Cybersecurity regulation in the age of AI | IGF 2023 Open Forum #81

Report

Abraham Zarouk is the Senior Vice President of Technology at the Israel National Cyber Directorate (INCD). In this role, he oversees the day-to-day operations of the Technology division, focusing on project implementation, IT operations, and support for national defense activities.

Zarouk also plays a key role in preparing the INCD for the future by promoting innovation and establishing national labs for research and development.

The INCD places a strong emphasis on addressing weaknesses in artificial intelligence (AI). They examine vulnerabilities in AI algorithms, infrastructure, and data sets, and have established a dedicated national lab to enhance AI resilience.

Through collaborations with industry leaders like Google, the INCD is actively promoting the use of AI-powered technologies and driving innovation in the field of cybersecurity.

In addition to their proactive approach, the INCD also acknowledges the potential threats posed by AI-based attackers.

As the use of AI tools among attackers increases, the INCD recognizes the need to stay vigilant and develop strategies to counter these sophisticated attacks.

Overall, Abraham Zarouk’s role as the Senior Vice President of Technology at the INCD is crucial in ensuring smooth operations and driving the organization’s preparedness for future challenges.

The INCD’s focus on addressing AI weaknesses, collaboration with industry partners, and recognition of potential AI-based threats highlights their commitment to cybersecurity excellence.

Report

The Israel Internet Association, represented by Asaf Wiener, serves as the country code top-level domain (CCTLD) manager for the IL, which stands for the Israel National TLD. As the manager of this important domain, the association plays a crucial role in overseeing internet activities in Israel.

Furthermore, the Israel Internet Association is the Israeli chapter of the Internet Society, demonstrating their commitment to promoting various aspects of the digital landscape.

Specifically, they focus on digital inclusion, education, and cybersecurity within the country. These areas are of critical importance in today’s interconnected world, and the association strives to bridge the digital divide, ensure access to quality education, and enhance cybersecurity measures for Israeli citizens.

Dr.

Asaf Wiener’s organization also works towards addressing digital gaps and advancing public initiatives. This highlights their dedication to narrowing the disparities in access and opportunities that exist in the digital realm. By engaging in various public initiatives, they aim to create a more equitable digital landscape for all.

Additionally, Dr.

Asaf Wiener demonstrates a strong inclination towards public engagement and participation. He actively invites anyone interested in learning more about their activities to approach him for further details, indicating a desire to foster collaboration and partnerships in pursuit of their mission.

In conclusion, the Israel Internet Association, led by Asaf Wiener, fulfills the crucial role of CCTLD manager for the IL, representing the Israeli chapter of the Internet Society.

Their focus on digital inclusion, education, and cybersecurity, and their commitment to addressing digital gaps and engaging the public, highlight their dedication to advancing the digital landscape in Israel.

Report

Bushra Al-Ghoushi is an influential figure in the field of cybersecurity and currently serves as the Head of Research and Innovation at Dubai Electronic Security Center. She has made significant contributions to the industry through her leadership positions.

One of Al-Ghoushi’s notable achievements is the establishment of Dubai Cyber Innovation Park, which aims to promote innovation and collaboration in the field of cybersecurity.

Her involvement in founding this park demonstrates her commitment to advancing the industry and creating opportunities for technological development.

Al-Ghoushi’s expertise is also recognized internationally, as she is an official UAE member of the World Economic Forum Global Future Council on Cyber Security.

This highlights her contributions to global discussions and initiatives surrounding cybersecurity.

Furthermore, Al-Ghoushi’s extensive involvement in advisory boards, both nationally and internationally, reflects her broad knowledge and the trust placed in her expertise. These advisory roles enable her to shape policies and strategies in the field, further solidifying her thought leadership and influence.

In terms of AI risks, Al-Ghoushi advocates for a gradual and incremental approach to cybersecurity rules and regulations.

She emphasizes the importance of identifying and mitigating potential risks posed by AI through appropriate controls and regulations.

