Cyber & Physical with AI

12393265284?profile=RESIZE_400xWhen most people hear about cybersecurity hacks they envision frozen monitors, ransomware demands, and DDoS attacks that compromise connectivity for a few hours or even days.  Some experts, though, are worried that with the arrival of widespread artificial intelligence in the hands of hackers, both lone wolves and nation-states, we may be entering the era of the "cyber-physical attack."

In fact, last month the FBI warned Congress that Chinese hackers have burrowed deep into the United States' cyber infrastructure to cause damage.  FBI Director Christopher Wray said Chinese government hackers are targeting water treatment plans, the electrical grid, transportation systems and other critical infrastructure inside the US.[1]

An MIT professor of engineering systems and co-founder of Cybersecurity at MIT Sloan (CAMS), who has studied and written about the cyber-physical nexus, said with the widespread arrival of generative AI, concerns about physical attacks being the next phase of cybercrime have grown.

More than taking a system offline - MIT said that it and it’s team have simulated cyberattacks in the lab, resulting in explosions.  They were able to hack into computer-controlled motors with pumps and make them incinerate.  Attacks that cause temperature gauges to malfunction, pressure values to jam, and circuits to be circumvented can also cause blasts in lab settings. Such an outcome, they said, would do far more than simply taking a system offline for a while, as a typical cyberattack does.  "If you cause a power plant to stop from a typical cyberattack, it will be back up and online pretty quickly, but if hackers cause it to explode or burn down, you are not back online a day or two later; it will be weeks and months because a lot of the parts in these specialized systems are custom made.  People don't realize downtimes can be substantial," MIT said.

The technology, now boosted by AI, exists to wreak havoc on physical systems.  Still, three elements must be in place for such attacks to occur: capability, opportunity, and motivation.  "The only thing really keeping bad things from happening is there is not sufficient motivation," they said.  Attacks on physical infrastructure would be tantamount to war, and so far, that is something nation-states have avoided.

Experts, though, vary on the threat level from cyber-physical attacks and how much AI is raising it.  The CISO at data platform Lacework, said that the number of systems utilizing programmable logic controllers (PLCs) is a weak spot in the nation's infrastructure.  He fears that hackers could use generative AI to help create code for PLCs. And once a bad actor has control of a PLC, they can wreak havoc on industrial systems that can result in a physical manifestation.  And while industrial controls are tricky to hack, Laceworks does worry that AI gives the "mid-level hacker" tools to up their game.  "AI can make it easier for someone who lacks the skills and patience to attack industrial control systems themselves," it  said.

Many of the industrial and health-care systems in the United States still rely heavily on decades-old legacy systems that have weak protections.  AI's arrival will make it easier to exploit these vulnerabilities. "Anytime you make attacks easier, more will happen," experts say. 

A program director and professor at Katz School of Science and Health, Yeshiva University, and CEO of cybersecurity management platform Onyxia, also worries about the potential rise of cyber-physical attacks.  "AI-powered cyberattacks can happen very quickly, and they are sophisticated and complex to detect and mitigate," she said.  But while she views the threat of AI-assisted cyber-physical attacks as growing, she said AI also assists the good guys.  "AI plays a crucial role in enhancing cyber defenses, detecting and responding to threats more effectively by analyzing vast amounts of data in real-time and identifying malicious activity," said YU’s professor, who also worked in the Israel Defense Forces, specializing in cybersecurity.

A University of Pittsburgh professor and director of the university's Matthew B. Ridgway Center for International Security said that there are risks for cyber criminals in trying to destroy physical infrastructure.  They don't want to take down vast swaths of the internet because they rely on it also.  He said terrorists, in general, are more likely to use tried and true tools that worked in the past, such as weaponry and military hardware.  But he does worry.  “when something blows up, it not only destroys that unit but other units nearby, which can be more problematic and hurt people," he said.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.     For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or    

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/
  • Website: https://www. redskyalliance. com/
  • LinkedIn: https://www. linkedin. com/company/64265941 

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

This reply was deleted.