DHS warns of malicious AI use against critical infrastructure

The Department of Homeland Security’s Homeland Threat Assessment is warning of bad actors potentially using artificial intelligence to disrupt critical infrastructure either through election influence campaigns or by targeting industrial systems.

The annual report — which outlines the key concerns for the next year — points to adversaries increasingly focusing and learning how to target critical infrastructure, like energy, the upcoming 2024 election, transportation, pipelines, and other vital services, with emerging technologies like AI.

State-backed hackers like China are also adapting AI to engage in influence campaigns or to better develop malware for large-scale attacks, DHS says.

“One of our key areas of concern is against critical infrastructure because it provides kind of the goods and services that are the backbone of our nation, and we think that many adversaries really kind of understand the interconnectedness of our critical infrastructure and the impacts it would have,” a DHS official said during a media briefing on Thursday.

While industrial-specific malware is rare, the report warns that hackers are seeking to develop or are developing malicious code that seeks to disrupt the industrial control systems found in the energy, transportation, health care, and election sectors. The malware dubbed “pipedream” by security researchers is one such example of malware made specifically to target industrial devices.

Additionally, DHS says that Beijing is particularly interested in using AI to develop malware for attacks that are “larger scale, faster, efficient, and more evasive.” The report points to the transportation sector in particular, including railways and pipelines, but it said other critical infrastructure sectors may also be targeted.

China has been a key concern, particularly regarding critical infrastructure in recent years. The intelligence community’s threat report also pointed to railways and pipelines as a target from Chinese-backed hackers. In May, Microsoft and U.S. intelligence agencies pointed to the Chinese hacking group dubbed “Volt Typhoon” for their potentially disruptive targeting of critical infrastructure like telecommunications in the U.S. and Guam.

All the while, the U.S. is also turning to so-called “smart city technologies” that also increase the risks to key services, DHS said. Digitally native technology can increase the efficiency of a particular service, but it also comes with added vectors of attack for hackers if not built with security in mind.

In April, DHS created an Artificial Intelligence Task Force that will work on assessing the impact of AI on securing critical infrastructure, among other tasks like countering countering drug trafficking.

K-12 school districts have faced “near constant ransomware targeting” due to a lack of dedicated resources against malicious hackers, DHS added.

On the espionage side, Russia continues to probe federal and local governments and the majority of the major critical infrastructure sectors such as defense, energy, nuclear, aviation, transportation, healthcare, education, media, and telecommunications.

Beijing, meanwhile, will continue to target healthcare, finance, the defense industrial base, government facilities, and communications. However, China is also expanding its development of maritime logistics software and the adoption of such software could increase risks to ports, DHS says.

Another threat, Iran is using common vulnerabilities and hacking tools for espionage against U.S. critical infrastructure broadly.

Espionage within critical infrastructure can also be a precursor to disruptive attacks, officials note. It can be difficult to tell whether an intrusion is simply espionage or a malicious hacker working on a larger disruptive goal. Volt Typhoon is one such example that uses techniques known as “living off the land,” in which adversaries rely on tools commonly used in their victims’ networks to escape detection.

“Domestic and foreign adversaries will likely seek to target our critical infrastructure over the next year while cyberattacks seeking to compromise networks or disrupt services for geographical, political or financial purposes continue apace. We have noted an uptick over the last year of physical attacks on our critical infrastructure as well,” a DHS official said.

The report also warned of election interference by ideological extremists who seek to disrupt the Democratic process through violence or threats. State-backed hackers will likely use novel approaches like AI to increase both the quality and breadth of the campaigns.

“We expect the 2024 election cycle will be a key event for possible violence and foreign influence targeting our election infrastructure processes and personnel,” a DHS official told reporters. “The proliferation of accessible artificial intelligence tools likely will bolster our adversaries’ tactics for miss-, dis- and mal-information campaigns and cyberattacks.”

The DHS report points to Russia, China, and Iran as those likely to conduct overt and covert influence campaigns to shape the election cycle in their favor. Such campaigns could use AI to conduct “low-cost, synthetic text-, image-, and audio-based content with higher quality.”

In September, Microsoft revealed that Chinese-state-backed hacking groups are already using AI to generate viral content to create divisive messaging campaigns.