TOP OF THE DAY – Russian Disinformation Targets the European Union
(Sergey Sukhankin – The Jamestown Foundation – 2 October 2024) Russia continues to conduct misinformation campaigns against Europe. As its war in Ukraine continues and Europeans become tired of the prolonged conflict, fewer people will be engaged and thus more susceptible to disinformation coming from Russia. Russia’s current disinformation campaign revolves around three key ideas: the spread of anti-Ukrainian agendas, anti-EU themes and narratives, and the glorification of Russia, its military-political leadership, diplomacy, and economic “achievements.”. Ordinary people already see the problems within European society that the European Union needs to solve, and it will only take a slight push from Russia to spur discontent among vulnerable populations against their governments’ shortcomings. – Russian Disinformation Targets the European Union – Jamestown
Governance
(Eliza Gkritsi – Euractiv – 3 October 2024) Digital wallets for age verification are being developed to protect minors on large social media platforms under the Digital Services Act (DSA), before they are deployed under another regulation, a European Commission official said on Wednesday (2 October). The digital wallets were envisioned under the latest Electronic Identification and Trust Services for Electronic Transactions (eIDAS) regulation, signed in April to amend a previous text. They are designed as a tool for EU citizens to “control their digital identity” while “moving seamlessly across borders,” according to a Commission website. Possible use cases range from public services to banking. – European authorities press on with digital wallets for social media age verification – Euractiv
(Vasiliki Angouridi – Euractiv – 3 October 2024) The EU’s digital transformation efforts were at the epicentre of the European Health Forum Gastein. Euractiv spoke to Steffen Thirstrup, the European Medicines Agency’s Chief Medical Officer, about the challenges of healthcare digitalisation. For Thirstrup, digitisation presents important opportunities but also requires overcoming some fundamental obstacles. In the regulatory field, EMA has been building its digital toolkit to ensure its own digital evolution through its Medicines Regulatory Network (EMRN). As the EU tries to follow rapid and multifaceted digital developments, healthcare’s digital transformation is promoted on different levels through regulatory milestones like the European Health Data Space (EHDS) and the AI Act. – Trust and inequalities challenge EU’s healthcare digital transformation, says EMA Chief Medical Officer – Euractiv
(Jacob Wulff Wold – Euractiv – 3 October 2024) Lead AI developers are poor at risk management according to a rating published by SaferAI on Wednesday (2 October), with French company Mistral AI scoring among the worst. SaferAI, a French non-profit that aims to “incentivise the development and deployment of safer AI systems,” rated the risk management practices of Anthropic, OpenAI, Google Deepmind, Meta, Mistral, and xAI as moderate or worse. SaferAI CEO Simeon Campos told Euractiv, “The reason we don’t see large-scale AI harms is that AI systems don’t yet have high enough capabilities to cause such harms, not that companies do proper risk management.”. As technology advances at an “astonishing rate,” there is an “urgent need for robust risk management practices in the AI industry,” he added. – Top AI companies suffer from poor AI risk management, says French non-profit – Euractiv
(Alexandra Kelley – NextGov – 3 October 2024) The White House Office of Management and Budget’s new artificial intelligence procurement guidance, released Thursday, looks to bring a culture of risk management to the federal government’s AI and machine learning software buying. In accordance with OMB’s previous directive on AI acquisition, which focuses on standardizing agency usage of AI tools, the new OMB procurement guidance provides requirements and guidance for federal agencies to help usher in “meaningful cross-functional and interagency collaboration to reflect new AI responsibilities, managing AI risk and performance, and promoting a competitive AI market with innovative acquisition.” – OMB releases AI procurement guidelines – Nextgov/FCW
(Melanie A. Zaber – RAND Corporation – 1 October 2024) Imagine dedicating years to honing your craft, only to find that your expertise might be used—without your consent—to train your potential replacement. That was a concern raised by leaders from the Writers Guild of America when it went on strike over artificial intelligence (AI) and compensation issues for almost 150 days in 2023. The union objected to AI models being trained on their creative content and the potential for AI usage to distort authorship, compensation, and credit. They viewed AI as theft, plain and simple. – The AI Playbook: What Other Sectors Can Learn from the Creative Industry’s Fight Against AI | RAND
