On the latest #CybersecurityByDesign conversation, we’ve got our minds set on… hacking. Bruce Schneier, author of the recently published A Hacker’s Mind: How the Powerful Bend Society’s Rules and How to Bend Them Back Again, chats with Sam Rehman, EPAM’s Chief Information Security Officer and SVP, about the hacking mindset and what it means for security in the age of generative AI.
Schneier gets the conversation rolling by defining a hacker as “Someone who finds a bug or vulnerability, a loophole in a set of rules, and exploits it to their advantage.”
He talks about hacking not just computers but tax systems, hockey, tax codes, and Formula 1 racing. Rehman mentions that he appreciated a couple of Schneider’s examples and Schneier replies: “There are a couple? There are dozens of examples! Examples are what makes the book fun!” (Reader: The book is fun indeed.)
Schneier notes that “hacking isn't necessarily good nor bad,” which might surprise some who live outside the perimeter of the cybersecurity world. “Hacking is how systems evolve. If I figure a clever way to use a system, to subvert a system that no one thought of before, there are benefits as well as costs.”
The guys then get into the inevitable topic of 2023: The costs and benefits of hacking in the context of AI.
“I think it's gonna be a big arms race in AI and security,” says Schneier, adding that in the near term, AI will benefit the defender. “The attacker is already attacking at computer speeds. Being able to defend at computer speeds will be an enormous benefit.”
While he’s generally optimistic that AI will be good for the good guys, Schneier says “The transition period will be very chaotic.”
This chaos will come from the idea of AI has a hacker. He points to the idea of accountants—human ones—poring through tax code looking for loopholes to exploit: “That feels like something that you can train an AI to do,” he says. “And what happens when AI finds vulnerabilities in tax codes or financial regulations or other sets of laws? How will that work? How fast will they be? How clever will they be? Will they find things that are just so complicated that humans would never have found them?”
Schneier says that AI will increase the speed, scale, sophistication, and scope of hacking and wonders if these differences in degree will make a difference in kind. Then he answers: “The advances in AI in the past six months have been enormous. The next six months will be even bigger. Conversations we have today aren't going to be true in six months.”
What won’t change, however, is the hacker’s essential mind, which Reman admits has always been part of him: “I have always looked at everything as: ‘What else can I do with this?’”
“That’s totally the hacker mindset,” replies Schneier. “I don't think you can train that. I think that is something you either are or are not.”
Host: Macy Donaway
Engineer: Kyp Pilalas
Producer: Ken Gordon
Photo of Bruce Schneier: Vivian Babuts
