Cyber Scene #80 - Digitization: Making Money Makes the World Go Round
Cyber Scene #80 -
Digitization: Making Money Makes the World Go Round
Even as Americans hope that Congress and the White House will have found a way to manage the debt crisis related to the $31.4 trillion debt-ceiling, impacted by the federal budget, by the time you have read this, cyber will have globally delivered incalculable amounts of money everywhere. This has no ceiling
The Economist delivers a 15 May "Special Reports: Cashless Talk" analysis including 8 articles ("chapters"), the first of which provides an overview underscoring the rising global tide of digitization, which, this readership understands, is cyber-based. In addition to pithy studies of various aspects of this expansion, Sweden is underscored as the #1 country using digitization. The articles discuss "...a new wave of digitisation (sic), driven by the arrival of smartphones and the internet...making possible near-instant, remote payment."
The study goes on to compare "now" with the "old order"--even, in China, "...having to buy video game points in-person." But there are huge implications when it comes to money and state:
"Some governments may be using digital finance to help police their own people. The West may find that the spread of digital-payment platforms means it loses some financial clout. Frictionless movement of money may make for greater efficiency, but it could foster financial instability by making it easier for customers to withdraw bank deposits, a lesson seen in the failure of Silicon Valley Bank, which was preceded by a bank run."
Traditional banking is taking a hit except for bank card/credit card usage due to acceptable interest rates. The article summarizes that digital finance and new payments platforms have led to: "First, the debate in richer countries over whether crypto or fintech firms will end the reign of banks and card networks has been all but settled. Crypto has shed its go-getting reputation and is struggling to demonstrate its usefulness. Whizzy fintechs will doubtless keep growing."
A small group of Economist journalists recently interviewed an incomparably wise man turning 100 this week on the subject of current events and history.
Henry Kissinger spent 8 hours in discussion, published on 17 May 2023, talking with the journalists about how to avoid World War III.He singled out AI and the nature of alliances he views as two issues that are colliding: "...he fears that AI is about to supercharge the Sino-American rivalry."
His recent book on AI was released in November 2022 and he mentions writing more. He also adds that the rapid progress of AI particularly leaves the U.S. and China only 5-10 years to create a solution. On related NATO issues, Kissinger is a proponent for Ukraine's accession to NATO; he believes it would be good for both Ukraine and Russia as well as NATO. "If the war ends like it probably will, with Russia losing many of its gains, but retaining Sevastopol, we may have a dissatisfied Russia, but also a dissatisfied Ukraine--in other words, a balance of dissatisfaction. So, for the safety of Europe, it is better to have Ukraine in NATO, where it cannot make national decisions on territorial claims."
Back inside the D.C. Beltway, Defense One delivers three items of cyber interest. On 15 May, Lauren C. Williams reports the AI-themed testimony by Defense Intelligence Agency (DIA) Director Lt. Gen. Scott Berrier, who had testified before the Senate Select Committee on Intelligence (SSCI) on 8 March 2023 and on 15 May 2023 during an Intelligence and National Security Alliance (INSA) event. Regarding AI, he stated "It definitely can make us better, fast, stronger. We have to go carefully." He goes on to say that while it can do much good, it can't determine intent. The Department of Defense (DoD) is expanding how it uses AI to improve the detection of intrusions on DoD networks. This is directed by the Defense Information Systems Agency (DISA) which has this mandate. The TechnetCyber Conference sponsored by Armed Forces Communications and Electronics Association (AFCEA) was the venue for these discussions. DISA's senior tech strategist Eric Mellot notes that the objective is "...to figure out ways in which we can leverage technology to do autonomous continuous validation...being able to bring in artificial intelligence to be able to think like a hacker." DoD red teams have been working on this. The article also cites ChapGPT as an example of how fast technology is moving, and why DOD needs to continue picking up the pace.
As a follow-up, Defense One's Lauren C. Williams reports on 17 May on the testimony before the Senate Appropriations Committee (SAC) the day before by Secretary of State Antony Blinken, accompanied by Secretary of Defense Austin on the subject of cybersecurity. Secretary Blinken is asking for $750 million in 2024 for cybersecurity to improve networks and communications devices. These improvements particularly focus on both cyber and physical security, upgrades, zero trust architecture, and critical elements in Indo-Pacific missions related to countering China's growing influence.
The New York Times' David E. Sanger also reported on President Biden's concern about World War III, Ukraine in NATO, and Putin's cyber capabilities. While Sanger cites the framework of a White House change of mind regarding the deployment of F-16's to Ukraine, the backstory includes US officials worried that Putin's losses might corner him: "That would leave him with only two viable options: using his formidable cyberweapons to cripple infrastructure, or threatening to use his nuclear arsenal, in hopes of freezing Western aid to Ukraine."
