AI and supply chain in the national security arena
We live in interesting times. Almost every aspect of our daily life has been uprooted in a technological revolution which continues to gather pace. Computing services are increasingly commoditised, bringing what was once science fiction to life and embedding new operating costs across the whole of society. Everything is a competition. There are conflicts – and conflicts of interest – everywhere, as commercials and ethics clash and grind against one another.
This rapidly shifting landscape brings with it great potential benefits. Technology can make processes more efficient and reduce barriers to entry for novel services which can improve all of our lives. But we’re also faced with frequent reminders that we are living through a technical arms race, during which tech is being leveraged by bad actors to serve their own ends.
There are two major front lines of this arms race – the integrity of our supply chains, and ethical deployment of artificial intelligence (AI). But this doesn’t mean that more traditional and better understood threats have all disappeared.
As an SME focused on providing user-centred, secure digital services to empower citizens, Zaizi has a vested interest in keeping a close eye on these advancements. We’re working closely with our government clients to address these and other challenges so that the potential of digitally empowered citizens can be truly realised. That’s our mission.
Wake-up calls
Last June, the NCSC reported that criminals had explored a vulnerability in Progress Software’s MOVEit file transfer app. The exploitation of an SQL injection flaw led to significant data breaches, affecting both government and public sector entities. This incident exemplifies the vulnerabilities inherent in complex tech supply chains.
But this is the thin end of the supply chain wedge. Only weeks ago, the international community issued a stark message: nation states have been living off the land in critical infrastructure for some time. Given the potential for destructive disruption and the longevity of the campaign, we all need to scrutinise and better understand the touchpoints of our systems and devices and services, and more effectively chase the impacts of critical flaws across technical estates. A compromised firewall is no firewall at all.
At Zaizi we pay keen attention to the tactics, techniques and security practices which may present risks. Our constantly evolving software development pipelines proactively scan code for vulnerabilities, track dependencies on third party libraries, and provide mechanisms for the rapid deployment of patches/roll backs. We believe it’s vital that our clients get unprecedented observability of everything deployed in or in proximity to their environments, and have ready capability to remediate if something goes wrong. Our expertise means we can do this even within the most sensitive and security conscious contexts.
READ: Balancing act: The art of modernising secure legacy systems
Navigating these new frontiers
The rapid advancement of AI poses unique challenges and opportunities. AI is hugely powerful, but it is also fallible.
Recent disclosures and security flaws – for example, the exposition of ChatGPT training data through a divergence attack – necessitate a proactive and informed approach to cybersecurity and the need for robust governance frameworks. There is huge potential for AI to be used in cyber-attacks, misinformation campaigns, and as a tool for state-sponsored espionage. And there is growing evidence the potential is being realised – with state actors augmenting their code bases and improving their social engineering with nothing more complex than publicly available GPTs.
The UK’s substantial investment in AI research and regulation reflects an acknowledgment of these complexities and we welcome the government’s attempts to better regulate the space.
However, it is important to highlight the huge opportunities here, too. Machine learning and AI can rapidly process vast amounts of data to identify patterns indicative of cyber threats or malicious activities. These technologies can also automate routine tasks, freeing up cognitive capacity and valuable time, while AI-driven simulations and predictive analytics can aid in scenario planning and resource allocation.
A number of our clients are looking for us to integrate AI models into their solutions, to improve their operational efficiency and effectiveness and make vast amounts of disjointed information more accessible and easier to digest.
Partnership as the way forwards
The safety of government data and operations, the ethical deployment of AI, and the resilience of our supply chains demand ongoing vigilance and adaptation. This is why Zaizi takes a partnership approach to our relationships with our government clients.
The technological market may compete and conflict, but the tone we collectively set and the actions we take to protect our supply chains and harness AI matter – perhaps now more than ever. By embracing comprehensive security measures, fostering innovation within ethical and regulatory frameworks, and preparing for the future of AI, we can ensure a secure and prosperous future for the public sector and beyond.
As our brand promise declares: digital government is hard, together we’ll succeed.
If you have any questions or would like to find out more about our work, please get in touch.
-
How Zaizi’s user-centred approach won the trust of border officers
-
Does the state need to be more like a start up?
-
How to kickstart AI projects in government — lessons from Border Force, HMRC and GIAA
-
My first Regional Scrum Gathering in Stockholm – key takeaways
-
Transformation Day – How do you fit a square peg in a round hole?
-
How product management improves public sector digital services