How businesses can manage security for AI and the IoT
What if your house wanted to kill you?
It’s a pretty classic horror movie question, one that video games like System Shock and Portal and movies from “Demon Seed” to “2001: A Space Odyssey” have given a technological edge. When we give machines control of our environment, we make ourselves vulnerable, and what might an inhuman intelligence do with that?
As we turn to the internet of things to help with manufacturing and utilities, to let us monitor our homes and to help us age in place, some of our concerns haven’t seemed so far-fetched. The rise of AI, especially generative AI, has produced more worry – and not all of it is unjustified. When AI and the IoT intersect, major problems could and do arise.
HAL 9000 probably won’t be the culprit, though. Hal from down the block – or across the Atlantic – is the real threat.
AI and the IoT: An explosive combination
The internet of things makes a tempting target for hackers by itself: The data that lets your house know what temperature you like or keeps power grids humming smoothly is also extremely valuable. On a larger scale, hostile actors could seize control of power plants, transportation systems or hospitals, potentially threatening people’s lives. Private citizens might demand ransoms, while state actors could take down infrastructure as Russia allegedly did in Ukraine.
Now add AI.
Not only does the technology generally make hacking more efficient and give social engineering a boost, but it also opens entirely new pathways for IoT attacks. Malicious actors could “poison” a model’s training data to tilt behavior in a particular direction, enter inputs that break the AI behind a device and grab potentially sensitive information by accessing the training data in a model inversion attack.
In industrial IoT, complex systems and a broader attack surface mean that a single breach could cause a cascade that affects multiple elements of a business or community. One such attack shut down operations at Taiwan Semiconductor Manufacturing Co., costing it an estimated $255 million in revenue.
Two great tastes
Not all combinations of AI and the IoT lead to crashing plants and stolen passwords. AI can actually help improve cybersecurity in general, and particularly the security of IoT systems, with a constant presence and an “eye” for patterns that no human can match.
A program could process vast amounts of data, analyzing it for potential threats like unauthorized access attempts. In case a breach does succeed, AI could shift encryption in real time, responding to sensitivity and traffic to ensure malicious actors don’t get what they’re looking for even if they can grab the files themselves.
On a more basic level, automatic updates could keep homes, businesses and other organizations equipped with the latest defenses against ever-changing vulnerabilities and tactics.
Business responsibilities for AI and the IoT
As is so often the case when dealing with technology, the real horror comes from people – both those who willfully misuse AI and the IoT for their gain or national interests and those who fail to implement necessary security. Businesses have to develop comprehensive, proactive strategies that address potential threats before they emerge and keep reevaluating them as the security landscape evolves and new software or hardware appears. Countries need to enact regulations like the EU’s AI Act, which focuses on data protection, accountability and other crucial elements of AI safety.
Finally, individuals must practice good cyberhygiene, knowing and following best practices to ensure they’re not the weak link.
Conclusion
We’ve given machines a lot of power over our lives, and that’s not likely to stop any time soon. The IoT really is convenient for individuals and organizations, AI really can make certain processes more efficient and less costly, and we don’t tend to give up on new technology once we’ve started using it.
The real issue is how we can make AI and the IoT safe and reliable, and that requires a lot of human ingenuity and cooperation.
Subscribe to SmartBrief’s FREE email CompTIA newsletter to see the latest hot topics in education. It’s among SmartBrief’s more than 250 industry-focused newsletters.