Extract from the speech by the President of Czechia, Petr Pavel (United Nations General Assembly 2024, 25 September 2024): (…) With progressing digital transformation and our increasing reliance on advanced technology, the gravity and scale of cyber threats are increasing; and respect no borders. Cyber espionage and attacks against our hospitals, media, infrastructure, national institutions and businesses aim to destabilise our democratic systems and undermine its principles. Just as offline, we cannot allow the cyberspace to become a lawless criminal world. The agreed framework of responsible behaviour of states in cyberspace should guide us in our effort to strive for a safer online world. The security of cyberspace will depend on the capacities and effort of all responsible states to enhance their own cyber-capabilities. (…) Foreign interference and disinformation continue to present a challenge with a serious impact on democracy, security and the rules-based international order. With rapid development of new technologies, protection and promotion of human rights continue to be vital for our societies. Emerging technologies will have an undisputable influence on the nature of our future conflicts, but also in peace. It is our duty to ensure that innovations – including artificial intelligence, autonomous systems, biotech and quantum computing – fully conform to our ethical and human rights standards. (…) – full statement: Czechia | General Debate (un.org)
TOP OF THE DAY – In the web: How the EU can untangle global technology governance
(Giorgos Verdi – European Council on Foreign Relations – 24 September 2024) Fierce geopolitical competition between the United States and China is fragmenting global technology governance and leaving the global south with little to no say. To counter this trend, the United Nations aims to rekindle support for multilateral technology governance: on the 22 September, the UN adopted the Global Digital Compact which lays out several fundamental principles and recommendations to create an “inclusive, open, sustainable, fair, safe and secure digital future for all”. However, its success will largely depend on countries’ follow-up actions, making it vulnerable amid great and middle power competition. The European Union should therefore dedicate resources to ensure that key UN recommendations materialise. This would adhere to the EU’s values of multilateralism, global standards, and open technologies, as well as help prevent further technological fragmentation which would diminish the EU’s regulatory power and innovation capacity. – In the web: How the EU can untangle global technology governance | ECFR
Governance
(Anthony Ilukwe – Centre for International Governance Innovation – 25 September 2024) In an era marked by increasing skepticism and mistrust in public institutions, innovative solutions to restore faith in government have never been more needed. As trust continues to erode, particularly concerning critical issues such as health care, immigration, climate change and the broader economy, a powerful yet underexplored tool emerges: artificial intelligence (AI). – To Help Rebuild Public Trust in Government, Harness AI – Centre for International Governance Innovation (cigionline.org)
(Catherine Sharkey – Lawfare – 25 September 2024) As both government and private parties seek ways to prevent or mitigate harms arising from artificial intelligence (AI), few approaches hold as much promise as products liability. By concentrating on defects in AI products themselves—rather than on the often-opaque practices of AI developers—products liability can encourage safer design from the outset. It can do so by holding manufacturers liable for avoidable harm, thereby compelling them to prioritize the development of demonstrably safer products. – Products Liability for Artificial Intelligence | Lawfare (lawfaremedia.org)
(Eliza Gkritsi, Jacob Wulff Wold – Euractiv – 25 September 2024) The European Commission said on Wednesday (25 September) that 115 organisation signed its artificial intelligence (AI) Pact, voluntary commitments that pave the way for compliance with the AI Act, but according to Euractiv’s reporting, its significance has waned. Though it has been one year in the making, in the past month interest in signing the AI Pact has increased, after the commitments were loosened. However, its future is uncertain following Commissioner for Internal Market Thierry Breton’s resignation. –Commission collects over 100 AI Pact signatures, but future remains uncertain – Euractiv
(Euractiv – 25 September 2024) The last European Parliament mandate introduced the first-ever legal framework on artificial intelligence through the AI Act. This act addresses the risks associated with AI and positions Europe to play a leading role globally. In line with this, the development of the new European AI Office ahead of the new mandate will centralise AI expertise across the EU and play a key role in implementing the AI Act. – Tech and the new mandate – What are the opportunities and challenges? – Euractiv
(Carme Artigas, James Manyika – Project Syndicate/ASPI The Strategist – 25 September 2024) Like the steam engine and electricity, artificial intelligence is a transformative, foundational technology. If developed to its full potential, AI can create opportunities for people around the world, enable businesses, power economic growth, advance science and help humanity make significant strides toward achieving the United Nations Sustainable Development Goals (SDGs). – Unlocking AI’s potential for all through global collaboration | The Strategist (aspistrategist.org.au)
(Miah Hammond-Errey – Lowy The Inpterpreter – 25 September 2024) Australia has form for bold regulation. (…) Now the government wants to enforce a minimum age for using social media. Despite an alter ego as the “nanny state” for Covid responses and lockout laws, Australia has a real opportunity to turn interest in limiting social media access into a coherent and innovative solution to online harms. – Byte-sized diplomacy: On social media for young people, Australia needs to aim higher | Lowy Institute
