US National Cybersecurity Strategy || Feeding ChatGPT with sensitive data
CyberInsights #84 - US releases its cybersecurity strategy 2023 || More AI cybersecurity threat
US Cybersecurity Strategy 2023
The US wants to ‘hold the stewards of our data’ accountable.
The cybersecurity strategy released by the United States in March 2023 is an update to the previous strategy. It organises itself into 5 pillars:
Pillar 1 — Defend Critical Infrastructure
Pillar 2 — Disrupt and dismantle threat actors
Pillar 3 — Shape market forces to drive security and resilience
Pillar 4 — Invest in a resilient future
Pillar 5 — Forge international partnerships to pursue shared goals
While publicly released strategies are a subset of any nation’s security strategies, they give an idea of the direction. This opinion from Arstechnica interprets pillar 3 to hold corporations liable for bad cybersecurity. Read Gartner’s summary here.
Take Action:
Read the document, especially Pillar 3.
If your organisation handle any type of PII data, be prepared for stringent regulatory control.
Sensitive Business Data to ChatGPT?
ChatGPT simplifies work. It also can be a new source of sensitive data leak.
It’s easy for everyone to ask things to ChatGPT. The more data you provide, the more accurate its responses. Where do you cross the line where you start sharing sensitive data with ChatGPT?
This article speak of employees sharing sensitive data with ChatGPT. Many corporates have released guidelines on what can and cannot be shared on ChatGPT.
Take Action:
Repeating myself — Threat Model. Threat Model. Threat Model.
Read up on attacks like ‘training data extraction attack’ and other attack vectors for AI based systems.