Sanger notes that Putin, to date, "...has been cautious with his cyber-capabilities: He has used them extensively against targets in Ukraine, American and British officials say, but has been reluctant to attack NATO nations and risk bringing them directly into the conflict. And after China's leader, Xi Jinping, explicitly warned late last year against threatening the use of nuclear weapons, Mr. Putin has quieted down."
But that could change, particularly with a trigger. Moreover, "Russian officials have specifically warned against giving Ukraine ATACMS, a long-range precision missile system made by Lockheed Martin" within range of Crimea. And the nuclear option still seems to be on the table.
One concern that has been curtailed, at least for now, is "Russia's Most Ingenious Hacker Group," according to Andy Greenberg from Wired on 20 May. In Wired's polling of cybersecurity experts across Western countries, the worst-ever award would go too Russian FSB's Turla, also known as Venomous Bear and Waterbug, that, per Greenberg, infected computers in over 50 countries with "snake" malware. The FBI, Cybersecurity and Infrastructure Security Agency (CISA) and Department of Justice (DOJ) confirmed the reporting of German journalists who revealed this in 2022. The length of this success appears to be at least 20 years; one cybersecurity historian, Professor Thomas Rid, of Johns Hopkins University Paul H. Nitze School of Advanced International Studies, maintains it lasted 25 years. Rid points out that "Its tooling is very sophisticated, it's stealthy, and it's persistent...It's adversary number one."
Greenberg provides an exceptional chronology of the intrusion: 1996: Moonlight Maze (an early name and version); 2008: Agent.btz which attacked U.S. Central Command and underscored the importance of the creation of U.S. Cyber Command; 2015: Satellite Command-and-Control which hijacked satellite communications; 2022: Hijacking a Botnet--a combo with Iranian help; 2023: Beheaded by Perseus (US term for Turla's decapitation). But, as one expert notes in conclusion, there isn't one: "This is an infinite game...They're not going away. This is not the end of cyberespionage history. They will definitely, definitely be back."
As for other prolific users of spyware in the world, Steven Feldstein, Program director of Carnegie Endowment's Conflict Governance Program, and Allie Funk, Research Director for Technology and Democracy at Freedom House, write in Lawfare that constraints on limiting U.S. federal agencies of exporting certain commercial spyware have been imposed by President Biden's executive order during the March Summit for Democracy. This reduces the export of U.S. spyware, as implemented by the Department of Commerce's new rule to align with this policy. Additionally, 42 governments also agreed to coordinate export restrictions for dual-use technologies. The authors believe that this is a good first step, but it is quite complicated and engages many U.S. agencies and others abroad. Feldstein and Funk admit that a good start does not mean that an executive order will remain, as a new president could nullify it. Although they applaud this beginning and direction, they are fearful that "...industry will continue to evade restrictions and pursue its harmful trade."
On the flip side, the Washington Post's Cybersecurity 202 with Tim Starks and David DiMolfetta discuss the need to address "Section 702" related to U.S. surveillance authorities. Congress needs to decide whether the surveillance powers that are due to expire at the end of 2023 need to be adjusted, discarded or kept as is. The underlying issue is the forever balance between civil liberties and the need to use surveillance to counter cyberattacks. The Post's Cybersecurity 202 team took a survey of professionals associated with this business who had to choose either to 1) scrap Section 702 completely (16%), 2) renew it as is (20%), or renew it with changes (64%). Cyber Scene will follow up as Congress, once past current Congressional/White House fiscal challenges, can address it.
Another issue that will likely not be addressed by Congress imminently is the Supreme Court's (SCOTUS) decision to send back to Congress the deliberation on tech's liability protections related to Section 230. Post journalist Cristiano Lima reports Section 230 refers to the tech industry's protection from liability. According to Lima, lawmakers are less inclined to support the tech industry. Two high-profile legal cases dealing with YouTube, Twitter and Google worked their way up, and slid (or were cast) down, from SCOTUS. The unanimous rulings for Gonzalez v. Google and Twitter v. Taamneh, throwing YouTube in for good measure, were that the Big Tech social media platforms were not immune from liability, either by omission or commission, regarding "taking adequate steps to crack down on terrorist content." The next step would be for Congress to take up the issue, as Capitol hill has been critical of the law, so it would be up to Congress "...to pare back the legal shield, which protects digital services from lawsuits over user content." The few attempts to legislate on related issues--dozens more bills--didn't move up to a vote in either the Senate or House. In any event, it is unlikely to be settled anytime soon.