Geostrategies
(Axel Thévenet – The Parliament – 3 October 2024) In an era where digital prowess equals global influence, the EU finds itself at a critical juncture. The nomination of Henna Virkkunen as the European Commission’s Executive Vice-President for Tech Sovereignty, Security and Democracy signals a recognition of the urgent need to bolster Europe’s technological independence. However, this laudable step merely scratches the surface of a profound challenge that demands far more ambitious action. The stark reality is that the EU’s digital landscape is shaped largely by entities outside its borders, primarily from the US and China. Tech giants dominate crucial sectors such as cloud computing, artificial intelligence and data infrastructure. Their outsized influence not only undermines the EU’s competitive edge, but also jeopardises its ability to safeguard data privacy and maintain sovereignty over its most fundamental digital services. – Op-ed: How can the EU achieve greater digital sovereignty? (theparliamentmagazine.eu)
(Nathan Beauchamp-Mustafaga, Kieran Green, William Marcellino, Sale Lilly, Jackson Smith – RAND Corporation – 1 October 2024) The Chinese Communist Party (CCP) was initially concerned about the rise of social media, considering it a threat to the regime. The CCP has since come to embrace social media as a way to influence domestic and foreign public opinion in the CCP’s favor. Even as Beijing blocks foreign social media platforms, such as Facebook and Twitter (now X), from operating in China, it actively seeks to leverage these and other platforms for both overt propaganda and covert cyber-enabled influence operations abroad. While the results have been limited so far, the advent of generative artificial intelligence (AI) could dramatically improve China’s capabilities moving forward, posing a greater threat to global democracies. – Dr. Li Bicheng, or How China Learned to Stop Worrying and Love Social Media Manipulation: Insights Into Chinese Use of Generative AI and Social Bots from the Career of a PLA Researcher | RAND
Security
(Associated Press/SecurityWeek – 3 October 2024) A cyberattack that broke into a police account and accessed work-related contact details of all Dutch police officers was almost certainly carried out by hackers working for a foreign government, the justice minister told lawmakers. Dutch intelligence agencies “consider it highly likely that a state actor is responsible,” Justice and Security Minister David van Weel wrote in a letter to lawmakers on Wednesday night about the breach, which was first revealed last Friday. – Dutch Government Blames a ‘State Actor’ for Hacking a Police Network – SecurityWeek
(Alessandro Mascellino – Infosecurity Magazine – 3 October 2024) A newly identified China-aligned threat group named CeranaKeeper has been found targeting governmental institutions in Thailand. This group, discovered by ESET researchers and active since early 2022, leverages an evolving toolset to exfiltrate sensitive data by abusing legitimate cloud services such as Dropbox, OneDrive and GitHub. – CeranaKeeper Emerges as New Threat to Thai Government Networks – Infosecurity Magazine (infosecurity-magazine.com)
(Eduard Kovacs – SecurityWeek – 3 October 2024) A cybersecurity researcher claims to have discovered potentially serious vulnerabilities in several e-filing and record management systems used by government organizations in the United States. The researcher, Jason Parker, has been responsibly disclosing his findings to the impacted organizations and software vendors for the past year, and he is now making public details on the various vulnerabilities he discovered. The security holes exposed court records and other types of information. The products in which he found vulnerabilities are used in Georgia, Florida, Ohio, Arizona, South Carolina, and other states. – Court Data Exposed by Vulnerabilities in Software Used by US Government: Researcher – SecurityWeek
(Associated Press/SecurityWeek – 3 October 2024) Nearly a month out from Election Day, the head of the nation’s cybersecurity agency is forcefully reassuring Americans who have been swept into the chaotic churn of election disinformation and distrust that they will be able to feel confident in the outcome. State and local election officials have made so much progress in securing voting, ballot-counting and other election infrastructure that the system is more robust than it has ever been, said Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency. As a result, she said, there is no way Russia, Iran or any other foreign adversary will be able to alter the results. “Malicious actors, even if they tried, could not have an impact at scale such that there would be a material effect on the outcome of the election,” Easterly told The Associated Press in an interview Wednesday. – Cybersecurity Head Says There’s No Chance a Foreign Adversary Can Change US Election Results – SecurityWeek
