DOD Cyber Crime Center official warns industry about AI-boosted cyberattack ‘kill chain’
A senior Department of Defense Cyber Crime Center official is seeing the quantity and sophistication of digital attacks increase, a trend that he suggests may be attributable to the emergence of new AI capabilities that can aid hackers.
Terry Kalka, director of the DOD-Defense Industrial Base Collaborative Information Sharing Environment (DCISE), noted that malicious cyber actors can now use AI to do a lot of their work.
“I don’t think we’ve gotten to a point where we get a report and we go ‘ah, that was an AI attack there.’ [But] the general trends you see about the increasing numbers of attacks, abandoning of traditional forms of malware, using more sophisticated attacking, living off the land, discovery of zero days — we’re seeing those trends increase pretty much commensurate with what you see in the public. And so we can connect that probably with the ratio of AI,” Kalka said Thursday at the Elastic Public Sector Summit presented by FedScoop.
He continued: “And what really hit home for me just the other day as I was looking at sort of a standard attack kill chain and seeing how much of that can be time-differenced through AI, you can really build a model as an attacker that all you need to do is sort of set basic context [such as directing the model to] ‘go look at this organization, come back to me with, you know, vulnerabilities and what we can get out of them, prioritize them for me. OK, go exploit this. Come back to me when you have, you know, data that I can use and exploit further.’ And … we need our defenders to be thinking along that mindset as well.”
The DCISE plays a leading role in the department’s handling of defense industrial base cyber incident reporting and analysis.
“This is fundamentally an information-sharing partnership. In other words, a data-sharing partnership that has been running since 2008 on the model of sharing actionable, relevant, focused cyber threat information, firstly from the government to industry and from the industry to government. But I think most importantly is that we are the facilitator for industry-to-industry sharing,” Kalka said.
The organization now has about 1,300 defense industrial base partners, according to Kalka.
DC3 also runs the DIB Vulnerability Disclosure Program, which employs white-hat hackers or “researchers” to find vulnerabilities on contractors’ public-facing digital assets so the risks can be mitigated.
“I would strongly encourage you to be sort of red-teaming yourselves and looking at your own vulnerabilities,” Kalka told members of industry at Thursday’s conference. “We can help with that to a degree, particularly anything public-facing.”
Falling victim to cyberattacks can cost companies millions of dollars, he noted.
“I don’t know how many of you have that to spare … so anything we can do to rapidly identify, proactively identify those vulnerabilities is going to be a tremendous help,” Kalka said.
