Axios Codebook

The U.S. is gearing up to fight a possible onslaught of cyber threats targeting the country's artificial intelligence models and tools.

Driving the news: The National Security Agency is standing up a new AI Security Center that will focus on protecting AI systems from hacks, intellectual property theft and other security threats, Gen. Paul Nakasone, the outgoing head of the agency, said during a National Press Club event last week.

• The center will consolidate all of the NSA's existing work on security and AI while fostering collaboration with the Defense Department, international partners, academia and the tech industry.

Why it matters: The center is attempting to get ahead of what U.S. officials believe will be a swarm of nation-state espionage targeting U.S. AI models and the tools they power.

• NSA's new center signals the U.S.' heightened fears that foreign adversaries will strengthen their abilities to crack AI operators' systems, manipulate their models or even steal their IP.

What they're saying: "AI will be increasingly consequential for national security in diplomatic, technological and economic matters for our country and our allies and partners," Nakasone said at the event Thursday.

• "Today, the U.S. leads in this critical area, but this lead should not be taken for granted," he added.

The big picture: U.S. officials and security researchers have increasingly warned about foreign adversaries' interest in targeting AI models as generative AI tools become more popular.

Between the lines: Much of the work at the new NSA center will focus on how the intelligence community and defense contractors can safely use AI and prevent hacks of their own tools.

• While NSA is better known for its surveillance and espionage operations, much of the agency's work is focused on protecting the defense industrial base, the Pentagon and the intelligence community from spies trying to break into their networks.
• And as the Pentagon eyes ways to further embed AI tools into its daily operations, AI security has become a bigger agency priority, Gregory Allen, director of the Wadhwani Center for AI and Advanced Technologies at the Center for Strategic and International Studies, told Axios.

Zoom in: Only a few people know how to build and deploy AI systems, and even fewer know how to secure AI, said Allen, who is also a former policy director for the DoD's Joint Artificial Intelligence Center.

• "There's not enough of these types of people in the Department of Defense and intelligence community," he said. "Centralizing that activity gives you an opportunity to ensure that that community that possess these extremely valuable skill sets is working on the most important problems."

Threat level: Security researchers have already started to see suspected Chinese adversaries utilizing basic AI tools in their influence operations.

• Last month, Microsoft identified a suspected Chinese disinformation campaign using AI-generated images in its social media posts.
• "I would say that both Russia and China have demonstrated an interest in developing these competencies [to target AI systems]," Allen said. "It's only natural that the United States government be prepared to defend against that threat vector."

Yes, but: Many of the AI security threats the center is safeguarding against have seemingly not yet materialized.

• Nakasone did not share details during the event about who will lead the center or how many staffers will be dedicated to it.

An apparent cyberattack on a major building automation systems manufacturer is gathering national attention after reports that it may have compromised some data belonging to the Department of Homeland Security.

Driving the news: CNN reported Monday that DHS is investigating whether a reported ransomware attack targeting Johnson Controls International affected sensitive physical security information, including building floor plans.

• Johnson Controls has not yet determined the full extent of the incident, saying in a statement only that the company is continuing "to assess what information was impacted" and is "executing our incident management and protection plan."

Why it matters: Government contractors are a ripe target for cyberattacks, and the Biden administration has made it a priority to apply tougher cybersecurity rules to any business working with the government.

Details: Johnson Controls has been responding to a reported ransomware attack for at least a week, according to BleepingComputer.

• The company manufactures security equipment, industrial control systems, fire safety equipment and other physical security devices.
• Customers have included international aerospace manufacturers, universities and medical facilities.

What they're saying: Johnson Controls hasn't shared any additional details about the incident besides what it told the Securities and Exchange Commission in a brief statement in a public 8-K filing Wednesday.

• The filing says the company has "experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident."

The intrigue: No ransomware gang has claimed responsibility for the reported attack yet — suggesting that if this is a ransomware incident, the company could still be in negotiations over whether to pay a ransom to unlock its systems.

Between the lines: Johnson Controls is far from the first government contractor to face a cyberattack or espionage campaign.

• A high-profile espionage campaign in late 2020 that affected at least nine federal agencies and at least 100 companies started with Chinese hackers targeting government contractor SolarWinds.
• Another government contractor, Maximus, suffered a breach this year as hackers targeted a vulnerability in the popular file-transfer tool MOVEit.

Nearly 100,000 systems powering physical critical infrastructure are exposed to the public internet — making them a ripe target for hackers, according to new research from cyber risk firm Bitsight.

Why it matters: Malicious actors could exploit these exposed systems to target traffic light systems, water systems, power grids and more.

Details: Bitsight's security researchers found roughly 100,000 so-called industrial control systems (ICSs) whose IP addresses are public, opening a door through which attackers could try to gain access to their networks.

• ICSs are used to manage the processes that run within physical infrastructure, such as moving water through a municipal water system or transmitting electricity through power grids.
• The companies with exposed ICSs span 96 countries and include some Fortune 1000 organizations. Education organizations have the largest number of exposed systems.

The big picture: Critical infrastructure operators face a unique set of challenges to keep their systems secure.

• Installing security patches and software updates on the physical parts of critical infrastructure usually requires shutting down vital services, and operators have to build ways to make it more difficult for hackers to worm their way into these ICSs.

Yes, but: The number of exposed ICSs has steadily decreased since 2019, when Bitsight found nearly 140,000 exposed systems.

• "This is a positive development, suggesting that organizations may be properly configuring, switching to other technologies, or removing previously exposed ICSs from the public internet," Bitsight noted in the report.

Be smart: Bitsight recommends critical infrastructure operators identify which ICSs they have in place and remove them from the public internet.

@ D.C.

🩺 The Food and Drug Administration is now enforcing its cybersecurity regulations for medical devices. (CyberScoop)

📆 The U.S. intelligence community has missed a congressional deadline for a report detailing how it uses "open-source intelligence" in its spying operations. (Bloomberg)

@ Industry

📈 Cybersecurity investments are expected to reach $215 billion next year, a 14% increase from this year, according to new Gartner estimates. (Cybersecurity Dive)

📦 Chainalysis, a blockchain tracing company that helps clients identify illicit transactions, is laying off 150 employees, or 15% of its workforce. (Forbes)

@ Hackers and hacks

📲 Chipmaker Arm warned that hackers are actively targeting an unpatched security flaw in its device drivers for some GPUs, which are found in several popular devices, including Google Pixels and Chromebooks. (Ars Technica)

😶‍🌫️ The full extent of the damage caused by those exploiting a vulnerability in the MOVEit file-transfer program is still coming into view, nearly five months after the flaw's discovery. (Wired)

🚑 Administrators at two Prospect Medical Holdings hospitals in Connecticut issued 29 "divert notifications" to emergency personnel in the region while recovering from a recent, weekslong cyberattack. (The Connecticut Mirror)

I have a lot of questions about this iris-scanning art service, called Iris Galerie, that I came across throughout Europe while traveling last week.

• It seems less creepy than some other iris-scanning services out there — this one sells artistic renderings of your iris to you, and the company claims it doesn't link the photos back to your personal data.
• But it just doesn't sit right with me. 👀