TOP OF THE DAY – New and Old Tools to Tackle Deepfakes and Election Lies in 2024
(Kenneth Parreno, Christine Kwon, Victoria Bullock, John Langford – Lawfare – 1 October 2024) It will come as no surprise (…) that deepfakes and election lies pose a serious and growing risk to voters and the integrity of our elections. In 2016, for example, Douglass Mackey attempted to suppress the vote by posting memes encouraging voters to cast ballots by text. In 2022, vigilantes in Arizona spread the lie that voters could legally deposit only their own mail-in ballots at drop boxes and accused voters who (legally) deposited multiple ballots of being “mules.” And this election cycle—after years of warnings from legalscholars and law enforcement—we are beginning to see generative artificial intelligence (AI) deployed in malicious efforts to deceive voters through deepfakes. – New and Old Tools to Tackle Deepfakes and Election Lies in 2024 | Lawfare (lawfaremedia.org)
Governance
(Clara Apt – Just Security – 1 October 2024) From Sept. 22-27, heads of state and government convened in New York City for the 79th session of the United Nations General Assembly (UNGA79) high-level week. The session kicked off with the highly-anticipated Summit of the Future, culminating in the adoption of the Pact for the Future — a non-binding agreement that puts forth 56 “actions” for states to chart a “new beginning” in multilateral cooperation and effectively respond to emerging issues. Following the Summit, leaders participated in the General Debate, with member states giving speeches on their countries’ priorities and perspectives. As anticipated, the ongoing wars in Gaza, Ukraine, and Sudan, along with humanitarian emergencies, the climate crisis, and sustainable development, dominated discussions during high-level week. However, artificial intelligence (AI) also emerged as a key topic at the Summit of the Future and during the General Debate. Leaders highlighted the importance of global AI governance—addressing existential threats, bridging digital divides, and ensuring the technology’s development and use align with an international framework—underscoring the growing significance of AI on the international stage. – AI at UNGA79: Recapping Key Themes (justsecurity.org)
(Jacob Wulff Wold – Euractiv – 1 October 2024) The Commission disclosed disagreements between general-purpose model providers and other stakeholders at the first Code of Practice plenary for general-purpose artificial intelligence (GPAI) on Monday (30 September). For providers of GPAI systems like ChatGPT, the EU AI Act relies heavily on the Code of Practice, which will detail what the Act’s risk management and transparency requirements would entail in practice until standards are finalised, sometime in 2026. – Commission discloses disagreements between general-purpose AI providers and other stakeholders – Euractiv
(Brett McDonnell, Alan Z. Rozenshtein – Lawfare – 1 October 2024) The November 2023 boardroom coup that briefly deposed OpenAI CEO Sam Altman illustrated both the promise and the limits of OpenAI’s unusual governance structure, by which the leading artificial intelligence (AI) laboratory was (and at least for now still is) controlled by a nonprofit board of directors that could (and briefly did) act in ways that threatened the company’s existence, not to mention its bottom line. But the board’s attempt to assert its authority was short-lived. Altman returned as CEO a week after being fired, and those board members who voted for his ouster, including OpenAI co-founder and chief scientist Ilya Sutskever, ultimately left the company. The Altman saga raises a number of questions about the role of nontraditional governance models—that is, those that depart from normal for-profit corporate governance—in the development of AI. – The Promise and Perils of Nontraditional Corporate AI Governance | Lawfare (lawfaremedia.org)
Geostrategies
(Matthew Miller – US Department of State – 1 October 2024) The United States is today taking additional action against affiliates of the Russia-based, U.S.-designated cybercrime group Evil Corp. The Department of the Treasury is designating seven individuals and two entities associated with the group. We are taking this action in coordination with the United Kingdom and Australia, who are concurrently designating select Evil Corp-affiliated individuals. – Taking Action with Partners to Combat Russia-Based Cybercriminal Group – United States Department of State
(W.Y. Kwok – The Jamestown Foundation – 30 September 2024) The People’s Republic of China (PRC) has trained 2,700 foreign police officers in the past year and pledged to train an additional 3,000 in the coming 12 months, as part of its growing involvement in global security governance. The Global Public Security Cooperation Forum, held this year in Lianyungang, saw participation from 122 countries, regions, and international organizations. It showcased the PRC’s vision of global public security cooperation and advanced law enforcement technologies, including facial recognition software and drones. The conference advanced the PRC’s ambitions to set new global security standards, particularly through the launch of the Global Public Safety Index and initiatives addressing transnational crime and AI-related risks. – The Lianyungang Conference and Beijing’s Attempts to Reshape Global Security – Jamestown
Security