(Beth Maundrill – Infosecurity Magazine – 3 October 2024) Many security leaders are struggling to keep pace with the expanding attack surface, despite cybersecurity budgets increasing, Red Canary’s 2024 Security Operations Trends Report has found. Among survey respondents from the US, UK, Australia and the Nordics across a cross-section of organizations, 63% of security leaders said they had an increase in their budget in the past 12 months, but only 37% felt it was enough to ensure the business is secure. – Cybersecurity Spending on the Rise, But Security Leaders Still Feel Vu – Infosecurity Magazine (infosecurity-magazine.com)
(James Coker – Infosecurity Magazine – 3 October 2024) The Police Service of Northern Ireland (PSNI) has been criticized for procedural failings that exposed the personal data of its officers and other staff. Meanwhile, a fine of £750,000 ($984,000) has been issued by the Information Commissioner’s Office (ICO). The data protection watchdog highlighted the significant harm and distress caused to personnel by the incident, including fears around officers’ safety. – Northern Ireland Police Data Leak Sees Service Fined by ICO – Infosecurity Magazine (infosecurity-magazine.com)
(Phil Muncaster – Infosecurity Magazine – 3 October 2024) Security researchers have warned of a new wave of investment scams attempting to cash in on public awareness of the presidential debate last month. Netcraft said it found 24 such domains related to the debate, including 14 phishing sites using the word “debate” in their domain, such as “debatetrump[.]io,” and “tesladebate[.]com.” – Crypto-Doubling Scams Surge Following Presidential Debate – Infosecurity Magazine (infosecurity-magazine.com)
(James Coker – Infosecurity Magazine – 3 October 2024) Email phishing attacks rose by 28% in Q2 2024 compared to Q1, with attackers deploying effective ways to overcome defenses, according to a new Egress report. One prevalent tactic used by attackers was sending phishing emails from familiar accounts to bypass authentication protocols. – Email Phishing Attacks Surge as Attackers Bypass Security Controls – Infosecurity Magazine (infosecurity-magazine.com)
(David DiMolfetta – NextGov – 3 October 2024) Microsoft’s digital crimes team and the Justice Department seized some 100 website domains belonging to a Russia-backed hacking gang that’s built a reputation targeting civil society organizations around the world. A civil action unsealed Thursday afternoon authorized the tech giant’s Digital Crimes Unit to take down some 66 websites belonging to the group, dubbed Star Blizzard. Another 41 websites used by the group were seized by the Justice Department, according to a statement issued by Microsoft. – DOJ, Microsoft disrupt Russian hackers targeting civil society orgs – Nextgov/FCW
(Phil Muncaster – Infosecurity Magazine – 3 October 2024) An infamous financially motivated threat group is luring victims to a network of malware-baited sites, promising downloads of deepfake tools, according to a new report from Silent Push. The security vendor claimed that the Russia-based FIN7, which has been linked to multiple ransomware groups, is hosting the malicious sites on multiple domains under the aiNude[.]ai “brand.” – FIN7 Gang Hides Malware in AI “Deepnude” Sites – Infosecurity Magazine (infosecurity-magazine.com)
Defense, Intelligence, and War
(Wesley Wark – Centre for International Governance Innovation – 3 October 2024) The first drone wars in history. The current conflicts in Ukraine and the Middle East are vying for the title. Both wars have seen devastating initial use of drones, great proliferation and experimentation, and an extraordinary technological pace of change. When new weapons of war come along, they are usually attended with confident predictions about their impact on the future. Twenty years after the introduction of the machine gun (the “Gatling gun”) during the American Civil War, its inventor, Dr. R. J. Gatling, wrote: “It requires no gift of prophecy to predict that machine guns are destined to play an important part in future wars. They hold the same relation to other arms that the railway bears to the stage-coach, the reaper to the sickle, the sewing machine to the needle.” – Drone Technology Is Transforming Warfare in Real Time – Centre for International Governance Innovation (cigionline.org)
