Part II of the Center for Security and Emerging Technologies (CSET) series is available which “examines how AI/ML technologies may shape future disinformation campaigns and offers recommendations for how to mitigate them.” We offered an analysis of Part I of the series (CSET Introduces a “Disinformation Kill Chain”) earlier this month. Disinformation is not new, of course, but the scale and severity seem to have reached a zenith, broadsiding contemporary politics, public health policy, and many other domains. You name it, disinformation is in the mix scrambling truth and reality.
Climate change and the insecurity it stimulates have the potential to amplify existing conflicts, trigger conflicts over scarce resources, and trigger forced migration (refugees and internally displaced persons or IDPs) now and in the future. Climate conflicts converge with transnational criminal activity (cartels and gangs) and exacerbate violence against persons in fragile communities. These convergences have reduced the availability of areas that are safe for displaced persons, increased resource stresses, displaced additional populations, and made it harder for migrants to seek refuge in countries like the United States or nations in Europe. In this climate security context, what is intelligence and what is humanitarian intelligence?
In December 2021, Iran’s Ambassador to the United Nations issued a formal statement rejecting Iran’s use of force in cyberspace. In the statement, the Ambassador acknowledged Iran’s victimization by cyber-attacks, underscoring the 2010 Stuxnet attack that directly impacted a key infrastructure by disrupting its nuclear enrichment process. A key component in this address was Iran’s assertion of a series of principles including the rights of state sovereignty in cyberspace, rejection of states using the digital domain to interfere in the internal affairs of other states, and codifying and implementing a legally-binding measure for responsible state behavior in cyberspace.
In response to the SolarWinds Orion and Hafnium Microsoft Exchange breaches, the U.S. Senate Committee on Armed Services, Subcommittee on Cyber, held a hearing on April 14th. Entitled “Future Cybersecurity Architectures”. The specific breaches were actually only the context for a larger conversation about (and a general update on) DoD implementation of the recently approved DoD Zero Trust Architecture Framework. We take a look at this use case through the prism of “extreme sampling” and our neverending search for bleeding-edge cybersecurity architectures.
Is Taiwan’s Five-year Quantum Computing and Talent Initiative the Wrong Strategy for the Island Nation?
Ukraine may be the Gray-zone in the headlines right now, but Taiwan is the more significant strategic hybrid warfare battlefield, in no small part due to its global leadership in semiconductor manufacturing. Considering the hype cycle around all things Quantum, you would think it would be positive, sound strategic news that Taiwanese leaders recently announced a strategic initiative focused on quantum computing. Here are the basics of the Taiwan Quantum Initiative with our analysis of why quantum is the wrong direction strategically for the island nation.
The Commissioner on the Information Disorder Final Report opens by clearly sounding an alarm: “Information disorder is a crisis that exacerbates all other crises. When bad information becomes as prevalent, persuasive, and persistent as good information, it creates a chain reaction of harm.” We take a look at Commission on Information Disorder Final Report. What sets this research apart? In our final analysis, of the many formative efforts to research and provide solutions to the misinformation crisis, this report is the seminal document to date for how best to frame this issue.
CISA Apache Log4j Vulnerability Guidance Webpage Up and Running with Mitigation Guidance from JCDC Partners
Relative to other cyber incidents in the last few months, Log4j is proving severely problematic. If you are in the middle of your impact and mitigation assessment, hands down the most important resource available is the webpage CISA launched yesterday to address the current Log4j activity. Per OODA CEO Matt Devost: “This is a great page and we should highlight that it exists for OODA Loop members. CISA has done a great job here.” Log4j is also the first US-CERT notification to put front and center private sector collaboration through the newly formed DHS CISA Joint Cyber Defense Collaborative (JCDC).
When in the Gray Zone with Vladamir Putin in Ukraine, DoD and IC Hybrid Warfare Innovation Will Prove Vital
While Europe and Russia may appear to be on the brink of conventional warfare breaking out, we are really in a gray zone of Putin’s design. If you are tracking the events in Europe with an eye towards your organization’s geopolitical risk in the region (impact on strategic partnerships, employee safety, etc), the following post provides the most up to date prism through which you should be looking at the developments between NATO and Russia: Hybrid Warfare, aka Gray-zone tactics and conflict.
A Call to Action from CISA’s Jen Easterly and Def Con’s Jeff Moss at Inaugural CISA Advisory Committee Mtg.
In the first meeting of the Cybersecurity and Infrastructure Security Agency’s (CISA) new Cybersecurity Advisory Committee, CISA Director Jen Easterly made clear to the committee members their working model would be action-based, not the usual passive mode assumed by an advisory body, telling the group: “I welcome this group creating action. This is really just not about being a talking club. This is about leveraging your expertise, your perspective, to make the nation safer.” Advisory Committee Member, Def Con Founder Jeff Moss, also offered his perspective on how best to engage the hacker community.
When you hear about the commercialization of space, it is not only the efforts of Blue Origin, Virgin Galactic, or Elon Musk’s SpaceX to provide civilian space flights. If DARPA has anything to do with it, there will also be the “development and future realization of biomanufacturing capabilities in space.” The timeline for a private sector role in the commercialization of these biotechnology capabilities is unclear, but DARPA has begun to explore the possibilities the DARPA way.