Al-Ghoushi also highlights the significance of considering the deployment of AI models and how they impact security controls. She emphasizes the need for addressing the unique risks associated with AI in their development and implementation, ensuring that adequate security measures are in place.

Regarding policy and regulatory approaches, Al-Ghoushi supports a risk-based approach that strikes a balance between control and security issues.

She collaborated with Dubai in 2018 to develop AI security ethics and guidelines, which remain applicable to generative AI today.

Al-Ghoushi emphasizes the need for global harmonization of AI regulations and standards. Currently, different countries have fragmented regulations, making compliance challenging for providers and consumers.

Harmonization would simplify compliance and instill confidence in internationally recognized AI tools.

To achieve this, Al-Ghoushi suggests international collaboration and the establishment of an international certification or conformity assessment for AI. This would ensure that AI systems meet minimum security requirements and facilitate compliance for providers while enabling effective enforcement of industry standards by regulatory bodies.

In conclusion, Bushra Al-Ghoushi’s leadership and expertise in cybersecurity are evident through her various roles and initiatives.

Her emphasis on gradual, incremental cybersecurity rules and regulations for AI reflects a balanced approach that prioritizes both innovation and security. Al-Ghoushi’s advocacy for global harmonization of AI regulations and the establishment of international certification schemes further underscores her commitment to promoting secure and responsible use of AI technologies.

Report

Germany is taking proactive measures to manage the risks associated with artificial intelligence (AI) within complex technical systems. The country is specifically focusing on the AI components or modules within these systems. This approach highlights Germany’s commitment to addressing the potential dangers and challenges that AI can present.

To further mitigate these risks, Germany is working on extending its existing cybersecurity conformity assessment infrastructure.

This move aims to establish a robust framework to evaluate and ensure the conformity of AI technologies. The country is also striving to unify AI evaluation and conformity assessment according to the standards set by the EU’s AI Act.

This step demonstrates Germany’s dedication to aligning its evaluation processes with international norms and regulations.

The implementation of the AI Act is deemed crucial for managing AI risks in Germany. This legislation, which the country is actively working towards, will play a vital role in addressing technical system risks across the entire supply chain of AI applications.

By incorporating this act, Germany seeks to establish a comprehensive and effective framework for managing AI-related risks.

Furthermore, Germany is actively promoting the adoption of AI technologies, particularly among small and medium-sized enterprises (SMEs). The country recognizes the potential benefits that these technologies can bring and encourages businesses to embrace them.

This approach highlights Germany’s openness to innovation and its efforts to support the growth of AI within its industries.

There is also support for international standardization in guiding the use of AI technologies. This standpoint suggests that by establishing global standards, individuals can have more control over how AI technologies are utilized.

This commitment to international cooperation reinforces Germany’s desire to foster responsible and ethical AI practices.

It is important to acknowledge that AI technologies are heavily reliant on data, and their responsible usage ultimately rests on individuals. Germany recognizes the responsibility that comes with the use of AI systems and the need for individuals to exercise caution and ethics when handling data-driven technologies.

Another noteworthy observation is the call for the market to be the determining factor in deciding the use of AI-based systems. Germany suggests that market forces and customer preferences should dictate the direction of AI technology, promoting a more customer-centric approach to AI adoption.

Nevertheless, standardizing AI usage at a value-based level can be challenging due to the differences in societal values.

The discrepancy in value-based governmental positions creates a complex landscape for consensus-building and establishing universal standards for AI application. Germany recognizes this challenge and the need for careful consideration of normative and ethical issues surrounding the use of AI technologies.

In conclusion, Germany is actively implementing AI risk management within complex technical systems, with a particular focus on AI components.

The country is working towards unifying evaluation processes and conforming to international standards through the AI Act. Germany also promotes the adoption of AI technologies among SMEs and supports international collaboration in establishing standards for responsible AI usage. However, the challenge of aligning value-based norms and standards remains an ongoing concern for AI implementation.

