CYBER RISKS

OVERVIEW ARTICLE

 

Author: Paul Meyer

Chair, Canadian Pugwash Group | Senior Advisor, ICT4Peace

Cyberspace, the broad term for the system of networked computer systems for which the Internet is the chief embodiment, is a unique, human-created environment. The potential of information and communication technology to benefit humanity is vast and the growth in its use world-wide has been exponential. Today close to four billion people are connected to the Internet and a community of “netizens” has emerged.

Unfortunately, the growth of cyberspace has not been matched by a similar development of global governance for it. Even more worrisome, is the degree to which cyberspace has become “militarized” with states developing capabilities, not only for the defence of their own systems, but also offensive capabilities that threaten damage and destruction to entities beyond their borders. These trends within national security establishments of leading cyber powers have accelerated and the detrimental impact of cyber operations on civilian interests has grown. A narrative of “cyber war” has been espoused by major states, depicting this remarkable product of human ingenuity as just another “war-fighting domain”.

Read more


Video interview with Paul Meyer


Video credit: ICT4Peace Foundation. A longer interview is available on YouTube at https://youtu.be/BveJ3V1ADUo.

VIDEO

TRANSCRIPT

PUBLIC COMMENTS

How to Post a Comment 

1. Give your comment a title in ALL CAPS. If you are commenting on a forum or Peace Magazine title, please identify it in your title.

2. Please select your title and click “B” to boldface it. 

You can:

• Italicize words by selecting and clicking “I”. 

• Indent or add hyperlinks (with the chain symbol).

• Attach a photo by copying it from another website and pasting it into your comment.

• Share an external article by copying and pasting it – or just post its link. 

We will keep your email address secure and invisible to other users. If you “reply” to any comment, the owner will be notified, providing they have subscribed. To be informed, please subscribe. 

** If you are referring to a talk show, please mention the number

Subscribe
Notify of

73 Comments
Newest
Oldest
Inline Feedbacks
View all comments

WHAT IS QUANTUM ARTIFICIAL GENERAL INTELLIGENCE?
BY DR. JOHN PAUL WERBOS

Tuesday, November 28, 2023
Artificial General Intelligence AGI: What it really is, why it is taking over, and why only a new QAGI could save us
There was a huge news story about AI and AGI which rightly shook the world over the past two days:
https://www.youtube.com/watch?v=Q9-grdoIgUw

What shook me most was a clear statement by Sam Altman, head of OpenAI, depicting a commitment to move ahead with lots and lots of apps making money in the short term without putting much energy into cross-cutting or integrative solutions.

In many ways, the really big issue is whether the human species is capable of working together to develop that level of integration which is necessary to avoid the total chaos and instability (leading to extinction) which is on its way NOW unless we work better and more effectively to use our own natural intelligence, WITH AI and such used as positive tools.

OVERVIEW FOR HIGH DECISION MAKERS
The key acronym AGI, Artificial General Intelligence (AGI), promulgated many years ago by Ben Goertzel, is finally getting the high-level global attention it deserves. The world badly needs all of us to connect better and deeper, to do justice to the interconnected technical and policy issues which AGI is already pushing us into very rapidly.

BUT FIRST: WHAT **IS** AGI?
I have seen many, many definitions for many decades. 

I first heard Ben’s talk in person in the WCCI2014 conference in Beijing, where I presented my own concept of AGI AT THE LEVEL of mammal brain intelligence. https://arxiv.org/abs/1404.0554 . The NSF of China and the Dean of Engineering at Tsinghua immediately invited USGOV to work together on a joint open global R&D program — but soon after I forwarded that to NSF, certain military intelligence contractors objected, and arranged for the US activity to be cancelled, leaving the field to China. (YES that was very serious!)

Phrases like AGI are not defined by God. We all have a right to work with different definitions, so long as we are clear.

=== LIKE SOME OF YOU, I would firmly reject the old Turing test as a definition of what an AGI is. Even Turing himself used much more powerful mathematical concepts when he moved on from early philosophical debates to mathematics that can actually be used in computer designs! (I bcc the friend who showed me Turings Cathedral by Dyson, a great source.) The Turing Test makes me laugh about Eliza, perhaps the first AI-based chat program, developed at KIT decades ago, which showed many of us just how incredibly shaky the Turing test really is.

I would propose that we define an AGI as a universal learning system, which learns to perform either cognitive optimization or cognitive prediction as defined in the NSF research announcement on COPN which is more advanced than any such announcement elsewhere even today:

 https://www.nsf.gov/pubs/2007/nsf07579/nsf07579.htm

In other words… universal ability to learn to adapt to any environment, with maximum expected performance, or to predict or monitor any time-series environment over time.

