Super Bowl Ads Tackle AI and Cybersecurity
February 4, 2019 | Security and Risk | Katie Curtin-Mestre
Super Bowl LIII just concluded and the Patriots are now tied for the most Super Bowl victories in NFL history alongside the Pittsburgh Steelers. And Tom Brady is now the oldest quarterback to ever win the Super Bowl and no quarterback has even played in more Super Bowls than Brady has won! But, enough carrying on about the Patriot’s epic win and let’s discuss what the main event is for many Super Bowl viewers, the advertisements!
From my point of view, the best ads from Super Bowl LIII were the “not brewed with corn syrup” ads from Budweiser Light. The ads kept the popular “Dilly! Dilly!” concept going while cleverly weaving in Bud Light’s new “not brewed with corn syrup” theme. And the Bud Light take-over ad by HBO’s Game of Thrones was completely unexpected and quite clever.
However, even when watching the Super Bowl, I don’t stop thinking about cybersecurity. So, I noticed just how many of this year’s Super Bowl ads related to the power and potential downside of artificial intelligence. The most positive depiction of AI came with the ad for the Mercedes A class. The protagonist in the ad uses AI-backed voice recognition software to makes his wishes come, including swapping out the singer at an opera for Ludacris and freeing a whale — Free Willy- style. Although the Mercedes A class cannot go that far in real life, the voice recognition and AI can free up the driver’s hands by making cabin temperature adjustments, changing the media that’s playing or altering the cabin lighting.
In contrast, other ads hinted at some of the potential risks that AI could bring. A good example here is the SimpliSafe home security ad where an anxious middle aged man worries that robots are going to take his job and that his smart speakers are “always listening.” But, the ad that best exposes the risks of AI is the ad from Alexa showing some of the Alexa functionality that didn’t make the cut, including a dog collar that let Harrison Ford’s pug order insane quantities of dog food and sausage, while Harrison Ford looks on helpless.
Although done in a humorous, tongue in a cheek fashion, the ad does point to the very real down side of poorly designed and poorly secured always-connected AI-powered technology. Although an Alexa dog collar that allows Fido to order a ton of dog food might seem funny, a manufacturing organization that has its industrial robots hacked could face very serious consequences.
A recent article in the Wall St. Journal titled “For Industrial Robots, Hacking Risks are on the Rise” points out that risk of cyberattacks against industrial robots is increasing as more of these robots are being connected to the Internet and as the adoption of 5G encourages more connected automation. An attacker could potentially leverage unsecured privileged access to take control of a manufacturing robot and alter its movements so that it creates defective products. Or attackers could plant malware in the robots, forcing companies to pay a ransom before they can return to normal operations.
Risks are not strictly limited to the domain of manufacturing robots. Software bots are becoming increasingly popular as enterprises adopt Robotic Process Automation (RPA). RPA automates and standardizes repeatable business processes with the use of software robots. These software robots interact with applications in the same way that a person does. While RPA delivers tremendous business benefits to organizations in terms of increased operational efficiency, it can come with some risks if not properly secured. For example, an attacker could compromise a highly privileged robot user account to gain access to sensitive data and move laterally within a network or a malicious insider could train a bot to destroy high-value data or interrupt key business processes.
I doubt that Amazon’s Alexa Super Bowl ad was supposed to send viewers down this line of thinking, but let’s hope that other vendors of AI powered technology will share the “not everything makes the cut” sentiment of this ad so that we don’t end up in the “Click Here to Kill Everybody” future envisioned by Bruce Schneier where smart devices leave us open to cyber-attacks from all directions.
If your organization has questions about how to secure AI enabled systems, click here to learn more about the CyberArk Marketplace, which features CyberArk Privileged Access Security integrations with ICS and RPA.