Network security graphic user interface background.
Daguk | E+ | Getty Images
When most people hear about cybersecurity hacks, they think of frozen monitors, ransomware requests, and DDoS attacks that compromise connectivity for hours or days.
But some experts fear that with widespread artificial intelligence in the hands of hackers, both lone wolves and nation-states, we may usher in an era of “cyber-physical attacks.”
In fact, the FBI warned Congress last month that Chinese hackers were penetrating deep into U.S. cyber infrastructure in an attempt to cause damage. FBI Director Christopher Wray said Chinese government hackers are targeting water treatment projects, power grids, transportation systems and other critical infrastructure in the United States.
Stuart Madnick, MIT Professor of Engineering Systems and co-founder of MIT Sloan in Cybersecurity (CAMS), studies and writes about the nexus of cyber and physics. He said the proliferation of generative AI is raising concerns that physical attacks will become the next step in cybercrime.
Madnick said he and his team simulated a cyber attack that caused an explosion in the lab. They were able to hack and incinerate the computer-controlled pump motor. Attacks that cause thermometers to malfunction, disrupt pressure values, or bypass circuits can cause explosions even in laboratory environments. Madnick said such a result would have more effect than simply taking systems offline for a while, as in a typical cyberattack.
“If a typical cyberattack takes down a power plant, it will come back online quickly, but if a hacker blows up or burns down a power plant, it will only come back online after a day or two. “Many of the parts for these specialized systems are custom-made, so it can take months. People realize that the downtime can be significant. I haven’t,” Madnick said.
He added that this technology, now powered by AI, exists to wreak havoc on physical systems. Still, for such an attack to occur, three factors must be in place: ability, opportunity, and motivation.
“The only way to keep bad things from happening is to not have enough motivation,” Madnick said. Attacks on physical infrastructure are tantamount to war, but nation-states have so far avoided it.
However, experts differ on the level of threat posed by cyber-physical attacks and how much AI increases that threat.
Tim Chase, CISO of data platform Lacework, said the number of systems that utilize programmable logic controllers (PLCs) is a weakness in the country’s infrastructure.
Chase is concerned that hackers could use generative AI to help write code for PLCs. And if a malicious person takes control of his PLC, it can wreak havoc on industrial systems and cause physical symptoms. And while industrial control equipment is difficult to hack, Chase worries that AI will give “intermediate hackers” the tools to up their game.
“AI makes it easier for people without the skills or patience to attack the industrial control systems themselves,” Chase said.
Many of America’s industrial and healthcare systems remain heavily dependent on decades-old legacy systems with weak protections. The advent of AI makes these vulnerabilities easier to exploit. “If you make it easier to attack, more will happen,” Chase said.
Sivan Tehilla, program director Professor Katz School of Science and Health at Yeshiva University and CEO of cybersecurity management platform Onyxia is also concerned about the potential increase in cyber-physical attacks.
“AI-powered cyberattacks can occur very quickly and are sophisticated and complex to detect and mitigate,” Tehilla said.
But while she sees a growing threat of AI-powered cyber-physical attacks, she said AI can also help good people. “AI can strengthen cyber defenses and combat threats more effectively by analyzing vast amounts of data in real time and identifying malicious activity,” said Tehilla, who also serves in the Israel Defense Forces and specializes in cybersecurity. “They play an important role in detecting and responding to threats.”
Michael Kenney, professor at the University of Pittsburgh and chairman of the university’s board of directors The Matthew B. Ridgway Center for International Security said there are risks when cybercriminals seek to destroy physical infrastructure. They don’t want to destroy vast swaths of the internet because they depend on it. He said terrorists are generally likely to use proven tools that have worked in the past, such as weapons and military equipment.
But Madnick is worried. “If something were to explode, it could destroy not only his unit but other units nearby, causing further problems and harming people,” he said.
