Cybersecurity has become an integral part of our daily lives, especially with the increasing reliance on autonomous technologies. From drones to critical infrastructure, the threat landscape continues to rapidly advance, making it essential to stay informed about the latest developments. The recent Full Crew podcast, hosted by Dawn Zoldi, featured a discussion on some of the hottest topics in cybersecurity with experts Hahna Latonick, Director of R&D at Dark Wolf Solutions; Gary Corn, Director, Technology, Law & Security Program at American University, Washington College of Law; and, Oren Elkayam, CEO and Co-Founder at Mobilicom. This article dives into the key themes discussed during the episode, which focused on offensive cyber operations, AI-powered cyber threats and the need for robust defensive cyber capabilities for drones.
Waves of Cyber Ops Crashing Against National Security
Recently, several members of the U.S. Congress urged the Trump administration to engage in offensive cyber operations against China. This push appears to be a response to China’s increasingly aggressive cyber activities, including recent operations like Volt Typhoon.
The Escalating Threat and Response
Volt Typhoon involved AI-enhanced “living off the land” tactics, techniques and procedures (TTPs) to infiltrate U.S. critical infrastructure. According to CISA, these TTPs use built-in network administration tools to perform their objectives. These activities also demonstrated a strategy shift towards pre-positioning cyber attacks in critical systems. This would allow China to disrupt services at strategic moments, such as triggering the disruption or denial of critical services (think: nuclear meltdown) during – say – a Taiwan contingency. This demonstrates an escalation in tactics.
Corn highlighted that China’s espionage activities are not limited to national security secrets but also include economic espionage and include a long history of intellectual property (IP) theft. As a result, he noted that Congress has long been vocal about its desire for administrations to be more proactive in countering cyber threats.
For example, Section 1642 of the 2019 John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA), authorized the National Command Authority to direct the Commander of U.S. Cyber Command to take appropriate and proportional action in foreign cyberspace to disrupt, defeat, and deter systematic and ongoing cyber attacks by China, Russia, North Korea and Iran.
Defending Forward And Persistent Engagement
Since then, the U.S. has adopted a strategy of “persistent engagement” and “defending forward,” which involves proactive defense and offense to disrupt and deter adversaries. This approach marks a shift from previous policies of restraint, which relied on modeling good behavior to deter adversaries. Corn explained that this newer strategy acknowledges the U.S. is already engaged in a cyber conflict and seeks to impose consequences on adversaries to deter further aggression.
The concept of “forward defense” differs from offensive operations in that it emphasizes proactive measures to secure U.S. systems and disrupt attacks, rather than solely focusing on retaliatory strikes. This strategy involves continuous engagement with adversaries in cyberspace to disrupt their operations and protect U.S. interests. This nuance is important, according to Corn. The legal implications of engaging in offensive operations are complex.
Are We Ready for the Blowback?
Aside from legal implications, engaging in offensive cyber operations can potentially result in real physical responses on U.S. soil. The potential for retaliation, which could target critical infrastructure (think: Netflix series “Zero Day”), could lead to widespread disruptions, damage or even death.
Elkayam expressed concern about the defensive readiness of the U.S., should it choose to engage in offensive cyber operations. He emphasized the need to first ensure that the country’s assets are protected. “Once we start something publicly, then we have to make sure that on the protection side, we are safe,” he warned.
Corn agreed that caution was necessary, noting the adage that “people in glass houses should be careful when they’re throwing stones.” But he emphasized that the policy of restraint had encouraged, not discouraged hostile adversary cyber operations, necessitating a robust counter-cyber approach.
AI-Powered Cyber Striking Critical Infrastructure…And More
The Volt Typhoon attack linked to China provided a perfect segue into the next topic: AI-powered cyber threats. Latonick explained, with the advent of AI-powered cyber attacks, “The threat landscape has definitely evolved rapidly…and in a very sophisticated way.”
AI: A Dual-Use Threat Enhancer
The Volt Typhoon exemplifies this shift. By utilizing AI-enhanced stealth techniques to infiltrate U.S. critical infrastructure, this sophisticated approach highlights the rapid evolution of cyber threats and underscores the imperative need for robust AI-driven defenses.
Beyond state actors seeking to harm the nation, cybercriminals are also weaponizing AI to enable more sophisticated and automated attacks against everyday citizens and commercial businesses. These threats include AI-driven phishing and malware generation, which can adapt to security defenses in real-time. The BlackMamba malware, for instance, was designed as a keylogger to track user activity but it also employed polymorphic techniques, which allowed it to modify itself and evade detection by antivirus software.
