From “hacktivists” backed by foreign governments to the advantages and perils of artificial intelligence, National Security Agency (NSA) Director of Cybersecurity Rob Joyce highlighted three areas of focus in the cybersecurity field at the 10th International Conference on Cyber Security, held at Fordham on Jan. 9.

Better English-Language Outreach

The use of artificial intelligence is both a pro and con for law enforcement, Joyce said.

“One of the first things [bad actors are] doing is they’re just generating better English language outreach to their victims [using AI]—whether it’s phishing emails or something more elaborative,” he said. “The second thing we’re starting to see is … less capable people use artificial intelligence to guide their hacking operations to make them better at the technical aspect of a hack.”

But Joyce said that “in the near term,” AI is “absolutely an advantage for the defense,” as law enforcement officials are using AI to get “better at finding malicious activity.”

For example, he said that the NSA has been watching Chinese officials attempt to disrupt critical infrastructure, such as pipelines and transportation systems, in the United States.

“They’re not using traditional malware, so there’s not the things that the antivirus flags,” Joyce said.

Instead, he said they’re “using flaws” in a system’s design to take over or create accounts that appear authorized.

“But machine learning AI helps us surface those activities because those accounts don’t behave like the normal business operators,” Joyce said.

‘Hacktivists’ Role in Israel-Hamas Conflict

Joyce said one of the biggest challenges for cybersecurity officials is understanding who is conducting cyber attacks and why. For example, while cyber officials have been seeing an uptick in “hacktivists,” or hackers who are activists, they’ve been seeing more foreign governments backing them and posing as them.

“The Israel-Hamas conflict going on right now—there’s a tremendous amount of hacktivist activity, and we see it on both sides of the equation,” Joyce said. “But the interesting piece in some of this is the nation-states are increasingly cloaking their activities in the thin veil of activists’ activity—they will go ahead and poke at a nation-state, poke at critical infrastructure, poke at a military or strategic target, and try to do that in a manner that looks to be this groundswell of activist activity. That’s another place where we need that intelligence view into really what’s behind the curtain, because not all is as it seems.”

Unclassifying Information: ‘A Sea Change’

Joyce said that one of the biggest “sea” and “culture” changes at the NSA is sharing classified information with the private sector.

“We’re taking our sensitive intelligence, and we’re getting that down to unclassified levels that work with industry,” Joyce said, “Why? Because there might be one or two people in a company who are cleared for that intelligence, but chances are the people who can do something about it, they’re the folks who actually are not going to have a clearance.”

Joyce said that the department has decided to shift its stance around sharing in intelligence in part because “what we know is not nearly as sensitive as how we know it” and because “knowing something really doesn’t matter if you don’t do something about it; industry is the first that can do something about it.”