Leveraging AI for cybersecurity 

Artificial intelligence (AI) is a double-edged sword for cybersecurity. 

While it can be incorporated into threat detection systems, it can also be used by hackers to compromise the network, according to Indonesia National Police's Deputy Director of Cybercrime, Dani Kustoni.  

"It is important for us to gain a better understanding of AI-powered cyber-attacks and develop stronger detection systems so that we don't lose to the attackers," he added. 

Dani Kustoni was speaking at the panel Navigating the Future of Cyber Threats: AI, Ransomware and Effective Response at the GovInsider Live Indonesia 2024 conference held in Jakarta, November 14. 

Other speakers were Academy Computer Security Incident Response Team's (ACAD-CSIRT) Chief of Operation, Charles Lim; National University of Singapore's (NUS) School of Computing Executive Education Fellow, Zaid Hamzah; Artificial Intelligence Industry Research and Innovation Collaboration's (KORIKA) Innovation Expert, Tan Gwan An; and Ministry of Communications and Digital's National Data Centre Security Management Team Leader, Adi Affandi. The panel was moderated by Swiss German University Cyber Security Researcher Yevonnael Andrew. 

According to Dani, AI-powered malicious attacks can read an organisation's security system, automate the search for security flaws, disguise themselves and avoid detection.  

"No system is 100 per cent safe from attack. Even if we think our [cyber resilience] is strong, AI can still pick holes."

To subscribe to the GovInsider bulletin click here.

GenAI adds complexity to the environment  

ACAD-CSIRT's Charles highlighted that the emergence of generative AI (GenAI) has added further complexity because GenAI can be used to generate unique codes that can exploit system vulnerabilities.   

Through social engineering attacks, criminals design emails or URLs in such a way that people would be tempted to click on links containing ransomware. AI is able to generate natural conversations that are not easily filtered as spam, and this makes ransomware attacks more difficult to detect. 

"Now we flip the logic. Defenders can also use AI to detect threats faster and generate AI capabilities to automate and protect systems," he said. 

NUS’ Zaid Hamzah added that AI/ML (machine learning) are the future of cybersecurity. However, it’s important to separate AI for cybersecurity and AI security. "If you use more AI tools to develop a cybersecurity framework, you have to make sure that it is secure," he said.   

Improving the capabilities of the defenders 

According to Zaid, AI on its own will never replace humans, but humans who master AI and cybersecurity will replace those who do not have mastery over AI. 

"By investing more [learning] in AI, especially GenAI, we can produce something stronger and more secure in the future." 

As security threats are becoming more complex, we will need to accelerate their learning so that we can be better than the bad guys. Organisations must focus on the people and right skillsets. Technology will always be easier to learn. The issue is how agile we are in understanding something new, he added.  

Zaid cited how Singapore has started an initiative to incorporate AI in cybersecurity by creating a platform for professionals to exchange knowledge about AI for cybersecurity and cybersecurity for AI. The platform aims to create simulations on how to manage AI attacks on government and industry. 

Charles added that as people are spearheading cybersecurity, it is important to address the current skill gap and equip professionals with adequate skills. ACAD-CSIRT, an institution that brings together cybersecurity incident response teams in universities, has organised cybersecurity training at various layers to support the country's security posture.

KORIKA’s Gwan An added that the industry tends to recruit someone who is a master of both AI and cybersecurity, whereas AI and cybersecurity are two very specific fields that require in-depth knowledge. “They are separate entities and cannot be equated”.  

The next challenge is the high cost of security solutions. To utilise the advantages of AI, highly advanced devices such as supercomputers or even quantum computers are required. "We must increase the capacity of technological tools for defenders to take advantage from the attackers."  

To subscribe to the GovInsider bulletin click here.

Closing the PDN security loopholes 

The Ministry of Communication and Digital’s Adi Affandi explained the efforts the government has made to close security gaps and improve cybersecurity protocols at the Indonesia’s National Data Centre (PDN) following the June attack.

"These steps include strengthening cybersecurity infrastructure by adding components to detection systems, firewalls, data encryption, including using Extended Detection and Response (XDR) automated solutions," he said.   

Next is strengthening the regulatory and governance aspects. Standard operating procedures were tightened with the aim of improving rapid response to incidents. The ministry is also conducting regular security assessment audits in collaboration with the National Cyber and Crypto Agency (BSSN).

“The most critical thing is how to create a sense of shared responsibility between PDN managers and users. This is important before we launch on-prem PDN in the near future," Adi added.  

The panel concluded with closing statements from all panelists on the importance of cooperation to improve cybersecurity posture and encouragement for all organisations to share information and expertise. Panelists also highlighted the importance of ASEAN countries working together to strengthen the AI foundation for cybersecurity.