Gitex Europe: "We need a cyber-resilient population"

The opportunities and risks of artificial intelligence (AI) are the focus of the premiere of Gitex Europe in Berlin. European regulators are also concerned about these. Ioannis Alexakis, Director of the Greek Cybersecurity Authority, explained at the accompanying conference on Wednesday that he sees the greatest danger in the fact that AI could “hack people's minds”. He therefore demanded: “We need a cyber-resilient population.” It is a major task to make society more aware of such threats and to create skills in dealing with technology.

Currently, the public sector is “lagging the bad guys” when it comes to the use of AI, said Alexakis. Lawyers are the main beneficiaries of regulations such as the EU's AI Act, rather than citizens. Regulatory conformity is necessary to create the necessary awareness for the topic in general.

However, the AI regulation must also be enforced effectively – for example via an audit obligation – whereby there is still a need for coordination among the member states and guidelines for AI platforms and systems are required. The most important thing is to establish a general cybersecurity culture. The offensive use of AI should not be completely prohibited within this framework, so that defenders can also use it to test and sharpen their tools.

For Miguel De Bruycker, Director of the Belgian Center for Cybersecurity, faking false identities is the biggest problem considering the increasing spread of systems with generative AI that can produce deepfakes, for example. In general, electronic identities are becoming increasingly important. However, the EU should not leave their verification to large tech companies from the USA such as Amazon, Apple, Google, Meta, or Microsoft. It is also crucial to keep various anonymous uses open on the internet. In the analog world, consumers do not have to identify themselves for 90 percent of everyday activities.

Is the AI Act stifling innovation?

De Bruycker does not necessarily believe that regulation as comprehensive as the AI Act makes sense, as it could nip innovation in the bud and encourage people to simply click on checkboxes for compliance. If seat belts, airbags, and three brake lights had already been mandatory for Ford's early Model T car, “we wouldn't be driving a car today,” he said. In the area of cybersecurity, certificates would help to assess “what the level is”. However, ninety percent of national IT security incidents occur at a lower level and do not depend on the use of AI.

Lajos Szabo, Director of the Hungarian Cybersecurity Center, agreed with his colleague from Belgium that the real threats still came from a lack of applied cyber hygiene. For example, too many users were still not installing updates or continuing to use IT systems after support had ended.

Szabo takes a more positive view of the AI Act than De Bruycker, as it sets standards for high-risk systems. In addition, the EU legislator has banned socially undesirable areas of application, such as social scoring. The prescribed obligations will also make it more difficult for cyber criminals to misuse AI systems of major players.

Focus on product safety

However, according to Szabo, member states need to build up even more trust to share sensitive information about attackers and their methods. At the same time, compliance with the large number of EU regulations, such as those for network and information security (NIS2) or the Cybersecurity Act, could pose a challenge for those affected.

The AI Act is just right for the moment, “otherwise we wouldn't have tires and brakes on cars,” emphasized Luca Tagliaretti, Director of the European Cybersecurity Competence Centre (ECCC) based in Romania. Product safety is at the heart of the regulation. Citizens also have a right to know whether a video has been generated with AI or what technology is in an autonomous vehicle.

The use of AI by state-sponsored cyber criminals and other malicious actors, for example for social engineering attacks, is particularly challenging. The ECCC will therefore launch many initiatives over the coming years to make the economy more resilient.

(akn)