Q. I need an Annotated Bibliography for this Article

Article

The Artificial Intelligence and Cybersecurity Nexus: Taking Stock of the European Unions Approach

Digital technologies increasingly complicate and transform present-day conflicts. The current war between Russia and Ukraine, for instance, is also played out in cyberspace, involving multiple public and private actors. This ranges from the formation of an IT army of Ukrainian volunteers, to the intensification of Kremlin-backed malicious cyber operations, to Western allied nations offering Ukraine assistance across the full spectrum; offensive, defensive, [and] information operations.

Such developments matter as they are consistent with a longer history of cyber conflicts running alongside and feeding into kinetic operations. Even if the conflicts cyber dimension is, as noted by experts, presently limited, there are serious concerns about the destabilization of the international security environment, including high risks of escalation. These risks are also exacerbated by the potential spillover of cyberattacks targeting Ukraine into other countries, which could cause systemic ripples in cyberspace and beyond. It was such cross-border effects that led the European Union (EU) to issue a declaration on May 10, strongly condemning the malicious cyber activity conducted by the Russian Federation, which targeted the satellite KA-SAT network owned by VIASAT and facilitated the military invasion of Ukraine.

Raluca Csernatoni

Raluca Csernatoni is a fellow at Carnegie Europe, where she specializes on European security and defense, as well as emerging disruptive technologies.

Among actors amplifying the cyber dimension of the conflict are tech companies, which have supported the Ukrainian effort by deploying state-of- the-art cyber capabilities. These include the use of emerging disruptive technologies (EDTs) and in particular artificial intelligence (AI) in cyber operations. For example, it has been made known that Ukraine is using Clearview AIs facial recognition software to identify Russian soldiers and Ukrainians killed on the battlefield. In response to the expanding Ukraine-Russia conflict, Vectra AI, a leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises, is offering a slate of free cybersecurity tools and services to organizations that believe they may be targeted as a result of this conflict. Use of these cyber tools in the context of an ongoing war is both a novelty and an added complication insofar as these may tamper with or potentially generate new conflict dynamics.

Indeed, in the bigger picture of day-to-day cybersecurity practice, already many complex challenges are mitigated by applying AI tools and intelligent solutions, as new advanced capabilities are developing at a fast pace. Developments have grasped the attention of experts globally who analyze the potential effects of the AI-cybersecurity convergence on themes including surveillance, national security, and geopolitical competition for technological development.

Less attention has however been given to understanding how the EU and its various institutions and agencies engage with the many technical, operational, and policy-related questions surrounding this burgeoning nexus between AI and cybersecurity. Accounting for the lack of analytical attention, this article aims to examine the EUs approach to potential challenges and opportunities emanating in this policy field and corresponding policy solutions put forward.

For instance, as a dual-use technology defined by the European Commission as disruptive, AI is starting to play a vital role in the EUs digital transformation and cybersecurity planning in both civil and military domains. Already in December 2020, the European Union Agency for Cybersecurity (ENISA) warned in a report on artificial intelligence cybersecurity challenges that AI could provide both opportunities and challenges. These range from cybersecurity for AI to AI in support of cybersecurity to malicious and adversarial uses of AI. The latter category involves sophisticated attacks such as AI-powered malware, AI-enhanced distributed denial-of-service (DDoS) attacks, and AI-enabled advanced disinformation campaigns.

Katerina Mavrona

Katerina Mavrona is a policy analyst focusing on EU digital policies, cybersecurity, and the governance of emerging technologies.

Indeed, the EU recognizes the countless possible ways the cyber-related uses of EDTs could fundamentally impact the threat landscape in Europe. The EUs Cybersecurity Strategy for the Digital Decade from December 2020 already identified key technologies like AI, encryptions, quantum computing, and future generation networks as essential to cybersecurity. The strategy notes that cybersecurity considerations must be integrated into all digital investments related to the above technological fields and the integrity of their supply chains. The councils conclusions on the development of the European Unions cyber posture from May 2022 also stress the importance to make intensive use of new technologies, notably quantum computing, Artificial Intelligence and Big Data, to achieve comparative advantages, including in terms of cyber responsive operations.