RIYADH: Cyberspace has become increasingly fragile due to decades of prioritizing innovation and market efficiency over security, according to experts at the Global Cybersecurity Forum in Riyadh.
The discussion highlighted that attackers, often organized in syndicates, have outpaced defenders, who are typically constrained by operating in silos, making cybersecurity a global challenge that requires collective action.
US National Cyber Director Chris Inglis stressed the inherent vulnerabilities in digital infrastructure, attributing it to the rapid pace of technological development.
“For 50 years, as we’ve developed the internet and all of the associated technologies, innovation and market efficiency have been the predominant drivers, and safety has always been the poor third child in the corner,” he said.
This oversight, he highlighted, has left many systems challenging to defend, with resilience often being an afterthought.
Inglis emphasized the importance of moving beyond isolated defense strategies, advocating for closer collaboration between governments, private sectors, and international bodies.
He proposed a new “social contract” for cyberspace, fostering shared responsibility to address existing vulnerabilities and emerging threats.
According to Inglis, frameworks for information sharing and collective action are key to closing the gap between attackers and defenders.
The conversation also turned to the increasing role of artificial intelligence in cybersecurity.
While acknowledging that AI is currently being used more effectively by attackers, Inglis expressed optimism about its potential to serve as a powerful defensive tool.
“At the moment, generative AI tends to be more frequently used by the attacker, so that at the moment is something where the attackers are ahead of the defenders. That’s not necessarily the way it needs to be,” Inglis stated.
He called for a more strategic approach to AI development, with a focus on ensuring that it remains under human control and aligned with ethical standards. “We should not, must not, develop AI for its own sake. We have to develop it because we have some plan in mind of what we want it to do,” he emphasized.
Inglis outlined key actions needed to bolster global cyber resilience. These include establishing information-sharing protocols, encouraging collaboration across sectors, and leveraging government resources to complement private sector capacities, particularly in critical areas like finance.
Governments, he suggested, have unique access to intelligence that can inform broader defense strategies, while the private sector excels at innovation and rapid deployment of solutions.
The panel also stressed the need for proactive measures to stay ahead of evolving threats. The global community can create a safer, more resilient digital environment by prioritizing security in future innovations and ensuring that AI technologies are developed responsibly.
These remarks echo the notions raised during the discussions at the UN General Assembly in September, where global leaders called for robust AI governance to prevent its misuse in spreading misinformation and destabilizing democratic processes.
Concerns over cybersecurity developments were raised at another panel at the forum in Riyadh by Paul Selby, chief information security officer at the US Department of Energy.
He painted a bleak picture of the current state of global defensive capabilities in the industry, but added: “Now, what gives me hope? This gives me hope that we're all here. We're all talking about it. The first step in correcting any problem is recognizing the problem,.”
He added that the cost of attacks through supply chain risk management, or as a result of not having supply chain risk management, was $46 billion in 2023 and that is expected to rise to $60 billion in 2025.
“There was last year, 245,000 malware instances in Open Source Software. That's more than double the previous four years,” he added.
“Our adversaries are moving faster than we are reacting," Selby stressed, underscoring the need for a united global response.