When it comes to cybersecurity, AI is our best hope in a profession that generally lacks hope

Byline:
, , , ,
,

O P I N I O N

CYBER DEFENDER

By Christopher Plummer

I’ve had a busy start to the year, in terms of in-person events and speaking opportunities – things which are unusual for me but something I do consider important. Even when these commitments start to feel dreadful as the pressures of work and life begin to conspire against earlier good intentions. It is nice to be out from in front of a screen once in a while and engaging with live humans. Like any skill, it’s something I think is worth practicing, for those of us who do not generally experience work life “in real life” and sit behind a desk in our homes. 

I avoid a lot of public events and turn down a lot of speaking opportunities. A lot of people just want to talk. I don’t consider myself one of those people. I want to talk, but only if I’m genuinely contributing something meaningful. Over my career I have endured so many loud voices in this world of technology, purveyors of word salad, talking loud and saying nothing to quote the godfather of soul, and my tolerance for these performance actors is like zero point zero. I’m acutely aware of how little time I have on this Earth, and how much you have, and I want to make the most of it for both of us. So I tend to stay home, to a fault sometimes.

It’s always meaningful for me to talk about cybersecurity with students in our city’s schools, which I’ve done regularly over the years here in Manchester. I was able to share the story of the 2023 Gmail bug (covered by this very news outlet you’re reading right now!) in person at Manchester Community College this year for the very first time. Along the way during that talk, I shared a story (for another time) of my college application process, which involved a supplemental essay I wrote, which ultimately led to an incredible opportunity for me to attend UNH. A student in the audience asked me about that essay – what about it do I think was so meaningful to UNH. What about that essay stood out, and appealed to whoever decided to accept me and extend to me a very generous aid package. 

As I’ve never talked about this before with a live audience, I had never been asked this question and I had never considered how to answer it. But what I said to this person was undeniably true as it was unscripted – that essay was from the heart. It was personal, and it was human. It demonstrated both that I was a deserving person, and that I had the capacity to learn. It was above all authentic, which sent a great wave of concern through my thoughts as I said that, given the present state of our world and AI. I could do no more than caution this person, and by extension the audience, how hard this was going to be going forward – to demonstrate your humanity in a world that is actively trying to replace it. 

I’m as frustrated about AI as I am optimistic about it. I’ll tell you about both sides of that.

I loathe what AI is doing to our culture. It is an uncontained wildfire trying to decimate every creative thing our civilization has ever built. It is laying waste to the very concept of originality, forever requiring us to deeply inspect every facet of our environment to understand if something is the product of a human mind and human hands, or from a robot. AI is consuming jobs and entire careers, outright replacing real people against their will, a choice made by the very creators of AI who decided this technology would do the work of human beings, whether human beings wanted it to or not. Specific to my line of work – cybersecurity – it has created a whole new universe of risks and stressors no one asked for, that no one needed, that no one yet knows how to adequately address. You couldn’t write a check right now to solve some of the security problems AI is creating, even if you wanted to. Altogether, AI doesn’t seem to have a whole lot going for it, and on most days of the week, I hate it. I deeply hate it, I hate its evangelists, and I wish it would go away.

My optimism about AI lies very narrowly in the world of cybersecurity signal data science. I describe this particular science as “the hard problems in our world of security that humans can’t solve on their own,” and we have a few of those problems. They are generally the scary, needle in a haystack problems, like spotting an intruder on your network stealing information, but masquerading as a real employee, while sending stolen information to an assumed-good destination a lot of real employees already use for legitimate purposes. That’s a good example. That is a pretty great application of AI, divining “normal” from “abnormal” through a process of long-term behavioral correlation across disparate sources of data. TL/DR – it’s the kind of thing we want a robot to do. It’s the thing we always dreamed a robot would do.

We want to use our very limited cybersecurity people resources to do other things, higher-touch things, things which require true institutional knowledge and irreplaceable experience. Today our limited cybersecurity people resources do try to work on some of these hard problems, but it’s a losing fight. When we are facing our cyber-equivalent showdown with Thanos and his sprawling army of cybersecurity challenges, standing there bloodied and beaten and alone, we’d be more than happy to have AI coming through a portal on our left. Heroes don’t scale, unfortunately, and we know this. Especially in the protection of critical infrastructure, like our hospitals. AI is the force multiplier. At least, it could be. We have years of suffering yet to go, I think, until AI finally becomes both reliable and accessible – the key is accessible – enough to make a real difference across an entire sector, like healthcare, or energy, or water. These are sectors where you can’t have weak links, you can’t have security “haves” and “have nots” – everyone deserves and truly needs the same standard of protection. But to summarize, lest we turn this thing into a never-ending manifesto stream of consciousness piece, AI is the best hope we have, in my line of work – a line of work that generally lacks hope.

I wrote that UNH admission essay – which has now spawned this article – over 30 years ago. In that time, a copy of it has moved with me everywhere I’ve lived, at least a half dozen different places, stored away in the same grey plastic box it always has been, now hidden away in the corner of a closet. It’s a document I owe an awful lot to, arguably my entire life as I know it today, but I’ll never read it again. I can’t do it. It’s a product of a different time, a worse time. A hopeless time. A time that, to me, is incomprehensible now. But I know it exists. And I know that document is full of real thoughts, and real feelings. It is unmistakably the product of a human and a human experience. That is going to be the thing every one of us will be challenged with for the rest of our lives. The fight for our own authenticity, and for identifying authenticity. Is this real. Is this not real. Is this AI, or enhanced or polished with AI. What is really you. What is from the heart. What you will need, in some form, whatever it looks like, whatever it is that you’re working on, from now until the end of time, is your version of that essay. The thing, the voice, the language, the story, the message. It must be undeniably you.

This interaction from “I, Robot” is appropriate. Will Smith’s character enters a room and winks, and the robot Sonny questions, “What does this action signify? As you walked in the room, when you looked at the other human. What does it mean?” To which Will responds “It’s a sign of trust. It’s a human thing. You wouldn’t understand.”

Wink.

Chris Plummer hedshot

Chris Plummer is a cybersecurity architect from Manchester. Nearly expelled from UNH for hacking in 1996, Chris has gone on to serve the US Navy and New Hampshire hospitals as a cyber defender in a career spanning nearly three decades. In 2023 he discovered a major vulnerability in Google’s Gmail, forcing security changes at some of the world’s largest names in tech. Chris has been a White House cybersecurity advisor for healthcare, served as an expert panelist for federal agencies, and his work has been covered in podcasts and media outlets across the globe – including this one! He is an assistant martial arts instructor here in the city, has run up McIntyre hundreds of times, and is a regular at the Backroom. You can reach him at icdtad.mail@gmail.com

Sign up for the FREE daily newsletter and never miss another thing!

Subscribe

* indicates required

Support Ink Link

Header photo by Stonewall Photography