AI cyber security threat illustration, black african american IT specialist, artificial intelligence collage

Five steps for law enforcement to overcome AI-driven cyber threats

GenAI has the distinct potential to accelerate both the velocity and volume of cybercrime and threat actor events domestically.


In brief
  • Law enforcement and cybersecurity leaders will convene at the National Cyber Summit to address AI-driven cyber threats, with a focus on using AI and GenAI.
  • The cyber threat environment is intricate, and sifting through data quantities is further complicated by the rise of AI-generated synthetic content.
  • Agencies can take five definitive steps in the coming age of AI-driven cybercrime.

More than 1,000 top US law enforcement, intelligence, business and cybersecurity leaders will descend on the National Cyber Summit this September to discuss the current cyber threat landscape and opportunities to use artificial intelligence (AI) and generative AI (GenAI) to improve investigations, accelerate threat mitigation and enhance overall cybersecurity. While ransomware and criminal fraud remain the prevalent crime problems, a key focus will be the role of GenAI and its utilization by federal, state and local law enforcement and private sector organizations.

Members of the Department of Justice (DOJ) and Federal Bureau of Investigation (FBI), representatives of the armed forces, leading cyber professionals and EY leaders are all asking questions and raising concerns about how AI could rapidly rewrite the threat landscape. FBI Director Christopher Wray and Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly have expressed deep concerns about emerging AI and GenAI capabilities and warn that nation-state adversaries and affiliated threat actors are seeking to steal American intellectual property, undermine economic activity and harm critical infrastructure. Hacktivists across the globe are actively compromising small-scale operational technology (OT) systems in North American and European infrastructure as criminal cyber syndicates develop more sophisticated cyber incursion methods.

With more than 41 billion internet of things (IoT) devices expected to be active by 2025,¹ here is our take on how law enforcement agencies and their partners can leverage AI and Gen AI to counteract this growing cyber threat.

Issues facing law enforcement and cybersecurity professionals

The first thing to note is, this isn’t an easy lift. Cyber law enforcement agencies and task forces face a global ecosystem where the knowledge to commit cybercrime is freely available on the internet and social media, while GenAI-powered tools to commit these crimes are increasingly available. Would-be threat actors can easily find malware-as-a-service online, meaning the universe of potential hackers, threat actors and cyber criminals is exponentially larger and mainstream in society. The lines separating state-sponsored cyber actors from independent ones have blurred as nation-state affiliated cyber actors rent themselves out to criminal organizations and cyber criminals sell their services to nation states. The SolarWinds attack affected 18,000 public and private sector organizations when third-party software gave unauthorized access to hackers.

 

All of this is converging as law enforcement agencies face a deluge of traditional cyber data, texts, audio, video, social media — and now, open-access GenAI synthetic content capable of mimicking real threat actor content and events. In this environment, the collation and analysis of the vast volume of complex data needing to be assessed becomes incredibly time consuming, challenging both the speed and success of determining and preventing emerging or active threats. Agencies are increasingly challenged by the need for massive computational capacity and enhanced threat analysis.

 

5 steps to mount an evolved defense for cybercrime prevention

Governments and their agencies, by their nature, cannot play by the illicit rules used by hackers as terrorists or rogue nation-states because they are constrained by the rule of law and vastly outnumbered. FBI Director Wray has called for a “whole of society” approach to countermand cyber threats, creating joint task forces, sharing operational and analytical capabilities across government, and adopting leading practices from academic and private sector organizations. To further Wray’s collaborative vision for cyber defense, agencies can take definitive steps to better combat the current ransomware and fraud activity and prepare and collaborate in the coming age of AI-driven cybercrime.

1. Enhance security

Law enforcement agencies should continue to encourage a move to eliminate passwords and move to a zero trust environment. Relatively simple ransomware and cyber fraud schemes continue to be the most common risks, so stopping attackers at the front door is key. Consider layering in multifactor authentication (MFA) on top of passwords as an incremental step toward greater security or think about implementing cryptographic and device bound authentication protocols. (Zero trust refers to the security concepts and threat model that no longer assume that actors, systems or services operating from within the security perimeter should be automatically trusted; instead, an organization must verify anything and everything trying to connect to its systems before granting access.)

2. Improve detection/attribution speed with AI investments

Threat actor speed now can overwhelm most organizations’ current threat detection models. With intrusions happening all the time, consider investing and applying new AI-enhanced tooling to reduce the speed differential. Partnering with government and private sector teams to apply new AI-supported threat detection tooling could help offset costs and training challenges. Set realistic goals to assess vulnerabilities, meet with partners who can help complement organic efforts, and practice crisis response and mitigation protocols.

3. Conduct training

GenAI advancements and integration into processes and tools are outpacing the skill sets of many agency personnel. As AI becomes more critical to managing cyber threat and crime data, it will be essential to put into place ongoing upskilling processes and programs to keep employee knowledge current. This is even more essential to retain employees when private sector organizations are aggressively recruiting available market talent. To further address employee concerns, some agencies may find they need to address culture concerns over technology advancements when considering new AI tools.

4. Strengthen partnerships

As outlined by the 2024 US National Counterintelligence Strategy, organizations should look to build partnerships and resilience. A better understanding of the ever-evolving AI and GenAI landscape and the potential utilization of AI technology to better structure, curate and analyze data is critical to develop a strategy to curb future AI-enhanced cybercrime.

5. Prepare for increased cybersecurity reporting requirements

If the Strengthening American Cybersecurity Act signed into law on March 2022 and the potential compliance-related requirements for reporting cybersecurity incidents are further defined, organizations need to prepare for how they will likely have to comply with these requirements.

Critical considerations for preparing for tomorrow’s cybercrime

GenAI has the distinct potential to accelerate both the velocity and volume of cybercrime and threat actor events domestically, adding more stress to government agencies that often are already working at capacity. But with the right governance structures, investments in training and technology, and expansion of partnerships, we can all work together to mitigate the current cybersecurity landscape and prepare for and defeat tomorrow’s AI-enhanced threats.

The views reflected in this article are the views of the author and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.


Summary 

GenAI could potentially escalate the frequency and scale of cyber threats and illegal activities, further burdening government bodies that are typically operating at full capacity. However, by establishing robust governance frameworks, investing in education and technological advancements, and fostering collaborative partnerships, we can collectively address the present cybersecurity challenges and equip ourselves to counteract future threats augmented by AI.

About this article

Authors