2024-08-06 –, Copa
Public safety agencies are adopting increasingly connected and intelligent systems. Next-generation 911 provides dispatchers with ever more information. Robots searching for lost people leverage AI features and novel forms of communication. An incident commander at a wildland fire can get up-to-the-second information from satellite, aircraft, robots, personnel, and sensors, while leveraging AI to predict the fire’s evolution. But how much do they know about the novel risks of all this new technology?
This talk serves as a rallying cry to the cybersecurity community to help public safety agencies to appropriately, responsibly, and ethically adopt these new advances in connectivity and AI. I will present an overview of how public safety approaches the topic of technology, where there are gaps in their understanding, and the impacts that they can have on their ability to keep us safe. I will then discuss how practitioners from across the cybersecurity community can help, ranging from developers, testers, and hackers, through to those in governance and management.
The purpose of this talk is to highlight the challenges, concerns, and misconceptions around cybersecurity and AI risk management in the public safety domain, and to suggest ways in which the cybersecurity community can help those who keep us safe.
Like all sectors, public safety agencies are increasingly faced with the challenges of appropriately and ethically managing risks associated with cybersecurity and AI, both in their own systems as well as in society more generally. Public safety adds an additional layer of risk and time sensitivity due to the nature of the application. A mistake in AI routing can delay an ambulance. A connection issue that disables two-factor authentication can mean a firefighter loses access to common-operating-picture systems. Both can result in loss of life.
Public safety personnel are no strangers to risk management of course. After all, appropriately trained firefighters are allowed to drive 20 ton vehicles the wrong way at high speed down Main St. This is not risk elimination, this is consciously managing a risky act, relative to the risk of not performing that act. Doing so requires a strong well informed risk management and governance. While this has evolved over time for much of public safety, technology has progressed so quickly in the realms of communications and AI that the corresponding policies and procedures have not kept up. This has resulted in a patchwork of policies and procedures, with risks being inaccurately estimated and poorly understood.
We all have a stake when it comes to helping public safety to deal with the new challenges of managing cybersecurity and AI risk. We never know when we are going to need a paramedic in a hurry, we never know when it might be our family or friends who are lost and need to be found. This talk aims to have a broader discussion as to the problems facing public safety, and ways that the cybersecurity community can really make an impact in helping to keep safe those who keep us safe.
First I will talk about my background and why I think this is important, and present some definitions that I will use going forward. I will then present what public safety does, and doesn’t know and have the resources for, and mechanisms by which they learn about how to manage these risks.
I will then describe some of the new and upcoming systems and tools that public safety is adopting. In some cases to improve their capabilities, but often they need to adopt these measures simply to keep up with the times. I will also describe the new problems and risks that these systems pose, that public safety is often unprepared to manage.
Then I will talk about how to identify some of the low hanging fruit, topics that are both impactful and where the public safety community also has some visibility and is actively asking for help.
Finally, I will have a discussion about specific affirmative steps that the cybersecurity community can do to help, from the individual level, right through to organizations, to help public safety organizations to better manage their cybersecurity and AI risk.
Here is the talk outline.
Intro - 5 minutes
- Who am I?
- Motivations.
Definitions and Scope - 5 minutes
- Cybersecurity
- AI
- Public Safety
Overview of how public safety finds things out - 5 minutes
- Guidance and regulations
- Social media and podcasts
- Conferences and conventions
- Sales representatives
Preliminary critical applications - 10 minutes
- Next Gen 911
- Robots and drones
- Increasingly connected systems
- Increasingly smart vehicles and routing
Low hanging fruit - 10 minutes
- Technical impact
- Likelihood
- Acceptance and understanding
- Actionability
- Real-world risk reduction
Opportunities for community involvement and Discussion - 10 minutes
Dr. Raymond Sheh is a researcher with a focus on Trusted Robots and Autonomous Systems, particularly in the areas of Cybersecurity and Artificial Intelligence (AI) Risk Management, Standard Test Methods and Performance Measurement, Explainable AI, and fostering the development of technically and operationally meaningful policy and regulation for robotic and cyberphysical systems. He has a particular interest in working with public safety, academia, and industry, to develop research competitions for intelligent response robots that advance state-of-the-science capabilities while also educating competitors about the need to manage and address cybersecurity and AI risks. He previously taught undergraduate and graduate subjects in Computer Science, Software Engineering, AI, and Cyber Security. Ask him about his experience with robotic lion cubs and his superhero alter-ego's efforts to avert the next AI winter.