Report

The Organisation for Economic Co-operation and Development (OECD) has played a significant role in guiding the development and deployment of artificial intelligence (AI). In 2019, the OECD became the first intergovernmental organization to adopt principles for trustworthy AI. These principles, which focus on the aspects of robustness, security, and safety, have since been adopted by 46 countries.

They also serve as the basis for the G20 AI principles, highlighting their global relevance and influence.

The OECD’s emphasis on robustness, security, and safety in AI is crucial in ensuring the responsible development and use of AI technologies.

To address the potential risks associated with AI systems, the OECD proposes a systematic risk management approach that spans the entire lifecycle of AI systems on a continuous basis. By adopting this approach, companies and organizations can effectively identify and mitigate risks at each phase of an AI system’s development and deployment.

To further support the responsible development and deployment of AI, the OECD has also published a framework for the classification of AI systems.

This framework aids in establishing clear and consistent guidelines for categorising AI technologies, enabling stakeholders to better understand and evaluate the potential risks and benefits associated with different AI systems.

The OECD recognises that digital security, including cybersecurity and the protection against vulnerabilities, is a significant concern in the era of AI.

To address this, the OECD has developed a comprehensive framework for digital security that encompasses various aspects such as risk management, national digital security strategies, market-level actions, and technical aspects, including vulnerability treatment. Moreover, the OECD hosts an annual event called the Global Forum on Digital Security, providing an opportunity for global stakeholders to discuss and address key issues related to digital security.

Interestingly, AI itself serves a dual role in digital security.

While AI systems have the potential to become vulnerabilities, particularly through data poisoning and the malicious use of generative AI, they can also be utilised as tools for enhancing digital security. This highlights the need for robust security measures and responsible use of AI technologies to prevent malicious attacks while harnessing the potential benefits AI can provide in bolstering digital security efforts.

In addition to addressing risks and emphasising security, the OECD recognises the importance of international cooperation, regulation, and standardisation in the AI domain.

The mapping of different standards, frameworks, and regulations can help stakeholders better understand their commonalities and develop practical guidance for the responsible development and deployment of AI technologies.

Intergovernmental organisations, such as the OECD, play a vital role in convening stakeholders and facilitating conversations on respective issues.

By bringing together governments, industry experts, and other relevant actors, intergovernmental organisations enable collaboration and foster partnerships for addressing the challenges and opportunities presented by AI technologies.

Finally, the development of metrics and measurements is crucial for effectively addressing and evaluating the impact of AI technologies.

The OECD is actively involved in the development of such metrics, with one notable example being the AI Incidents Monitor. This initiative aims to capture and analyse real-time data and incidents caused by AI systems, allowing for a better understanding of the challenges and risks associated with AI technologies.

In conclusion, the OECD has made significant contributions to the development and governance of AI technologies.

Through the establishment of principles for trustworthy AI, the emphasis on risk management, the focus on digital security, the recognition of AI’s dual role in security, and the efforts towards international cooperation and metric development, the OECD is actively working towards ensuring the responsible and beneficial use of AI technologies on a global scale.

Report

Hiroshi Honjo is the Chief Information Security Officer for NTT Data, a Japanese-based IT company with a global workforce of 230,000 employees. NTT Data is actively involved in numerous AI and generative AI projects for their clients. Honjo believes that AI governance guidelines are crucial for the company, covering important aspects like privacy, ethics, and technology.

These guidelines promote responsible and ethical practices in AI development and usage.

In the realm of generative AI, Honjo highlights the significance of addressing cybersecurity intricacies, particularly in light of recent attacks on large language models. This underscores the importance of tackling cybersecurity issues within the context of generative AI.

One complex issue in handling data by generative AIs is determining the applicable law or regulation for cross-border data transfers.

Similar to challenges faced by private companies managing multinational projects, NTT Data must navigate various regulations and ensure compliance with jurisdiction-specific requirements.

