Hacking is a well-established part of statecraft. Machine learning is rapidly becoming an arena of competition between nations as well. With the continued importance of computer hacking and the increasing drumbeat of AI advances due to machine learning, important questions emerge: what might machine learning do for cyber operations? How could machine learning improve on the techniques that already exist, ushering in faster, stealthier, and more potent attacks? On the other hand, how might its importance to cyber operations be misleadingly overhyped?
We examine how machine learning might—and might not—reshape the process of launching cyber attacks. We examine the cyber kill chain and consider how machine learning could enhance each phase of operations. We expect certain offensive techniques to benefit from machine learning, including spearphishing, vulnerability discovery, delivering malicious code into targeted networks, and evading cyber defenses. However, we caution that machine learning has notable limitations that are not reflected in much of the current hype. As a result of these constraints and flaws, attackers are less likely to apply machine learning techniques than many expect, and will likely do so only if they see unique benefits. Our core conclusions are:
- Current cyber automation techniques are powerful and meet the objectives of many attackers. For most attackers, they will not have an obvious need to augment their operations with machine learn- ing, especially given the complexity of some machine learning techniques and their need for relevant data. If current methods of automation become less effective or machine learning techniques become more accessible, this may change.
- In the near term, machine learning has the potential to increase both the scale and success rate of spearphishing and social engineering attacks.
- Of the machine learning techniques reviewed in this paper, reinforcement learning promises the most operational impact over the medium-to-long term. Though its potential impact is speculative, it could reshape how attackers plan and execute cyber operations.
- Machine learning systems have substantial limitations, such as their reliance on salient data, their weakness to adversarial attacks, and their complexity in deployment.
- Like other cyber capabilities, many machine learning capabilities are inherently dual-use, with the advantage accruing to those who have the resources and expertise to use them best rather than always favoring attackers or defenders.
The paper proceeds in three parts. The first part covers the state of the art in cyber operations today, showing how attackers progress through the kill chain and taking care to demonstrate how traditional automation assists them in their efforts. The second part considers machine learning in more depth, exploring its differences from traditional automation and probing how those differences might—and might not—reshape key parts of the kill chain. Among other things, it highlights the way in which machine learning could improve discovery of the software vulnerabilities that enable cyber operations, grow the effectiveness of spearphishing emails that deliver malicious code, increase the stealthiness of cyber operations, and enable malicious code to function more independently of human operators. The conclusion takes stock, drawing out key themes of geopolitical and technical importance. It argues that machine learning is overhyped and yet still important, that structural factors will limit the relevance of machine learning in cyber operations for most attackers, that the dual-use nature of cyber operations will continue, and that great powers—including the United States—should be proactive in exploring how machine learning can improve their operations.