TODAY, I created a googlegroup on QuantumAGI to facilitate easier discussion of the most important players in the real technology creating
a POSSIBILITY of true quantum cognitive prediction or optimization, or function minimization/maximization. 

===

Years ago, in the crossagency discussions which created COPN, my friends who ran cognitive science and AI in computer science asked: “Do we want to set the bar so high? ” I asked: “Should we really use the word ‘intelligent” to refer to systems which cannot even learn anything?” In fact, people with long and deep experience in classical AI knew about Solomonoff priors, one key approach to universal learning-to-predict, which Marvin Minsky himself urged me to study in the 1960s when I took an independent study from him.

The mathematical foundation for the most powerful, universal cognitive prediction now emerging, using classical computing and deep neural networks, is reviewed at: werbos.com/Erdos.pdf. QUANTUM AGI extends that further, simply by doing orders of magnitude better in the loss function minimization tasks at the core of all general effective cognitive prediction methods. EXAMPLES of thermal quantum annealing, in relevant special cases, have already demonstrated that advantage, as shown in papers from IBM and Japan and others at 
https://www.nsf.gov/pubs/2007/nsf07579/nsf07579.htm.

=========================================

IS IT REALLY SAFE TO UNLEASH AGI AND QAGI ON THE EARTH, GIVEN HOW SCARY THE PRESENT TRENDS ARE??

Many of us, including me, have thought VERY long and hard on that. 

Based on the recent talks from Ilya and Altman, etc., I believe that we are presently on course to a very intense and difficult future, similar to the kinds of massive changes in niche which have doomed the world’s leading species to extinction again and again over the millennia. We are in the kind of decision situation which meets the technical concept of a “minefield” situation, which we are unlikely to survive unless we build up quickly to a level of collective cognitive optimization beyond ANY of today’s AGI or social institutions.

FURTHERMORE…. as in my new book chapter attached (book coming out next month or January from India Foundation), I really doubt that our cosmos lacks intelligence at the level of QAGI already. Keeping up with that level of collective intelligence may simply be ESSENTIAL to our best chances of survival as a species.

YES, there are HUGE dangers if this is developed in the dark. That is why I believe in the necessity of open, transparent international development, including even leadership in the QAGI technology itself in new international venues.

another version with details for substantive technology leaders

HOW AGI WORKS —
There are a few different definitions out there about what AGI (Artificial General Intelligence) actually **IS*. YOU ALL can rightly use many ways of handling definitions, because you communicate with different audiences. Please forgive me if I still adhere to many commitments of John Von Neumann, the mathematician whose work underlies MANY branches of science. Von Neumann would tolerate me giving you ONE or TWO useful definitions of AGI, and explaining where it leads.

AGI: universal learning machines, a kind of INTENTIONAL SYSTEM, designed to input some measure of “cardinal utility” U, and to learn the strategy of action or policy which will maximize the expectation value of the future value of U. In modern neural network mathematics, the best way to name these is to call them “RLADP” systems, Reinforcement Learning and Approximate Dynamic Programming. Even today, the old book “Neural Networks for Control” by Miller, Sutton and Werbos from MIT Press is an important source for learning what this means in practice, and understanding where key places like Deep Mind are really coming from. These are systems which LEARN TO DECIDE, in an agile way.

BUT THERE IS NO ESCAPING the essential importance of “where does U come from?” This is basically just a modern reflection and extension of the most ancient problems of philosophy; Von Neumann’s concept of U traces back clearly to utilitarians like Jeremy Bentham and John Stuart Mill, and back from there to Aristotle’s Nicomachean Ethics, which I remember reading at age 8 when I found it in my mother’s old schoolbooks. 

BUT: a more practical definition: modern AGI, in practice involves THREE elements, three types of universal learning machine. There is RLADP, which learns to exert decision and control (which has be applied to anything from monetary transactions to weapons control to words to energy systems). There is learning to predict or model or describe the state of the world, which FEEDS INTO making better decisions. And there is the “simple task” of learning to minimize some function F(W) with respect to weights W.

