UK urged to take AI cyber threats seriously
Marking its 10th anniversary year, the annual government conference on cyber security welcomed attendees from industry, academia and government, to hear from a number of leading figures around this year's theme, 'The next decade: accelerating our cyber defence'.
Image courtesy NCSC
In his speech today, Dr Richard Horne (above), CEO, NCSC, said that the country is facing a perfect storm for cyber security against the backdrop of a new technological revolution: "We can’t know precisely what an AI-powered world will look like in 10 years’ time.
"We do know there is an opportunity for it to be a net positive for cyber defence. To achieve that outcome we must embrace it, secure it and shape it.
"We know our adversaries will increasingly apply AI tooling. As we have seen in the media in recent days, frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale. Illustrating how quickly it will expose where fundamentals of cyber security are still to be addressed, such as code shipped by tech producers with significant vulnerabilities, organisations that are not patching with the completeness or urgency they should or that are failing to grasp the nettle of replacing old legacy systems."
He added: "We don’t know when a quantum computer will be able to break the widely used cryptography that we rely on in everything we do. But we do know it is in our gift, to be ready for that point.
"We’ve published guidance that sets out what organisations need to do over coming years to ensure successful migration to post-quantum cryptography and major technology companies are taking the first steps to underpin this."
Meanwhile, Liz Kendall, Secretary of State for Science, Innovation and Technology and Dan Jarvis, Security Minister have written an open letter to business leaders regarding AI cyber threats.
The government is recommending businesses and organisations take the following steps to protect themselves from AI-driven cyber threats:
- Take cyber security seriously, at the very top of your organisation. Larger businesses should use the government’s Cyber Governance Code of Practice to ensure their organisation is sufficiently protected. Smaller businesses should also use the National Cyber Security Centre’s (NCSC) Cyber Action Toolkit.
- Get the basics right with Cyber Essentials. The government’s highly effective scheme protects against the most common attacks. Organisations that hold it are significantly less likely to suffer a damaging cyber incident. Firms should also look to embed Cyber Essential requirements across supply chains.
- Follow NCSC advice and sign up to their Early Warning Service. The NCSC provides free, practical advice, training and guidance at ncsc.gov.uk for organisations of every size. Early Warning is a free service from NCSC, which can inform organisations of potential cyber attacks and give them invaluable time to act before an incident escalates.
For further information: www.gov.uk/government/publications/ai-cyber-threats-open-letter-to-business-leaders
