Could organizations use artificial intelligence language models such as ChatGPT to induce voters to behave in specific ways?
Sen. Josh Hawley asked OpenAI CEO Sam Altman this question in a May 16, 2023, U.S. Senate hearing on artificial intelligence. Altman replied that he was indeed concerned that some people might use language models to manipulate, persuade and engage in one-on-one interactions with voters.
We are all witnessing a revolution in the progress of artificial intelligence (AI) and its adoption. AI’s latest content creation capabilities have created an enormous interest in the media and the public.
ChatGPT most recently demonstrated an astonishing ability to generate coherent text when you ask it to write an essay or answer a question. Along with excitement, many ethical questions immediately popped up. Are these systems able to reason on par with humans? Are they aware of the content they generate? Are their answers fair and unbiased? Continue reading
J
effrey W. Brown is a recognized information security and IT risk expert with a strong track record of more than two decades implementing cost-effective controls for global Fortune 500 financial institutions including Citigroup, Goldman Sachs, GE Capital, BNY Mellon and AIG. He currently serves as the first CISO for the State of Connecticut. His latest publication, The Security Leader’s Communication Playbook, is scheduled to be published in the Fall, 2021 by CRC Press. Continue reading
The world’s supply chains are being tested like never before, Supply chain conditions traditionally affect countries’ rankings within the annual index.
As one of the world’s largest safety & loss Prevention and supply chain resilience experts, today has identified six facets of the current supply chain crisis that exemplify threats to business resilience. Continue reading
Dan Shoemaker, PhD is a Professor and Director of the Graduate Program in Cybersecurity at the University of Detroit Mercy, were he has worked for over 35 years. He has also spent fourteen years as the Principal Investigator for the National Security Agency’s Center of Academic excellence in Cyber Defense at UDM’s Center for Cyber Security and Intelligence Studies. He has worked for the Department of Homeland Security and helped to author the DHS Software Assurance Common Body of Knowledge and has also written some of the leading textbooks on Cyber Security. (You can see Dan’s complete bio here.)
We provided him with our Drivers of Change 2020 list and then asked him to respond to the following questions.
It’s comprehensive to say the least. I can tell you that I sincerely believe that the advent of the internet will be viewed by history as utterly instrumental in shaping our perceptions and norms, as much as the invention of the printing press irreversibly altered society six hundred years ago. The difference is that the transition from the pre-internet reality to the present virtual way of doing business has been something like thirty years (not three hundred – assuming the industrial age marks the beginning of the next incarnation). So, any projections about norms and perceptions are just guesses (who would have thought that Amazon would be where it is twenty years ago?). From a cybersecurity standpoint we have so far overreached in our rush to virtualize everything in our way of life, that we are now, without intelligent safeguards, about as exposed as toddlers wandering around in the middle of a freeway. And rather than developing a measured plan to stave off the Armageddon that one lonely Unabomber type could drop on us, we continue to rush to exploit the potential of cyberspace to open ourselves further to attacks. So my recommendation with respect to thriving is to make friends with the Amish – because sooner or later we are going to have to learn to live without electricity.
Assuming you are referring to cybersecurity. The current field is based around electronic control (e.g., virtual) responses to attacks, which are becoming increasingly effective – particularly as AI drives them. The problem is that electronic losses only constitute about a third of the problem. The other two thirds come from human and physical exploits which are simply not part of the normal definition of an appropriate area of accountability for the profession of cybersecurity. It seems a bit reckless to draw a distinction between a loss to electronic causes versus one to a physical, or human exploit. But that’s the current situation as it exists in the field. There is an increasing awareness that cybersecurity has to deal with the complete problem as a whole and that has been promulgated in two important standards, the NIST Workforce Framework and the CSEC BOK for Education. However, a fully integrated understanding of cybersecurity as being oriented toward full and comprehensive protection is still running into the old-fashioned perceptions that it is a computer discipline. Given the annual losses to cybersecurity attacks, which totaled two trillion dollars worldwide in 2018 and are expected to double, or even triple by 2021, it seems like sooner-or-later we will start to approach the problem holistically. However a change of perception in the procession as a whole will have to take place first.
That might be an appropriate question for somebody in a different profession. But in the case of a field with a history of perhaps twenty-five years (on the outside) the amount of change between 1995 and 2020 has been simply inconceivable. I realize that the thinking dates back to the 1960s but that was a different situation. Now, in an era where dDOS’s [distributed Denial of Service attacks] are powered by household gadgets and Alexa is listening in on your daily life, the internet is a game changer. There will be no stopping the acceleration of events because there is too much money to be made exploiting cyberspace. So it is useless to speculate what the future will look like. But keep in mind that the advent of everything from IoT to the Cloud has all taken place in the past fifteen years. Nobody thought about that back in 2005 because most of the technology didn’t exist and God only knows what it will be like in 2025. Given past history it will be profound and perhaps game changing for society.
You are talking about virtual technology in a global environment. The world-wide-web bestows many blessings. But because we only have a hazy understanding of the consequences of falling down the latest technological rabbit hole, the exposures are profound. We are essentially reaching Rosseau’s ideal of the community of man because all geographic and social boundaries have been eliminated and we are all together in one virtual milieu. Whether that community is going to be an enlightened ideal, or a mob looking to cut off the heads of the organized State is yet to be determined. But all you have to do is spend time in the darkweb, or Facebook for that matter and you will get the impression that a bunch of folks with pitchforks and torches are headed your way. From a commercial standpoint, it has to be understood that the virtual world is doing business in a town without a sheriff, or any real ability to protect itself from the bad guys. In fact, because there is no effective law enforcement the wise person will start from the assumption that they are going to be attacked multiple times in many different ways and prepare their defenses accordingly.
The cybersecurity profession will have to stop fighting the last war and begin to accept the simple reality that a loss, is a loss no matter which attack surface has been penetrated. That response must be anchored at the C-Suite or with the Board because IT is not in a position to either understand the problem or enforce all of the varied elements of the solution. The field itself is huge, much broader than is being portrayed by the conventional thinkers and we will either adapt or die. That’s because there are so many creative paths a hacker can follow to get at your system. For instance, no hacker in their right mind would pound their head on an unbreakable firewall when they could bribe the system manager, who is notoriously underpaid and over trusted, to simply let them in. Thus the profession is going to have to take its electronic blinders off and start looking at the problem proposition as a whole. Once they do that, we might be able to devise strategies to counter the current wide array of highly creative fellows out there in cyberspace who view us all as little wooly lambs and they’re the big bad wolf. The sheep who consider themselves as safe are only fooling themselves. The wolf just hasn’t gotten around to eating you yet. So, adapting a highly diversified response to the threat environment is a must if we want to survive.
The field is red hot and there’s gold in them their hills. That’s the good news. The bad news is that there is very little informed leadership and most of the responses are both disorganized and ad-hoc by definition. That’s because the elements of the organization that are accountable for cybersecurity are either limited in scope, or even worse, don’t know that they are part of the solution (physical security for instance). The field is looking for a visionary leader who’s willing to tell the emperor that he’s naked. But there are a lot of folks with a dog in the fight who have plenty to lose if we shift focus to a different set of norms. Hence, the war between the true believers in technology as the solution and the people who want to approach the problem top down as a strategic control issue will probably rage on for a few more years. If you don’t mind playing whack-a-mole with the black-hat community then you can settle into a nice technological rut and enjoy the current situation playing with all of the fun technologies that pop up like mushrooms after the rain. If you like substantive success you might get a little frustrated since the loss statistics are increasing logarithmically and there’s no sign that there’s help around the corner.