(Ron De Jesus – The Parliament – 24 September 2024) The EU’s efforts to regulate AI have put the bloc at the forefront of shaping the future of the technology. It has also put new burdens on company CPOs everywhere. – Op-ed: How the EU’s new AI Act is reshaping the role of chief privacy officers (theparliamentmagazine.eu)
(Klaus Schwab – World Economic Forum – 24 September 2024) Rapid advancements in artificial intelligence, quantum computing and blockchain have propelled us into the Intelligent Age. If managed cooperatively and mindfully, this revolution can enhance human potential. Social, geopolitical, technological and environmental intelligence will be fundamental to success in the Intelligent Age. – The Intelligent Age: A time for cooperation | World Economic Forum (weforum.org)
(Kyle Wiggers, Cody Corrall, Alyssa Stringer – TechCrunch – 24 September 2024) ChatGPT, OpenAI’s text-generating AI chatbot, has taken the world by storm since its launch in November 2022. What started as a tool to hyper-charge productivity through writing essays and code with short text prompts has evolved into a behemoth used by more than 92% of Fortune 500 companies. – ChatGPT: Everything you need to know about the AI chatbot (techcrunch.com)
Geostrategies
(Jocelinn Kang, Jessie Jacob – ASPI The Strategist – 25 September 2024) Australia has an opportunity to strengthen its position as a regional digital hub in the Indo-Pacific, as the submarine cable industry undergoes a transformation. Capitalising on this chance will take strategic focus and decisive action. The rise of United States-based hyperscalers—Google, Meta, Microsoft, and Amazon—alongside intensifying geopolitical tensions, particularly between the US and China, is reshaping the global digital landscape. – Australia should seize the chance to be an undersea cable hub for the region | The Strategist (aspistrategist.org.au)
(Sunny Cheung – The Jamestown Foundation – 24 September 2024) The People’s Republic of China (PRC) has announced breakthroughs in semiconductor manufacturing, specifically in Deep Ultraviolet (DUV) lithography, as part of its effort to achieve technological self-sufficiency amid US sanctions. The DUV machines showcased by the Ministry of Industry and Information Technology (MIIT) still lag significantly behind global leaders like ASML, especially in terms of overlay precision and the ability to produce advanced chips. Practical challenges persist in the PRC’s adoption and refining of DUV and Extreme Ultraviolet (EUV) lithography at scale. Low yield rates and high production costs due to having to rely on technological workarounds remain an obstacle. – MIIT Overhypes Lithography Breakthrough – Jamestown
Security
(Alessandro Mascellino – Infosecurity Magazine – 26 September 2024) 82% of all phishing sites now target mobile devices. The figure comes from Zimperium’s 2024 zLabs Global Mobile Threat Report, which also shows that 76% of these sites use HTTPS, tricking users into thinking the sites are secure. Additionally, the report reveals a sharp increase in unique malware samples, which surged 13% year-on-year, with riskware and trojans accounting for 80% of the threats. Healthcare remains the most affected industry, with 39% of mobile threats stemming from phishing attacks. – 82% of Phishing Sites Now Target Mobile Devices – Infosecurity Magazine (infosecurity-magazine.com)
(Alexandra Kelley – NextGov – 25 September 2024): The Federal Trade Commission announced new enforcement actions brought against five artificial intelligence companies Wednesday, part of a new initiative within the agency targeting deceptive conduct in the AI and machine learning industry. As part of Operation AI Comply, the FTC actions were brought against five companies claiming to employ AI services in their products or operations: DoNotPay; Ascend Ecom; Ecommerce Empire Builders; Rytr; and FBA Machine. – FTC takes action against 5 AI companies under new initiative – Nextgov/FCW
(Shelly Bruce, John Bruce, Kailee Hilt, Aaron Shull – Centre for International Governance Innovation – 25 September 2024) Some of Canada’s top cybersecurity experts attended the second annual Waterloo Security Dialogue in June 2024 to share their cybersecurity concerns for the country and develop solutions to these growing threats. Hosted by the Centre for International Governance Innovation, the event brought together a diverse group of stakeholders from all sectors, including government, business and civil society. This special report recommends that building Canada’s cybersecurity resilience will require enhanced cooperation both within and across jurisdictions to help mitigate cyber risks, reduce the number and severity of cybersecurity incidents, and speed recovery. From elementary schoolchildren to the workforce, Canadians of all ages need to be prepared for and protected against cybersecurity threats by a strong local and national framework. – Building a Cyber-Resilient Canada: Highlights from the Waterloo Security Dialogue 2024 – Centre for International Governance Innovation (cigionline.org)
(Ionut Arghire – SecurityWeek – 25 September 2024) Google has brought its AI assistant Gemini to millions of Workspace users worldwide, but indirect prompt injection flaws could enable phishing and chatbot takeover attacks, HiddenLayer says. Indirect injections rely on delivering the prompt injection through channels such as documents, emails, and other assets the LLM has access to, with the purpose of taking over the chatbot or language model. – AI Security Firm Shows How Threat Actors Could Abuse Google Gemini for Workspace – SecurityWeek
