TOP OF THE DAY

NATO’s strategy for digital transformation

(NATO – 22 October 2024) The rapid evolution of digital technologies has profoundly transformed our societies, our economies, and is having a significant impact on modern warfare. NATO’s Digital Transformation Implementation Strategy will help address the need for technological and cultural transformation, leveraging data and artificial intelligence to drive this digital transformation. – NATO – News: NATO’s strategy for digital transformation , 22-Oct.-2024

The promise and peril of runaway technological advances

(UN News – 21 October 2021) The UN Security Council (…) explored the dual-edged nature of rapid technological advancements – ranging from artificial intelligence to neurotechnology – highlighting both groundbreaking solutions and emerging risks to global peace and security. – The promise and peril of runaway technological advances | UN News

LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks

(Alessandro Mascellino – Infosecurity Magazine – 22 October 2024) Cloud-based cyber-attacks saw a marked increase in 2024, with threat actors adopting new tactics to exploit cloud resources at an unprecedented scale, according to Sysdig Threat Research Team’s (TRT) latest report. Beyond LLMjacking, which was observed by the firm to target large language models (LLMs), attackers in 2024 weaponized open-source tools and escalated their use of automation, causing financial damage and increasing the attack surface for cloud-hosted enterprises. “The stolen enterprise access in the first LLMjacking attack was a local Anthropic Claude 2. x model that could cost victims up to $46,000 per day in consumption costs. These daily costs for the newer Claude 3.5 Opus version could double or triple the daily cost,” Sysdig explained. – LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks – Infosecurity Magazine (infosecurity-magazine.com)

Understanding technology as an ecosystem is the first step to tackling online harms

(Miah Hammond-Errey – Lowy The Interpreter) A controversial law to combat misinformation and disinformation was introduced into the Australian parliament in September and last week saw another round of senate hearings into the proposal. Although there is consensus that combatting mis- and disinformation is good, and that online platforms are curating content and culture in opaque ways, the bill is controversial because there are few supporters of this iteration. Concern about the scope of the proposed law and the definitions of what constitutes serious harm have been raised by an unlikely grouping of opponents, including digital and consumer rights groups, the Human Rights Commissioner, the Opposition and media outlets including News Corp. – Understanding technology as an ecosystem is the first step to tackling online harms | Lowy Institute

 

A Plague on the Horizon: Concerns on the Proliferation of Drone Swarms

(Zachary Kallenborn – Observer Research Foundation) In recent years, a number of states have begun integrating their armed drones into collaborative drone swarms. Although global proliferation can be anticipated, drone swarm proliferation should not be expected to be even or immediate. Some states may race to develop massive, armed drone swarms, while others may never develop sophisticated drone swarm capabilities. This brief explores why some states pursue drone swarms, why others may not, and the different pathways to acquisition. – A Plague on the Horizon: Concerns on the Proliferation of Drone Swarms (orfonline.org)

Asteroid Mining: Should India be paying attention?

(Prateek Tripathi – Observer Research Foundation) On 20 August 2024, California-based Asteroid mining startup AstroForge announced its intention to dock its Vestri probe with a metallic near-Earth asteroid in 2025. The company intends to extract minerals from asteroids, primarily focusing on metals. Although this may seem like an ambitious endeavour, AstroForge is not alone in its attempt to mine asteroids. Other startups and organisations, including NASA, are planning to execute similar missions in the near future. What seemed like a prospect for the distant future may soon become a reality, thanks to the rapid advancements in technologies like Artificial Intelligence (AI). The burning question, then, is whether asteroid mining is economically and technically viable at present and if it would be beneficial for developing economies like India to take notice. – Asteroid Mining: Should India be paying attention? (orfonline.org)

GOVERNANCE

(Adam Mazmanian – NextGov – 22 October 2024) The State Department is one of the early adopters of workplace artificial intelligence, with use cases in place covering translation, media summarization and other aspects of the production of written materials for use in diplomacy. NextGov spoke to Matthew Graviss, who leads data and AI at State, in late August to discuss progress on delivering AI-powered tools to the agency’s 80,000+ workforce. – The AI journey at State – Nextgov/FCW

(Edward Graham – NextGov – 22 October 2024) The Department of Veterans Affairs has been testing out a variety of AI use cases to determine how the tools can enhance veteran care and benefit services. As the department’s Chief Artificial Intelligence Officer and Chief Technology Officer, Charles Worthington said a large part of his work has been helping VA “bridge from where we are now to that future where AI is just kind of a component of most systems.”. Worthington recently spoke with Nextgov/FCW about how the VA is working to onboard new AI-powered capabilities and the department’s focus on making personnel comfortable with using the emerging technologies. – VA’s head of AI sees his role as a ‘bridge’ to future use – Nextgov/FCW

