Die NATO verwendet verschiedene KI-Techniken, um für Verteidigungsfälle gerüstet zu sein. Im Interview mit der NATO’s Allied Command Transformation geht es um Konfliktvermeidung, das Erkennen und Verhindern von Cyber Attacken sowie die Zuständigkeiten der NATO im Internet. (Englisch)

Verteidigung mit KI

  • Why will Artificial Intelligence become crucial for cyber operations?
  • All traffic on computer systems and the Internet leave traces behind as a result of the employed protocols and associated electronic transactions. Those traces contain valuable information about potential adversaries’ activities, and are hidden within enormous amounts of network data. - So much so that no human team is able to analyse it with the necessary level of detail. As a result, cyber defenders only look for the most obvious patterns of behaviour. Artificial Intelligence (AI) opens the possibility to train algorithms to quickly search for a large number of potential adversary patterns in extremely large volumes of (big) data. Furthermore, Machine Learning algorithms can be used to train decision making systems to identify previously unknown adversary tactics. These sophisticated detection and learning abilities allow human analysts to focus on understanding the attack as an adversary operation, and not just as a collection of single activities, thus enabling a more comprehensive response, in much less time, and with much more understanding of the attack environment.
  • In which decision making processes can it help to prevent conflicts?
  • The ability to detect, counter and identify attacks (and the attackers) deters the adversary from exploiting any potential NATO vulnerabilities. Also, when it comes to actual cyberspace operations, AI provides the ability to learn much more about the adversary and their tactics, which facilitates better decision making and possible courses of action. Preventing conflict and avoiding conflict escalation is a Commander’s responsibility when identifying and executing the selected courses of action.
  • What might AI warfare look like?
  • The Alliance is developing capabilities in order to be able to counter attacks and deter any adversary. Cyber capabilities in operation detect, counter and identify adversaries’ cyber-attacks, in the background and in real time. This will allow cyber analysts in NATO to focus on understanding the cyber context and on decision-making, rather than on the mechanical aspects of threat detection and analysis. But the true impact of artificial intelligence in cyberspace comes when non-technical data, such as adversaries’ descriptions or cyber intelligence is used, giving the Commander the ability to employ machine learning to assist in the identification and selection of courses of action.
  • How can machine learning be used for cyber defence and what data is needed to train a trustworthy AI systems for military use? In which operating area does NATO already rely on AI?
  • The main sources of data come from network traffic analysis, information systems transactions, monitoring sensors and vulnerability databases. A second step in data enrichment is achieved through the employment of environmental information, such as past incidents and adversary models. A third level of sophistication is achieved when social descriptors (obtained from military and open source intelligence) are used.
    The primary use of machine learning is for classification and decision making (at the data level). A well-trained algorithm is able to classify patterns of network behaviour and decide if they constitute a threat. Threats can be as simple as recurrent script kiddies testing NATO networks, or the possibility of sophisticated actors exercising long-term persistent activities against our networks and systems. This analysis cannot be done manually by humans, as the amount of data to process and the variability of the patterns prevent us from doing it within the timeframe when the information is still actionable. Therefore semi-automating these activities through the use of artificial intelligence and machine learning is the best way to raise the cyber defence capabilities, not only in terms of scope of detection, but in terms of speed of response, as well. It needs to be noted that the term “semi-automatic” is used on purpose: While artificial intelligence is a powerful tool to conduct large amounts of analysis and to automate analysis, it is ultimately humans deciding what to do with those analysis results. AI is therefore a decision making support tool.  Mission assurance cannot be compromised by a context-limited artificial intelligence decision.
  • Will AI support or replace human intelligence when it comes to analysing patterns of developing crisis within or in between certain areas?
  • Artificial intelligence is a primary tool for data pre-processing and, to some extent, analysis. When it comes to decision making, AI is just one (very effective) support tool, which provides the decision maker with more and better situational awareness and therefore facilitates better decision making.
    NATO does not use full automation of network responses or weapon systems as the consequences of a partially informed automated decision could compromise mission assurance.
  • Will the responsibility of using AI lie with the nations or don’t we need to think in bigger structures such as the EU or UN? How can the responsibilities be distributed?
  • As described above, Artificial Intelligence is just a tool in support of data analysis, pattern detection and decision making at the data level. What is of concern is how those decision-making abilities are employed, how trustworthy is the underlying data and how reliable are the algorithms employed for decision making. AI can be used to provide benign services, such as detection of fraudulent financial operations or characterisation of cyber attackers’ behaviour. The responsibility implications appear when AI tools are used to provide services that could have undesirable impact on life, stability or economy (such as in weapon systems or medical devices).
  • What are the legal challenges that NATO or individual nations are currently facing when planning or conducting cyber operations?
  • Cyberspace is a domain of NATO operations, where we must be as effective as we are in the other domains of air, land and sea. At the same time,NATO as an organisation has no plans to develop its own offensive cyber capabilities. Allies can volunteer sovereign cyber effects for NATO operations and missions, and this ensures NATO’s defences continue to evolve with the fast-moving cyber threats that we face. Several Allies have done so, including the US, the UK, the Netherlands, Estonia and Denmark. Allies will retain control of their national cyber capabilities at all times when they are used during NATO missions or operations.
    As in all other domains, in cyberspace NATO acts in line with its defensive mandate and international law. NATO also support efforts, such as at the UN and OSCE, to maintain peace and security in cyberspace and to promote stability and reduce the risk of conflict.