(Ionut Arghire – SecurityWeek – 25 September 2024) A threat actor likely operating out of India is relying on various cloud services to conduct cyberattacks against energy, defense, government, telecommunication, and technology entities in Pakistan, Cloudflare reports. Tracked as SloppyLemming, the group’s operations align with Outrider Tiger, a threat actor that CrowdStrike previously linked to India, and which is known for the use of adversary emulation frameworks such as Sliver and Cobalt Strike in its attacks. – India-Linked Hackers Targeting Pakistani Government, Law Enforcement – SecurityWeek
(Phil Muncaster – Infosecurity Magazine – 25 September 2024) Security experts have repeated warnings not to use work email addresses to sign-up to third-party sites, after finding that thousands of US Congress staffers could be exposed to account hijacking and phishing. Secure mail provider Proton teamed up with Constella Intelligence to search on the dark web for over 16,000 publicly available email addresses associated with congressional staff. – Thousands of US Congress Emails Exposed to Takeover – Infosecurity Magazine (infosecurity-magazine.com)
(Associated Press/SecurityWeek – 25 September 2024) Swedish authorities accused Iran on Tuesday of being responsible for thousands of text messages sent to people in Sweden calling for revenge over the burnings of Islam’s holy book in 2023. Iran denied the accusation. According to officials in Stockholm, the cyberattack was carried out by Iran’s paramilitary Revolutionary Guard, which hacked an SMS service and sent “some 15,000 text messages in Swedish” over the string of public burnings of the Quran that took place over several months in Sweden during the summer of 2023. – Iran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden Says – SecurityWeek
(Eduard Kovacs – SecurityWeek – 25 September 2024) A researcher says a US healthcare facility has failed to address a serious vulnerability that has been making it possible for threat actors to hack the doors of one of its buildings for at least the past year. The healthcare organization, on the other hand, has denied the findings. The research was conducted by Shawn Merdinger, who in 2010, at the DEFCON conference, showed how S2 Security door access controllers used by hospitals, schools, fire stations, businesses and other entities could be hacked. A decade later, Merdinger was jailed after sending threatening emails to people at several universities during a mental health crisis. – Researcher Says Healthcare Facility’s Doors Hackable for Over a Year – SecurityWeek
(Mia Lavada- Infosecurity Magazine – 25 September 2024) With the progressive shift toward a digitally dominated business landscape, cloud computing has become an inevitable part of contemporary enterprises. Though this movement offers countless benefits such as business scalability and cost optimization, it also presents a security risk often overlooked — the vulnerability of unhardened operating systems (OS). Cloud service providers (CSPs) ensure broad security measures at the infrastructure level. However, optimizing security at the OS level — which includes system configuration, patch management, and access controls — explicitly falls under customer purview. This introspects into what is known as the Cloud Shared Responsibility Model. – Securing Windows and Linux Operating Systems with CIS Hardened Images – Infosecurity Magazine (infosecurity-magazine.com)
Defense, Intelligence, and War
(Lauren C. Williams – Defense One – 25 September 2024) A collaborative, AI-powered effort to hunt enemy submarines shows that AUKUS is working, U.S. defense officials said ahead of a meeting of the U.S., UK, and Australian defense chiefs. “It’s a change in how we do things and how we’re doing it with allies and partners,” a defense official said Tuesday at the Pentagon. – Officials tout AI-powered sub-hunting as AUKUS defense chiefs converge – Defense One
(Mike Gruss – Defense One – 25 September 2024) The Pentagon has long been closed-mouthed about a family of U.S. spy satellites that since 2014 have kept an eye on foreign spacecraft in geosynchronous orbits. That hasn’t stopped Chinese satellites from dodging them. U.S. officials declassified the Geosynchronous Space Situational Awareness Program a decade ago to show that they had eyes on high-Earth orbit, but they have rarely discussed the the six GSSAP satellites themselves, and they do not publish the standard location data meant to reduce collisions. Now, a new paper from the U.S. Air Force’s China Aerospace Studies Institute explores what the Chinese know about GSSAP—and what they’re doing about it. –China’s satellites are dodging US eyes in space – Defense One
Legislation
(Alessandro Mascellino – Infosecurity Magazine – 25 September 2024) The US House Homeland Security Committee Republicans has unveiled a new bill aimed at addressing the growing cyber threats posed by state-sponsored Chinese actors targeting US critical infrastructure. The legislation, introduced by Representative Laurel Lee (R-FL) on September 24, established an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI. The task force will focus on countering malicious cyber activity from the Chinese Communist Party (CCP), including advanced persistent threats (APTs) like Volt Typhoon. – US House Bill Addresses Growing Threat of Chinese Cyber Actors – Infosecurity Magazine (infosecurity-magazine.com)
(Reece Iriye – Stimson Center – 24 September 2024) How can collective values and shared norms be leveraged in the cyber domain? One of the most influential data protection agreements in existence, with an impact beyond its regional jurisdiction, might hold some answers. This chapter explores how the European Union’s General Data Protection Regulation or GDPR leveraged a bedrock of shared cultural ideas around data in order to achieve a ripple effect globally. It offers an understanding of how norms become standards of behavior, and that formal legislation can be most meaningful if it relies on existing social and institutional norms. –The European Union General Data Protection Regulation • Stimson Center