Security

NIST’s Cyber AI Profile Will Help Agencies Defend Against AI-Enabled Threats

The framework considers AI techniques for attackers and defenders to support organizations.

Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies.

The National Institute of Standards and Technology wants a holistic understanding of artificial intelligence-enabled cyberthreats to develop a Cyber AI Profile for agencies and other organizations.

NIST is assessing both how bad actors leverage AI in their cyberattacks and how organizations can use the technology to thwart said attacks.

The goal is for the Cyber AI Profile to serve as a defensive framework against AI-enabled threats.

“It looks at AI techniques for attackers and AI techniques for defenders,” says Yizheng Chen, assistant computer science professor at the University of Maryland and member of the Maryland Cybersecurity Center. “Its main goal is to support organizations in understanding both risks and opportunities at the intersection of AI and cybersecurity.”

Click the banner below to start implementing smarter security.

Understanding the Cyber AI Threat Landscape

AI already enhances the scale, speed and sophistication of attacks targeting government systems.

“Adversaries are beginning to use AI to write custom malware and to conduct ransomware attacks using novel methods,” says Daniel Kroese, vice president of public policy and government affairs at Palo Alto Networks.

These adversaries are better equipped to go up against the MITRE ATT&CK Framework at every stage, from reconnaissance to initial access to lateral movement, Kroese says.

Fortunately, NIST’s Cyber AI Profile reimagines cyberdefense for this new era.

AI is adding value across the entirety of the cyber product ecosystem.”

Daniel Kroese Vice President of Public Policy and Government Affairs, Palo Alto Networks

How NIST’s Profile Bridges AI and Cybersecurity

The Cyber AI Profile must balance present capabilities with emerging threats and likely won’t be a radical revision of the cybersecurity space.

“We’re not reinventing the wheel,” Kroese says.

Rather, NIST is looking to fine-tune what’s already working and adapt it for the new AI-powered environment.

“We shouldn’t abandon the existing cybersecurity and risk management baseline,” Kroese says. “We should take stock and recognize where there is a need to put an AI lens or wrapper around that, to account for the novel considerations, this new AI attack surface and the new AI threats.”

Click the banner below for the latest federal IT and cybersecurity insights.

A New Taxonomy for Risk Management and Defense

In cybersecurity, a “taxonomy” is a structured, hierarchical classification system used to categorize and organize concepts such as cyberattacks, threats, vulnerabilities and risks. The Cyber AI Profile will likely generate a new taxonomy, one attuned to AI-driven capabilities.

“It will drive standardization, as well as rigor and precision,” Kroese says.

The government has already directed agencies to protect their own AI-driven applications and systems, and a new taxonomy will raise awareness about AI’s risks and opportunities to bolster defenses.

“For example, it can help organizations be more prepared against certain risks because we can deploy AI-enabled systems to detect and patch security vulnerabilities,” Chen says. “And we can also be more aware of vulnerable source code that is generated by AI coding assistance.”

DISCOVER: Are citizen developers the future of agencies’ digital transformations?

What Agencies Can Expect From the Cyber AI Profile

An AI-centered approach to cybersecurity helps defenders understand where the IT landscape is shifting.

“AI agents: That’s a new thing. Training data: That’s largely a new thing,” Kroese says. “What are the unique AI threats we need to protect against, and what are the security controls and related technologies you need to protect against those new AI threats?”

New guidance from NIST could help to bring much-needed clarity in this space.

LEARN: What is agentic AI?

The Cyber AI Profile will examine privacy risks that arise from the use of AI by organizations. Generative AI is already widespread, and agencies are being thoughtful about the data they share with it.

NIST wants to take things a step further by examining how people are using AI tools and what content they’re sharing.

“Generating code and script are very common,” Chen says.

The new guidance will likely identify the vulnerabilities in the code generated by AI tools, Chen says.

The Role of Emerging Tech in Federal Cybersecurity Strategy

Emerging technology is already playing a key role in helping federal cyber defenders adapt to the new threat landscape, starting with AI.

“AI is adding value across the entirety of the cyber product ecosystem,” Kroese says.

That’s particularly true of security operations centers, which are being transformed.

UP NEXT: Automation helps agencies manage threat alerts.

“You have all your different layers of security data coming in, all of the telemetry from your network, from your cloud, from your endpoints, from identity,” Kroese says.

Human attempts to interpret all that data lead to bottlenecks, while a modernized, AI-empowered SOC can automate much of the work. Palo Alto Networks uses AI to pare down 90 billion security events to just 75 serious alerts daily, and often just one requires manual intervention, Kroese says.

“Analysts are addressing that one thing that is important,” Kroese says. “And they’re spending the rest of their time doing proactive threat hunting against the adversary.”

JuSun/Getty Images