Honjo advocates for international harmonization of AI regulations, emphasizing that guidelines in G7 countries are insufficient.

He supports the establishment of international standards that govern the development, use, and deployment of AI, aimed at promoting fairness and consistency in AI regulation.

Additionally, Honjo expresses his concern regarding uneven data protection regulations like the General Data Protection Regulation (GDPR).

He acknowledges that differing data protection regulations across countries impose significant costs on businesses. To mitigate these challenges and ensure a level playing field for businesses operating in multiple jurisdictions, Honjo advocates for consistent and harmonized data protection measures.

In summary, Hiroshi Honjo, as the Chief Information Security Officer for NTT Data, emphasizes the necessity of AI governance guidelines, the need to address cybersecurity intricacies in generative AI, the complexity of cross-border data transfers, and the importance of international harmonization of AI regulations.

His commitment to consistent data protection regulations reveals his dedication to reducing costs and promoting fairness within the industry.

Report

During the discussions, three main topics were examined in depth. The first topic focused on the concerns of the government regarding the protection and safety of critical infrastructures and supply chains. It was acknowledged that governments have a major role in ensuring the security of crucial infrastructures and supply chains, which are vital for the functioning of industries and economies.

However, no specific supporting facts or evidence were provided to substantiate these concerns.

The second topic revolved around the risks of over-regulation and the dynamic nature of AI. Participants expressed the need to strike a balance between regulating AI to prevent potential negative consequences and allowing for its innovative and transformative potential.

The dynamic nature of AI poses a challenge in terms of regulation, as it constantly evolves and adapts. Again, no supporting facts were provided to further illustrate these risks, but it was acknowledged as a valid concern.

The third topic that was discussed focused on cybersecurity challenges.

It was highlighted that addressing these challenges requires collaboration within international forums and the possibility of establishing binding treaties. The need for such cooperation arises from the global nature of cyber threats and the shared responsibility in mitigating them. However, no supporting evidence or specific examples of cybersecurity challenges were referred to.

Throughout the discussions, all speakers maintained a neutral sentiment, meaning they did not express strong support or opposition to any particular viewpoint.

This could indicate that the discussions were conducted in an objective manner, with an emphasis on highlighting different perspectives and concerns rather than taking a definitive stance.

Based on the analysis, it is evident that the discussions centered around key areas of government concerns, the risks associated with over-regulation of AI, and the need for international cooperation in addressing cybersecurity challenges.

However, the absence of specific supporting facts or evidence detracts from the overall depth and credibility of the arguments presented.

Report

During his presentation, Abraham introduced himself and verified that he was audible. He provided a comprehensive overview of his background and experience, emphasising his expertise in the field. Abraham highlighted his various roles within the industry, acquiring a diverse set of skills and knowledge in the process.

Abraham also detailed his educational qualifications, underscoring his pertinent degrees and certifications.

He explained how these qualifications have equipped him with a strong theoretical foundation, complemented by practical skills developed through hands-on experience.

In addition, Abraham outlined his past work experiences and accomplishments, showcasing specific successful projects and the positive outcomes they generated.

He shared examples of challenges encountered during these projects and how he overcame them, displaying problem-solving abilities and resilience.

Regarding communication skills, Abraham mentioned his experience working with multicultural teams and effectively collaborating with individuals from diverse backgrounds.

He emphasized his strong interpersonal skills, enabling him to cultivate robust relationships with clients and stakeholders throughout his professional journey.

Furthermore, Abraham mentioned his commitment to continuous professional development, expressing enthusiasm for keeping abreast of the latest industry trends and advancements.

He attends relevant conferences, workshops, and seminars, actively engaging in professional networks to stay connected with industry experts.

In conclusion, Abraham presented himself as a highly experienced and qualified professional, highlighting his expertise through his extensive background, educational qualifications, and successful project achievements.

He demonstrated effective communication, collaboration, and adaptability, crucial in a fast-paced, ever-evolving industry.