THE problem of survival for humanity is an example of an RLADP problem, where we try to maximize the probability of human survival, which of course requires further definition and refinement. FOR NOW —

THE OPENAI debate reminds me that the problem of human survival or exaltation is a specific TYPE of RLADP problem, which mathematicians would call “highly nonconvex.” Concretely, it is a MINEFIELD problem, where the paths of possibility ahead of us mostly hit explosive “unexpected” sudden death — but also with aspects of “needle in a haystack” where there are GOOD possibilities we might miss. SOLVING such problems requires a lot of caution and foresight, which is why stronger work in foresight is essential to human survival. SUCH RLADP problems end up requiring solution of highly nonconvex function minimization or maximization problems.

Early in this century, NSF organized the most advanced research effort ever in probing this mathematics AND connecting it to the intelligence we see in mammal brains: https://www.nsf.gov/pubs/2007/nsf07579/nsf07579.htm
Following that program, I often say “cognitive optimization” to refer to RLADP and intelligent function minimization/maximization. “Cognitive prediction” refers to that other universal learning capability, which is advanced further in werbos.com/Erdos.pdf and in Buzsaki’s recent book on the brain as a prediction machine.

I attach my paper in press from the India Foundation, and another in a book now available by Kozma, Alippi, etc, giving even more details. 

Quantum AGI, as I define it (THE canonical definition created in my published papers and patent disclosure), simply ENHANCES these three universal learning capabilities — RLADP, prediction/modeling and function minimization — by HARNESSING the power of quantum physics AS DESCRIBED BY THE GREAT PHYSICIST DAVID DEUTSCH OF OXFORD.

You could call this “quantum cognitive optimization” and “quantum cognitive prediction.”

The foundation which all QAGI is built on is minimization or maximization of nonlinear functions.
It was initially developed (by me) to address minefield or needle in a haystack types of problem, though it looks as if the new types of quantum computers will also give many other improvements.

Here is a metaphor: if you had a million haystacks or gopher holes in your big back yard, to FIND the best needle in a haystack (or deepest gopher hole), WHY NOT HIRE A MILLION SCHRODINGER CATS to work in parallel, and report back which is best?? A million times faster than one-at-a-time search!!

Deutsch’s Quantum Turing Machine is not a brain or an AGI; just a faster type of old sequential computer, a Turing machine.
DWAVE was a HUGE mental leap forward, which would FIT the vision I just described… BUT ONLY if the function minimization at the core of the system is replaced by the kind of hardware which ACTUALLY harnesses these cats. (DWave is like paying for a million cats, but putting them on a leash, locking them up on a patio or a restricted sidewalk. Strong efforts at energy conservation have that effect.) 

The papers in our Project Amaterasu folder and recent emails describe how Deutsch’s physics works here, and how to build the hardware.

Paul Werbos copy 2.png

The UN Open-ended Working Group on the security and use of Information and Communication Technologies (ICT) held its fourth session July 24-28, 2023 in New York. Allison Pytlak of the Stimson Center has written an insightful account of these proceedings and the main points in contention: article.

The Worldwide Cyber Security Industry is Projected to Reach $266 Billion by 2027
The global cyber security market size is expected to grow from an estimated value of USD 173.5 billion in 2022 to USD 266.2 billion by 2027, at a Compound Annual Growth Rate (CAGR) of 8.9% from 2022 to 2027.

The increased number of data breaches across the globe, the ability of malicious actors to operate from anywhere in the world, the linkages between cyberspace and physical systems, and the difficulty of reducing vulnerabilities and consequences in complex cyber networks are some factors which are driving the cyber security market growth. However, the lack of cyber security professionals and the lack of budget constraints among SMEs and start-ups in developing economies are expected to hinder the market growth.

By Organization size, SMEs to grow at the highest CAGR during the forecasted period

Small and medium-sized businesses (SMEs) from a variety of industries are going through a digital transformation and using cloud computing to streamline operations, increase mobility, get rid of on-premises technology, and save costs. To protect their online applications and Application Programming Interfaces (APIs) against unwanted access, vulnerabilities, and attacks, SMEs are using cybersecurity solutions and services. Cybercriminals use automated techniques to attack SMEs’ networks in order to take advantage of their weak security infrastructures.

Therefore, in order to save money, time, and resources, SMEs are seeking cyber security solutions. Additionally, governments are acting to safeguard SMEs in their own nations. But significant problems including operational activity budget restrictions, a lack of capital funding, and a shortage of qualified workers are anticipated to impede market expansion for SMEs in developing nations.

SMEs are vulnerable to new security problems as they implement digitalization at an increasing rate. As a result, the IT departments of SMEs make investments in implementing cyber security solutions. Thus, the SMEs are to grow at the highest CAGR during the forecasted period.

