NEW YORK CITY. The cybersecurity potential of artificial intelligence, or AI, is stoking interest in both government and industry circles -- and efforts to make use of the advanced technology could also drive new models for aspects of cyber-related regulation, particularly in the finance sector.
The financial sector and makers of financial technology products are clearly looking into the possibilities, a topic discussed extensively here at last week’s Securities Industry and Financial Markets Association “FinTech” conference.
Government leaders said they too are taking steps that could encourage the use of AI as a cybersecurity tool.
Craig Phillips, counselor to Treasury Secretary Mnuchin, in a Thursday speech at the SIFMA conference, strongly endorsed a “responsible innovation” initiative at the Office of the Comptroller of the Currency that could help clear the way for greater use of AI technology by financial firms for cyber and other purposes.
Phillips cited accelerating innovation and addressing regulatory fragmentation in the financial sector as two prime goals for the department. Many panelists at the SIFMA event stressed that the multitude of regulators in the financial sector poses challenges for firms trying to incorporate new technologies like AI, and urged the Treasury Department to aggressively pursue regulatory harmonization.
Also on Thursday, former White House cybersecurity coordinator Rob Joyce, now back at the National Security Agency, called AI a “key element” in a cybersecurity strategy.
“The point about AI being a key element of the future, I think there is so much that AI can do to clean out anomalies, to move the speed of cyber, in setting up those defenses,” Joyce said at the Capitol Hill National Security Forum sponsored by House Homeland Security Chairman Michael McCaul (R-TX).
Lawmakers are taking a look at AI as well. Two House Energy and Commerce subcommittees are planning to hold a joint hearing on Tuesday on the topic.
At the regulatory level, sources with financial firms and FinTech vendors say regulators are receptive to their efforts to employ AI, while suggesting the advanced technology will also require a sophisticated regulatory approach.
“How to navigate multiple regulatory overlays is a good question” as firms consider employing AI-based tools, Jennifer Klass of law firm Morgan Lewis said on a panel at the SIFMA event. “We’re trying to have these discussions with regulators, [but] it’s definitely a balancing act.”
Klass embraced the idea of a “’sand box’ as a way to permit innovation.”
SIFMA, in a proposal that goes well beyond cybersecurity, is calling for federal authorities to create such a “sand box” where firms can experiment with technologies like AI without facing immediate regulatory consequences.
Various participants at the SIFMA event urged early collaboration with regulators as firms look to AI and other advanced technologies.
Gary Nichols of Charles Schwab noted “there is not a well-defined ‘control environment’ for AI” and said “over the next two years this will be a major topic."
Stefan Dicker of the FinTech firm Rise, speaking alongside Nichols on a panel, said “the conversation is accelerating on ‘dynamic controls,’” while Klass said the control environment around AI must “be flexible and adapt quickly.”
Dicker said: “We tend to look at applying controls to these technologies, but that’s kind of counter to the purpose. We’re talking about this and struggling with what kind of framework to apply [to AI] -- people policies or technology policies, or a new category?”
Regulators and firms alike will have to “set parameters on how much risk they are willing to accept,” Dicker said, while adding that it probably isn’t “worth establishing rigid controls when the environment is changing so quickly.”
“Engage with the regulators at the front end,” Klass advised.
Added Nichols, “Guide them on what you’re doing -- they are responsive.”
It seems that the technological possibilities and regulatory interests could dovetail around AI as the financial sector is increasingly interested in capturing its myriad benefits and the Treasury Department pursues its interest in regulatory streamlining and promoting innovation.
Supporters say there’s nothing fake about possibilities of artificial intelligence
AI technologies offer a broad variety of possible cybersecurity uses that could be of interest to regulators as well as firms in the financial and other sectors.
Rob High, the vice president and CTO of IBM Watson, said his firm has a “cybersecurity offering infused with AI” that is “focused on the response side” of cyber challenges.
“Once a threat is identified, we help find the remediation steps” in real time,” High told Inside Cybersecurity after his presentation here. Typically, he said, “administrators can’t find [the right remediation steps] fast enough."
Watson’s cyber offering also helps eliminate “false positives” identified by security systems, he said, which “take away valuable time that should be spent on real security work."
AI tools also seem likely to help in the cyber-threat indicator environment, where sophisticated organizations are already well into advanced machine-to-machine sharing and machine-learning activities. AI could be a boost to the “analysis” function that is often seen as lagging at some info-sharing entities.
And representatives of Broadridge North America Wealth and Capital Markets Solutions said here that AI tools serve as an “enhancement” of current security and control systems, and “allow 100 percent sampling.”
Of course, questions remain on how AI will -- and should -- be incorporated into the cybersecurity context, especially in highly regulated sectors like finance.
There are also myriad questions to address, both profound and mundane. For instance, panelists here weighed whether an artificial intelligence tool should be considered a machine or an employee for purposes of regulatory controls and oversight. Further, does it require “a magic off switch,” as one panelist asked.
Answers to such big questions will take awhile, participants here acknowledged, but the process is underway and upcoming regulatory reform moves in the financial sector, in particular, seem likely to help clarify the issues at play and promote real-world experience with AI tools. -- Charlie Mitchell (cmitchell@iwpnews.com)