Understanding threats and securing critical infrastructure in the age of LLMs

Abstract:
A recent DP World Australia incident has shown that a single cyber-attack can cripple an entire nation’s supply chain and the current trends indicate a hundredfold increase in the frequency of such attacks over the next five years. In the meantime, a fast digital transformation of the Norwegian industry without proper improvements in security may have left older systems vulnerable. Gaps in the coordination and visibility between its security and operation make it hard to prepare and respond to threats.

Threat intelligence is about understanding threat trends, such as actors' capabilities, motivations, techniques, and tactics, and their effects on an organization's business and industry. This knowledge helps companies not only respond to threats when they happen but also understand and manage the associated risks in advance. It is a difficult analytical skill that requires keeping up with large quantities of complex and vastly changing information, and our research indicates a need for more skilled personnel and tools to address this challenge effectively.

We will start this talk by explaining the challenge and sharing several use cases where Large Language Models (LLMs) can augment threat analysts' skills and capabilities and offer valuable insights into domains, standards, and processes helping to stay ahead of cyber and physical threats. Further, we will touch on the risks of AI-enabled systems, present recent techniques used by adversaries to attack such systems and steps taken by the cyber-security community to stay ahead of these threats. We will combine our findings with highlighting recent developments done by Microsoft and Google opening exciting possibilities within Security AI.

Bio:
Ian Fox, Simon Lia-Jonassen, and Stefan Mandaric combine over 30 years of experience across security, machine learning, data science, engineering, and research and a strong passion for cutting-edge technology and exciting problems. The focus of this talk is related to the work they do at Omny, a young cybersecurity startup co-founded by Cognite, Telenor, and Aker to enclose the gap between information (IT) and operational technology (OT) security.