As artificial intelligence transforms societies across the globe, affecting everything from autonomous vehicles to critical national infrastructure, bolstering digital security against increasingly sophisticated cyberattacks has become a key issue for states and private businesses alike.
To combat the growing risks to national security, researchers and cybersecurity experts are engaged in a seemingly endless race to uncover digital vulnerabilities in the public and private sectors before they can be exploited by malign actors.
Given how strategically important the Indo-Pacific is for global supply chains, officials from Japan, the United States and the European Union have all stressed how crucial it is to bolster cyber defenses in countries throughout the region.
In a bid to tackle the issue, Japan and eight of the 10-member Association of Southeast Asian Nations agreed in October to strengthen private-sector cybersecurity collaboration amid growing concern over China's purported involvement in various state-backed hacking activities.
Speaking on the importance of economic security, Jean-Eric Paquet, head of the EU delegation to Japan, said in an interview that global supply chains are under "massive pressure," including from countries that are causing disruption by hacking other states' critical infrastructure to apply political pressure on them.
While Paquet did not mention any countries by name, he added that non-state actors such as independent hacker groups motivated by financial extortion through ransomware attacks also pose a significant threat.
During a training session held in Tokyo in October, AI-controlled robotic arms used in modern manufacturing plants were hacked in a cyberattack simulation. The machines became unable to complete tasks involving correctly identifying colored blocks.
Though seemingly harmless in a controlled environment, an autonomous vehicle's AI software losing its ability to distinguish between objects while driving, for example, could result in a deadly accident.
The session was hosted by Japan's industry ministry in collaboration with the U.S. government and the European Commission, with invitees from across the Indo-Pacific region in attendance.
"This training will obviously help me" in the event of an incident at a strategically critical facility, such as a power plant, said Sabreina Bodour, a 34-year-old information technology expert from Bangladesh. She added that like many countries, Bangladesh has been facing numerous cyber and ransomware attacks in recent years.
In May 2021, Colonial Pipeline, an 8,850-kilometer fuel pipeline network connecting the U.S. East Coast and the Gulf of Mexico, became the target of a major ransomware attack. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, described the incident as a "watershed moment" in the history of cybersecurity.
The U.S. Federal Bureau of Investigation confirmed that the Russia-based hacker group Darkside was responsible for the attack.
Easterly recalled scenes of snaking lines of cars at gas stations across the eastern seaboard and panicked people filling containers with fuel, which captured headlines around the world.
"This was the moment when the vulnerability of our highly connected society became a nationwide reality and a kitchen table issue," she said in a statement.
Cybersecurity experts point out that society's rapid adoption of artificial intelligence and machine learning means the technology has become more accessible while also generating new vulnerabilities, creating the need for more regulation to protect infrastructure that relies on AI software, sometimes known as cyber-physical systems, to function.
"I hope (this training) will lead to us developing better cyber-physical systems in Asia for the AI era," said Masahiro Uemura, deputy director general for Cybersecurity and Information Technology at the Ministry of Economy, Trade and Industry.
But the integration of AI with critical infrastructure poses unique challenges, as making such systems secure means being vigilant about potential vulnerabilities in the physical and cyber domains simultaneously.
Cyberattacks on AI-run physical infrastructure can cause the software to make classification errors by confusing the AI's neural network. For example, a successful attack on an autonomous vehicle could cause it to misinterpret a traffic "stop" sign as one signaling a 45-mile-per-hour speed limit zone.
Takuho Mitsunaga, an associate professor at Toyo University's Faculty of Information Networking for Innovation and Design, called AI an imperfect but essential tool in Japan, as the country is facing labor shortages amid a declining population and collapsing birth rate.
With extensive research under way around the world that is investigating AI's vulnerabilities, Mitsunaga said one way to become more resilient to cyberattacks by malign actors is to diversify and strengthen systems by training them up on masses of synthetic data, making such systems harder to fool.
Just like humans, Mitsunaga explained, AI can be naive and easily exploited if it is only trained on data of narrow relevance to its task. He stressed the necessity of leaving room for human involvement to prevent catastrophic disasters.