(Eliza Gkritsi – Euractiv – 1 October 2024) The Council of the European Union is calling for increased transparency around EU cybersecurity certification schemes developed by the EU Agency for Cybersecurity (ENISA), according to draft conclusions seen by Euractiv. The draft, dated 26 September, urges the Commission to “find ways” to have a “more transparent” approach to the development of EU cybersecurity certification schemes, stressing the role of member states in the process, and calls on ENISA to consult relevant stakeholders in a “timely manner” through a “formal, open, transparent, and inclusive process.” – Council calls for transparency around ENISA cybersecurity certification schemes – Euractiv
(Kevin Townsend – SecurityWeek – 1 October 2024) As organizations increasingly adopt cloud technologies, cybercriminals have adapted their tactics to target these environments, but their primary method remains the same: exploiting credentials. Cloud adoption continues to rise, with the market expected to reach $600 billion during 2024. It increasingly attracts cybercriminals. IBM’s Cost of a Data Breach Report found that 40% of all breaches involved data distributed across multiple environments. – Cracking the Cloud: The Persistent Threat of Credential-Based Attacks – SecurityWeek
(Alessandro Mascdellino – Infosecurity Magazine – 1 October 2024) The University Medical Center (UMC) Health System in Lubbock, Texas, has confirmed a ransomware attack that disrupted its IT infrastructure last week, forcing the diversion of emergency and non-emergency patients. UMC, the only level 1 trauma center within 400 miles, faced significant operational challenges, with phone systems down and the patient portal inaccessible. Despite this, UMC’s healthcare facilities, urgent care clinics and physician offices remained open, operating under downtime procedures. – Ransomware Attack Forces UMC to Divert Emergency Patients – Infosecurity Magazine (infosecurity-magazine.com)
(Phil Muncaster – Infosecurity Magazine – 1 October 2024) Millions of Brits have fallen victim to fraud over the past three years, costing the wider economy an estimated £16bn ($21bn), according to a new study sponsored by Santander UK. The banking giant enlisted the help of cross-party think tank the Social Market Foundation (SMF) to poll 28,000 respondents across 15 European countries, to better understand the impact of fraud – most of which happens online today. – Ten Million Brits Hit By Fraud in Just Three Years – Infosecurity Magazine (infosecurity-magazine.com)
(Phil Muncaster – Infosecurity Magazine – 1 October 2024) European IT security teams are overstressed, underfunded and suffering from major skills gaps and shortages, according to ISACA. The industry body polled over 1800 members across the region to better understand the challenges facing professionals in the sector. – ISACA: European Security Teams Are Understaffed and Underfunded – Infosecurity Magazine (infosecurity-magazine.com)
(Phil Muncaster – Infosecurity Magazine – 1 October 2024) Phishing has been a top cyber threat for decades. Relying as it does on duping employees into clicking links, opening attachments and/or sharing important information, it remains an evergreen tactic for threat actors. One report from January 2024 found that 94% of cyber decision-makers had to deal with a phishing attack in 2023. In order to circumvent phishing filters and trick more savvy users, malicious actors are designing new sophisticated campaigns. – How to Outsmart Novel Phishing Tactics and Techniques – Infosecurity Magazine (infosecurity-magazine.com)
(Rohit Kumar Sharma – Manohar Parrikar Institute – 30 September 2024) India’s online gaming industry is rapidly expanding.With 442 million gamers, India has become the second-largest gaming market globally. Despite a 28 per cent GST on online gaming, the sector is projected to reach US$ 8.92 billion in the next five years, according to an assessment. As one of the rapidly growing segments in the entertainment industry, there are many concerns associated with the online gaming industry, such as potential addiction, cybersecurity issues, and other malicious activities. Recently, an investigation by the Enforcement Directorate against an online gaming app has led to the disclosure of an estimated Rs 400 crore fraud. To tackle these challenges, the Indian government has laid down rules to support the steady growth in the online gaming sector while implementing measures to prevent illicit activities and potential pitfalls. – Regulating India’s Online Gaming Industry | Manohar Parrikar Institute for Defence Studies and Analyses (idsa.in)
Defense, Intelligence, and War
(Carley Welch – Breaking Defense – 1 October 2024) The Army took the next step its pursuit of tech for its Next Generation Command and Control (NGC2) initiative by reaching out for industry’s ideas Monday. In a request for information (RFI) posted online, the Army’s program executive office for command, control, communications-tactical (PEO C3T) announced it is seeking input on “experimentation, pilots and, prototyping” in establishing NGC2. – Army seeks new industry input for Next Generation Command and Control initiative – Breaking Defense
(Abhishek Kumar Darbey – Manohar Parrikar Institute – 27 September 2024) The Chinese leadership has been wary of possible social and political disturbances as a result of the exposure of the Chinese netizens to digital platforms. Externally, the Chinese government has robustly opposed the alleged ‘anti-China’ narratives espoused by the West. The People’s Liberation Army (PLA) is also using virtual reality (VR) simulated technology in military training to strengthen cognitive thinking and physical training of its soldiers. – China and Cognitive Warfare: An Overview | Manohar Parrikar Institute for Defence Studies and Analyses (idsa.in)