(Liliya Khasanova – Lawfare – 22 October 2024) With approximately 5.4 billion active internet users worldwide as of April 2024, the volume of data produced and processed daily is beyond imagination. Around 42 million WhatsApp messages are shared every minute, 1.4 million video or voice calls are made, and 180 million emails are sent, generating over 1.1 trillion megabytes of data daily. This volume grows exponentially, increasing by 23 per cent annually. Just as oil fueled the industrial age, data now powers increasingly digital economies. The market for big data, valued at $160.3 billion in 2022, is expected to reach $400 billion by the end of 2030, driven by artificial intelligence (AI), machine learning, and data analytics advancements. The recent Microsoft outage serves as a disturbing reminder of society’s dependence on—and the vulnerability of—digital infrastructure. Data is not only the lifeblood of the digital economy but also a key resource for shaping political decisions and tackling global challenges. Over the past decade, global crises, or “shocks,” have surfaced in diverse settings, prompting a range of policy and normative responses. But how do these shocks across different regions and policy fields shape the perception, discussion, and regulation of data privacy and security? An examination of recent significant crises—shocks—in intelligence, health, and military sectors demonstrates that (a) these crises may play a crucial role in advancing data regulation and (b) responses have occurred predominantly at the national and regional levels. This highlights how regional responses can often be more agile and effective in addressing crises and have the potential to drive systemic changes for development on a global scale. – International Shocks and Regional Responses in Data Governance | Lawfare (lawfaremedia.org)

SECURITY

(Justin Sherman – Lawfare – 22 October 2024) On Sept. 23, Politico reported on a newly published paper in which researchers bought geolocation data on officials at the U.S. Securities and Exchange Commission (SEC) and tracked them as they traveled to and from SEC buildings and to the offices of companies under investigation. It was a shocking demonstration of what happens when companies can freely harvest Americans’ geolocation data and sell it for their chosen price. The incident speaks to a larger problem stemming from the unregulated data broker industry: threats to government employees. It holds lessons not just for Congress and for state legislators working on the problem, but also for the federal agencies and constituent workforces impacted by the data broker industry and its collection, aggregation, packaging, inference, and sale of data. In short, politicians should understand how they, their staff, and public servants are threatened by the sale of personal data—and constituent groups should realize that talk of data broker “controls” or “best practices” is designed by companies to distract from the underlying problems and the comprehensive privacy and security solutions. – Data Brokers and Threats to Government Employees | Lawfare (lawfaremedia.org)

(James Coker – Infosecurity Magazine – 22 October 2024) The Securities and Exchange Commission (SEC) has charged four current and former public technology companies with making materially misleading disclosures regarding cybersecurity risks and intrusions relating to the SolarWinds supply chain attack in 2020. Unisys Corp, Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited are each accused of negligently minimizing the impact of the SolarWinds hack in their public disclosures. The SEC has additionally charged Unisys with disclosure controls and procedures violations. – SEC Charges Tech Firms Over Misleading SolarWinds Hack Disclosures – Infosecurity Magazine (infosecurity-magazine.com)

(Alessandro Mascellino – Infosecurity Magazine – 22 October 2024) Nearly 75% of US Senate campaign websites lack Domain-based Message Authentication, Reporting and Conformance (DMARC) protections, leaving them vulnerable to cyber-attacks, a new report by Red Sift has revealed. The study, authored by Sean S. Costigan, PhD, Managing Director of Resilience Strategy at Red Sift, emphasizes the urgent need for campaigns to strengthen cybersecurity, especially with the critical role email communications play in coordinating with voters, donors and staff. – 75% of US Senate Campaign Websites Fail to Implement DMARC – Infosecurity Magazine (infosecurity-magazine.com)

(James Coker – Infosecurity Magazine – 22 October 2024) Meta has announced it is deploying facial recognition technology to detect celeb-bait ad scams and recover compromised accounts. The social media giant is testing the technology on Facebook and Instagram, and hopes the approach will help inform the wider industry’s defenses against online scammers. The firm said it has vetted this use of facial recognition technology through a privacy and risk review process. Meta added that it will maintain discussions with regulators, policymakers and other experts about its investments in this area. – Meta to Fight Celeb-Bait Scams with Facial Recognition – Infosecurity Magazine (infosecurity-magazine.com)

(Beth Maundrill – Infosecurity Magazine – 22 October 2024) Retailers experienced over half a million (569,884) AI-driven attacks per day according to a recent six-month analysis by cybersecurity firm Imperva. These attacks originate from AI tools like ChatGPT, Claude, and Gemini, alongside specialized bots that are designed to scrape websites for LLM training data. The Thales-owned firm observed a range of AI-driven threats, including bots, distributed denial of service (DDoS) attacks, API violations, and business logic abuse. – AI-Powered Attacks Flood Retail Websites – Infosecurity Magazine (infosecurity-magazine.com)