle, CISA Director Jen Easterly said the tech could prove “enormously helpful” in translating computer code from insecure languages to those with built-in security features.

AI could even help the NSA — which steals text and voice communications from across the globe — effortlessly translate “a bunch of dialects few other people care about,” Gil Herrera, the NSA’s director of research, proffered during a 1-1 sitdown.

Pumping up the bad — But there’s no guarantee that those defensive improvements will outpace the risks posed by the (pretends to be) omniscient tech.

Just as AI is giving a boost to NSA linguists, it could turn keyboard crooks into plundering polyglots, allowing them to craft error-free phishing messages and “giv[ing] average coders abilities that they didn’t have before,” said the NSA’s Herrera.

“I’m watching very carefully” to see whether Russians begin integrating generative AI into their disinformation efforts, added Nakasone.

And worst of all, AI could even equip terrorists, crooks and state-backed malefactors with the knowledge needed to build everything from cyber weapons to bioweapons, Easterly warned during a fiery, Friday morning keynote on the perils of reckless innovation in AI.

Changing with the times — Despite the strong rhetoric, even Easterly isn’t ready to give up on all the good that AI has to offer.

Still, she said, the U.S. government will have to make big changes if it wants to chart a safe course through the choppy waters of our AI future.

“I don’t think we have a choice,” Easterly told me on the sidelines of the conference. “At the end of the day, we have to do something different to be able to deal with a world of continually aggressive threats.”

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

On the Hill

SWALWELL WEIGHS IN — Rep. Eric Swalwell (D-Calif.), ranking member of the House Armed Services Committee’s cybersecurity subcommittee, is working on legislation to firm up CISA’s Joint Cyber Defense Collaborative, the new CISA hub for public-private cyber collaboration.

In a chat about his cyber priorities with Maggie and other reporters in his Washington office on Friday, Swalwell dug into the details of his draft legislation on the JCDC that he’s hoping will put the group on stronger footing. It stems from concerns Swalwell heard from company leads at last month’s RSA Conference in San Francisco.

“This was a common theme in RSA, just frustration over JCDC or not knowing exactly what it does,” Swalwell said. “We’re hoping this could be the debutante for JCDC, that we could write a bill that makes it clear who they are, what they do, and if you’re eligible, how you can get in.”

Swalwell said he hopes to introduce the bill before the annual congressional August recess, but that given the feedback the draft legislation has been getting, it will need to be updated before being rolled out.

— Wait, there’s more: JCDC is far from Swalwell’s only cybersecurity concern. He hopes to dig into the issue of the cyber insurance market as part of his work on the subcommittee, noting that cyber subcommittee Chair Andrew Garbarino (R-N.Y.) is also interested in tackling the problem.

“My fear is that we would have a major attack that wipes out a sector, and then the insurance companies can’t even back the policies, and then that would be a major economic collapse,” Swalwell said. “I want to try and head that off … Andrew and I share that as a priority.”

— China, China, China: Geopolitical concerns also weigh heavily for Swalwell, who visited both Ukraine and Taiwan last year and said he thinks about the need to prepare Taiwan for a potential Chinese invasion “every single day.” He warned that if Taiwan were invaded, the island would likely be cut off entirely from any foreign aid, something that was not an issue in Ukraine, where Russia invaded the East and left open the Western portion of the country.

“We need to make sure right now, before an invasion happens, whether it’s a cyber invasion, whether it’s a naval blockade, that whatever it is, that they are thinking through all this and they’re prepared years ahead of time, like the Ukrainians were,” Swalwell said.

Ransomware

INCIDENT REPORTING PROGRESS — While ransomware attacks continue to surge against groups like hospitals and K-12 institutions, CISA has made progress on stopping some of these attacks prior to impact in the past few months due to last year’s cyber incident reporting law, Maggie writes in.

Valerie Cofield, chief strategy officer for CISA, said during a panel at a Ransomware Task Force event on Friday that the agency’s ransomware vulnerability monitoring pilot program, launched in February as required by the Cyber Incident Reporting for Critical Infrastructure Act, has ensured greater cybersecurity for critical infrastructure groups.

Cofield noted that through the program, CISA was able to alert 93 critical groups earlier this year that their systems were still in danger from the Microsoft Exchange Log4Shell vulnerability, a major exploit that has been used by Chinese and Iranian hackers, among others, to target devices around the world. Cofield said CISA saw a “30 percent uptick in patching that vulnerability” after informing the companies of the danger.

— Little help from friends: In addition, CISA recently began “a pre-ransomware notification initiative,” something that Cofield described as an “outgrowth of the JCDC.” The program involves the private sector giving cyber threat intelligence research to CISA, which then warns companies in danger of being attacked, both domestically and internationally.

“We’ve actually sent out 150 notifications this calendar year alone, 40 of them internationally,” Cofield said. “It’s been K-12 schools, it’s been state and local governments, it’s been hospitals … we were able to actually help a city in Europe; we notified them of this activity, and they were able to patch their vulnerability so that they weren’t encrypted.”

Tweet of the Day

This is a safe space to make fun of Vladimir Putin:

What We're Reading

War, Weapons and Conspiracy Theories: Inside Airman Teixeira’s Online World.” (New York Times)

Quick Bytes

— The Biden administration is considering selectively banning ransomware payments. (POLITICO)

— CISA Director Jen Easterly has penned an op-ed on the two-year anniversary of the ransomware attack on Colonial Pipeline.

— Google, OpenAI risk losing the AI race to the open source community. (Business Insider)