By Stas Margaronis & Kevin Policarpo
AI SUMMARY
A recent report from the Center for Strategic and International Studies (CSIS) in Washington, D.C., raises concerns about China’s new artificial intelligence (AI) tool called DeepSeek. The report suggests that DeepSeek could make cyberattacks and cybercrimes more effective, stating it’s the latest addition to China’s cyber spying tools aimed at gathering detailed intelligence to support the country’s strategic goals.
DeepSeek has caused global worries due to its security issues. Countries like Italy, Taiwan, Australia, and South Korea have blocked or banned the app on government devices because of fears about how it handles data. In the United States, agencies such as NASA and the U.S. Navy have advised their staff not to use DeepSeek over national security concerns. The CSIS report highlights that DeepSeek’s design lacks strong safety measures, making it vulnerable to misuse. A study by Cisco found that DeepSeek failed to block harmful prompts related to cybercrime and misinformation, while other AI models like OpenAI’s GPT-4o and Google’s Gemini were more effective in blocking such content.
Unlike Western companies such as OpenAI, Anthropic, and Google, which control and monitor their AI models to prevent misuse, DeepSeek’s open-source nature allows anyone to download and modify it. This openness means users can change its functions and safety features, increasing the risk of exploitation. Western companies invest heavily in AI security and work with organizations like the U.S. AI Safety Institute and the UK AI Safety Institute to improve safety protocols through thorough testing.
China employs other cyber tools like Salt Typhoon, Volt Typhoon, and APT-41 to conduct large-scale cyberattacks. Volt Typhoon focuses on spying and stealth operations against key infrastructure in the U.S., targeting systems with weak passwords or outdated software. Salt Typhoon aims to give Chinese operatives ongoing access to U.S. telecommunications networks by compromising devices like routers and switches. APT-41 seeks information from various industries to boost China’s economic capabilities, involving activities like stealing intellectual property and manipulating virtual currencies.
AI-generated fake news spreading on social media increases the risk of bank runs, as seen in a British study. Such disinformation can cause panic among customers, leading to mass withdrawals and potential bank collapses, similar to the 2023 incident with Silicon Valley Bank.
The U.S. power grid faces challenges due to aging infrastructure and higher energy demands. The integration of digital networks, while improving efficiency, also makes the grid more susceptible to cyberattacks. The Government Accountability Office (GAO) recommends that the Department of Energy work with the Department of Homeland Security and other stakeholders to address these cybersecurity risks.
U.S. ports are also at risk from cyberattacks. For example, the Port of Los Angeles experienced a significant increase in cyberattack attempts, from 7 million per month in 2014 to 60 million per month in 2023. The port’s Chief Information Security Officer, Tony Zhong, noted that while digitalization improves data flow, it also makes it easier for attackers to target organizations lacking proper security measures.
Concerns have been raised about the Department of Government Efficiency (DOGE) seeking access to the Treasury Department’s payment systems. The Center for Budgetary Priorities (CBP) warns that granting such access could lead to illegal stoppage of payments based on political preferences, cybersecurity breaches, and delays in payments to individuals and organizations relying on federal funds.
In response to these challenges, the U.S. government is taking steps to strengthen its cybersecurity. President Donald Trump has revoked previous AI regulations and called for a new AI action plan, emphasizing greater leadership from the private sector. Organizations like Mandiant, now part of Google Cloud, monitor and protect against cyber threats. The Electric Grid Cybersecurity Alliance, founded by cybersecurity expert John Miri, aims to unite utility leaders to protect the electric grid from cyberattacks. The U.S. Cyber Command (USCYBERCOM) works to defend the Department of Defense’s information networks and collaborates with various partners to enhance the nation’s cybersecurity capabilities.
In 2023, the White House released a National Cybersecurity Strategy to tackle the nation’s cybersecurity challenges. This plan outlines efforts to secure cyberspace and ensure the U.S. benefits from advancements in digital technology. The GAO has also identified major challenges the federal government faces in preventing cyberattacks, emphasizing the need for a comprehensive approach to enhance the nation’s cybersecurity posture.
In summary, the emergence of AI tools like DeepSeek, along with other cyber threats, highlights the importance of robust cybersecurity measures. The U.S. is actively working to address these challenges through policy changes, organizational efforts, and strategic collaborations to protect its critical infrastructure and national security.