(J. Michael Dahm, P.W. Singer – Defense One – 3 October 2024) The purported sinking of a Chinese nuclear submarine at a Wuhan shipyard pier is the latest example of Western reporting on military developments in China that overlooks important details and context, or even takes the wrong lessons from the fragments of stories they tell. The incident, which took place in June, drew some mention the following month on social media and even in the defense press, but it went viral after a Sept. 26 report in the Wall Street Journal touched off coverage from Fox News to CBS. What apparently lit up the U.S. media landscape were the assertions, attributed to unnamed U.S. defense officials, that the submarine was nuclear-powered. Many of the subsequent reports suggested that the incident revealed safety concerns about a new class of PLA Navy nuclear submarine and a serious setback for China’s military modernization. – What reports got wrong about China’s ‘sunken nuclear submarine’ – Defense One
(Audrey Decker – Defense One – 3 October 2024) Until recent decades, the National Reconnaissance Office wouldn’t acknowledge even one satellite it had in space. Now, the intelligence agency is speaking publicly about launching dozens in the past year and a half. “From last June to December of this year, we’ll have probably launched 100 satellites. So we are going from the demo phase to the operational phase, where we’re really going to be able to start testing all of this stuff out in a more operational way,” Christopher Scolese, director of the NRO, said today at an event hosted by the Center for Strategic & International Studies. Some of those 100 belong to a new network of satellites that will collect information for the Pentagon and intelligence community. The agency’s first batch of operational satellites in this constellation launched in May, and the agency has since launched two more batches. But officials haven’t disclosed the number of satellites in those first launches or how many the constellation will have in total. – ‘You can’t hide’: Spy agency will have 100 new sats on orbit by years-end – Defense One
(Elisabeth Gosselin-Malo – Defense News – 3 October 2024) The French Navy has ordered an autonomous underwater vehicle from Exail that will surveil critical infrastructure at depths of up to 6,000 meters, the company announced. The architecture of the new drone will be based on the firm’s Ulyx, a vehicle co-developed with Ifremer, the national institute for ocean science and technology. The platform will primarily be used to carry out reconnaissance operations across the seabed, covering sensitive infrastructure like submarine cables, many of which lie at a depth of 6,000 meters. – French Navy orders underwater drones for deep-sea surveillance (defensenews.com)
(Carley Welch – Breaking Defense – 3 October 2024) The Department of Defense is turning to industry for low-cost, one-way long-range unmanned aerial systems that can operate in “disrupted, disconnected, intermittent, low-bandwidth” (DDIL) environments, according to a recent Defense Innovation Unit solicitation. The solicitation stated that such inexpensive drones have had an “asymmetric impact” in modern battlefield settings, presumably in Ukraine’s ongoing fight against Russia and the escalating tensions in the Middle East. The US also approved the sale of hundreds of similar air vehicles to Taiwan earlier this year. – Pentagon on the hunt for cheap, one-way drones – Breaking Defense
(Nathan Eddy – Dark Reading – 3 October 2024) As the kinetic war between Russia and Ukraine persists, a parallel battle is being waged in cyberspace, where hackers are targeting critical infrastructure, government entities, and individual service personnel. The cyber campaigns focus on espionage, disruption, and social engineering to weaken Ukrainian defenses and sow discord, with efforts to compromise personal data and infiltrate secure communication channels like Signal and Telegram. Russian-aligned cyber actors, including advanced persistent threat (APT) groups like Gamaredon, have intensified their attacks since Russia’s 2022 invasion of Ukraine. – Ukraine-Russia Cyber Battles Have Real-World Impact (darkreading.com)
(Keirin Joyce – ASPI The Strategist – 3 October 2024) The Australian Defence Force is on the brink of a transformative shift in its airborne intelligence, surveillance and reconnaissance (ISR) capabilities with the imminent introduction into service of the MQ-4C Triton, an unarmed, high-altitude and long-endurance uncrewed aerial system (UAS). Use of the Triton will bring far more capability than is generally appreciated, even by close observers of defence policy. – Triton: transforming Australia’s Airborne ISR capabilities | The Strategist (aspistrategist.org.au)