Five steps for law enforcement to overcome AI-driven cyber threats

GenAI has the distinct potential to accelerate both the velocity and volume of cybercrime and threat actor events domestically.

In brief

• Law enforcement and cybersecurity leaders will convene at the National Cyber Summit to address AI-driven cyber threats, with a focus on using AI and GenAI.
• The cyber threat environment is intricate, and sifting through data quantities is further complicated by the rise of AI-generated synthetic content.
• Agencies can take five definitive steps in the coming age of AI-driven cybercrime.

More than 1,000 top US law enforcement, intelligence, business and cybersecurity leaders will descend on the National Cyber Summit this September to discuss the current cyber threat landscape and opportunities to use artificial intelligence (AI) and generative AI (GenAI) to improve investigations, accelerate threat mitigation and enhance overall cybersecurity. While ransomware and criminal fraud remain the prevalent crime problems, a key focus will be the role of GenAI and its utilization by federal, state and local law enforcement and private sector organizations.

Members of the Department of Justice (DOJ) and Federal Bureau of Investigation (FBI), representatives of the armed forces, leading cyber professionals and EY leaders are all asking questions and raising concerns about how AI could rapidly rewrite the threat landscape. FBI Director Christopher Wray and Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly have expressed deep concerns about emerging AI and GenAI capabilities and warn that nation-state adversaries and affiliated threat actors are seeking to steal American intellectual property, undermine economic activity and harm critical infrastructure. Hacktivists across the globe are actively compromising small-scale operational technology (OT) systems in North American and European infrastructure as criminal cyber syndicates develop more sophisticated cyber incursion methods.

With more than 41 billion internet of things (IoT) devices expected to be active by 2025,¹ here is our take on how law enforcement agencies and their partners can leverage AI and Gen AI to counteract this growing cyber threat.

1. Enhance security

Law enforcement agencies should continue to encourage a move to eliminate passwords and move to a zero trust environment. Relatively simple ransomware and cyber fraud schemes continue to be the most common risks, so stopping attackers at the front door is key. Consider layering in multifactor authentication (MFA) on top of passwords as an incremental step toward greater security or think about implementing cryptographic and device bound authentication protocols. (Zero trust refers to the security concepts and threat model that no longer assume that actors, systems or services operating from within the security perimeter should be automatically trusted; instead, an organization must verify anything and everything trying to connect to its systems before granting access.)

2. Improve detection/attribution speed with AI investments

Threat actor speed now can overwhelm most organizations’ current threat detection models. With intrusions happening all the time, consider investing and applying new AI-enhanced tooling to reduce the speed differential. Partnering with government and private sector teams to apply new AI-supported threat detection tooling could help offset costs and training challenges. Set realistic goals to assess vulnerabilities, meet with partners who can help complement organic efforts, and practice crisis response and mitigation protocols.

3. Conduct training

GenAI advancements and integration into processes and tools are outpacing the skill sets of many agency personnel. As AI becomes more critical to managing cyber threat and crime data, it will be essential to put into place ongoing upskilling processes and programs to keep employee knowledge current. This is even more essential to retain employees when private sector organizations are aggressively recruiting available market talent. To further address employee concerns, some agencies may find they need to address culture concerns over technology advancements when considering new AI tools.

4. Strengthen partnerships

As outlined by the 2024 US National Counterintelligence Strategy, organizations should look to build partnerships and resilience. A better understanding of the ever-evolving AI and GenAI landscape and the potential utilization of AI technology to better structure, curate and analyze data is critical to develop a strategy to curb future AI-enhanced cybercrime.

5. Prepare for increased cybersecurity reporting requirements

If the Strengthening American Cybersecurity Act signed into law on March 2022 and the potential compliance-related requirements for reporting cybersecurity incidents are further defined, organizations need to prepare for how they will likely have to comply with these requirements.

Critical considerations for preparing for tomorrow’s cybercrime

GenAI has the distinct potential to accelerate both the velocity and volume of cybercrime and threat actor events domestically, adding more stress to government agencies that often are already working at capacity. But with the right governance structures, investments in training and technology, and expansion of partnerships, we can all work together to mitigate the current cybersecurity landscape and prepare for and defeat tomorrow’s AI-enhanced threats.

The views reflected in this article are the views of the author and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.