The Best Offense: A Strong Defense?
In this diverse and escalating threat landscape, a proactive approach to cybersecurity is required. To counter AI-powered threats, businesses must adopt AI-driven cyber defensive solutions. This involves integrating AI into security systems to detect and respond to threats more effectively than human capabilities alone can manage.
However, the development of robust AI defenses is contingent upon having a skilled workforce equipped with the skills to develop, implement, and manage these AI systems. The U.S. faces challenges in retaining AI experts, particularly in the federal sector, where probationary employees have been recently let go and some rehired. This instability can hinder the development of effective AI defenses. Developing a workforce capable of harnessing AI for cybersecurity is essential to maintaining a competitive edge against adversaries.
Protection Tips From the Expert
Latonick provided recommendations to defend against AI-powered threats. These apply to public and private entities alike:
- Implement Zero Trust Architecture: Verify every interaction and access within your network, authorizing access to valid users.
- Integrate AI-Driven Cyber Defenses: Use AI to enhance your security systems.
- Educate and Train Employees: Teach employees about AI-driven threats, such as AI-driven phishing.
- Monitor and Regulate AI Use: Ensure policies are in place for how AI can be used within companies.
- Collaborate with Experts: Work with AI and cybersecurity experts to stay ahead of evolving threats.
- Share Information: Encourage collaboration across industries, government, military, and academia to strengthen national security
Drone Industry Should Be Preparing Robust Cyber Defenses Too
As drones become increasingly integral to both military and civilian operations, their vulnerability to cyber threats has become another pressing concern. Elkayam highlighted the critical urgency of securing these autonomous platforms against a myriad of threats—from communication jamming and electromagnetic interference (EMI) to the more urgent and often overlooked risks lurking inside the platform itself.
Morphing Attack Surfaces of Drones
Drones, equipped with sophisticated computing systems and AI, are essentially flying computers that can be hacked and controlled remotely. The communication between drones and their ground control stations (GCS) often remains vulnerable to cyber threats and makes them susceptible to unauthorized access and manipulation.
Elkayam emphasized that the industry’s low cyber maturity and the ease of hacking drones pose significant risks, particularly in environments where drones are used extensively, such as in the defense and commercial sectors. He outlined the key categories of attack surfaces that make drones especially vulnerable:
- Communication Threats: Drones can be taken down by attacking the communication links between the drone and its GCS. This can be achieved through cyber threats or by disrupting communication signals.
- Navigation Threats: GPS spoofing or jamming can cripple a drone’s ability to navigate. This can lead to loss of control or unintended actions.
- Platform Vulnerabilities: Drones are complex systems with multiple components, including AI and GPU/CPU, all of which can be exploited by hackers. The lack of continuous monitoring, detection, and prevention tools leaves drones unprotected against sophisticated attacks.
Case Study: Hacking a Drone with EM Fault Injection
Elkayam described a notable case study in which researchers from IOActive demonstrated how drones can be hacked using electromagnetic fault injection (EMFI) attacks. They targeted a DJI Mavic Pro drone, which features advanced security measures such as encrypted firmware, Secure Boot and a Trusted Execution Environment (TEE). The researchers used EM signals to disrupt the drone’s microprocessor. This caused memory corruption and the potential to allow arbitrary code execution. In essence, they successfully crashed the targeted process, which paved the way for potential full control of the drone.
Continuous, Robust Protection Must Be Built In
Given these vulnerabilities, Elkayam stressed the importance of implementing multi-layer security operations for drones. This includes not just initial testing and vulnerability mapping but ongoing protection measures similar to those used in the healthcare and finance industries. The absence of such defenses makes drones liabilities rather than assets, especially in critical applications, he said.
To learn more, read the articles selected by our Crew and discussed in this episode:
- Republicans Urge Trump Admin to Launch Offensive Cyber Operations Against China, by David DiMolfetta, Cybersecurity Reporter, Nextgov/FCW
- Hack the Sky: Adventures in Drone Security, by Gabriel Gonzalez, IOActive
- Navigating AI-Powered Cyber Threats in 2025: 4 Expert Security Tips for Businesses, by Dan Patterson, Contributor, ZDNet/innovation
By: Dawn Zoldi