By Vertical, the aerospace and defence vertical account for a larger market size during the forecasted period

The civil and military aerospace and defence procurements are included in the aerospace and defence verticals. The rate of growth of security risks in the aerospace and defence sectors is alarming. This vertical is intended to harvest extremely sensitive and confidential data from important sectors, such as the government, prime contractors, and suppliers. Big data and increased digitization in nearly every element of the armed forces raise the likelihood of cybercriminal attacks.

The use of IT and telecommunications tools like RADARs and encryption-based wireless technologies for secure communication are the main drivers, and they will assist in expanding the markets. Additionally, the sector is undergoing a significant digital change, which has increased the need for cyber security services and solutions. Thus the aerospace and defence vertical accounts for a larger market share during the forecasted period.

By Organization size, large enterprises to grow at the highest market size during the forecasted period

Large enterprises and SMEs may protect themselves with the help of cyber security solutions from cyberattacks that aim to breach and undermine their IT infrastructure. For the purpose of protecting their critical assets, large organizations throughout the world continue to implement cyber security solutions at a rapid rate.

In order to include security solutions and services for defending vital assets from cyberattacks, large organisations are redesigning their security policies and architecture. To protect networks, endpoints, data centres, devices, users, and applications against unauthorised use and harmful ransomware attacks, they heavily rely on cyber security.

Large businesses are increasingly using access management tools to enable privileged access to servers and online applications, which promotes market expansion. Large enterprises are more likely to employ cyber security solutions as a result of huge budgets implementing top-notch security solutions and the strong demand for real-time auditing and monitoring of the growing IoT traffic. Thus large enterprises are to have the highest market growth during the forecasted period.

More Information: https://www.globenewswire.com/news-release/2022/09/22/2520978/0/en/The-Worldwide-Cyber-Security-Industry-is-Projected-to-Reach-266-Billion-by-2027.html

What shape should a Cyber Security Programme of Action take?

The UN Open-Ended Working Group (OEWG) on the security of and use of Information and Communication Technology (ICT) is on-going with three sessions held to date and a mandate continuing to 2025. One proposal initially submitted in late 2021 has been endorsed by 60 states is the “Programme of Action” (PoA). The PoA is intended to establish a “permanent mechanism” under UN auspices for consideration of cyber security matters with a series of follow-up meetings. Much remains to be clarified however as to exactly what a PoA would accomplish.
Allison Pytlak, Disarmament Programme Manager at Reaching Critical Will has produced a useful paper on the PoA concept: https://reachingcriticalwill.org/images/documents/Publications/report_cyber-poa_final_May2022.pdf
The paper recalls how PoAs have been utilized in the past to address other UN issue areas of concern and brings out common features. Pytlak draws attention to some of the priority areas for elaboration of a cyber PoA and makes several recommendations as to aspects that could feature in the next iteration of the PoA concept. These include having the co-sponsors develop a “pre-draft” text of a PoA, incorporating some form of accountability mechanism and specifying how non-governmental stakeholders can be engaged in the development and implementation of a future PoA.
Pytlak’s paper will be a highly valuable resource for participating officials and stakeholders in the OEWG process and provides an impetus for an outcome that is more operational than simply declaratory in nature.

THEY NEVER GET CAUGHT
How many times a day does someone try to steal from you onlline or on your phone? There is at least one fraudulent letter in my email every day, and almost every day I get a call from someone pretending to be my bank or credit card company, trying to drag me into something dangerous. I cannot tell real things from fakes. The police never catch them. I doubt that anyone is even trying to catch them.

So is the United Nations going to solve this? I doubt it. Don’t you?

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware
Brian Krebs | 17 March 2022

Researchers are tracking a number of open-source “protestware” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.

The upstart tracking effort is being crowdsourced via Telegram, but the output of the Russian research group is centralized in a Google Spreadsheet that is open to the public. Most of the GitHub code repositories tracked by this group include relatively harmless components that will either display a simple message in support of Ukraine, or show statistics about the war in Ukraine — such as casualty numbers — and links to more information on the Deep Web.

For example, the popular library ES5-ext hadn’t updated its code in nearly two years. But on March 7, the code project added a component “postinstall.js,” which checks to see if the user’s computer is tied to a Russian Internet address. If so, the code broadcasts a “Call for peace:”

Read more

Read More Here: https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/

Re: The Government’s approach to address harmful content online

Submitted by: Rose A. Dyson Ed.D.

President: Canadians Concerned About Violence In Entertainment

Vice President: World Federalist Movement of Canada: Toronto Branch

Author: MIND ABUSE Media Violence And Its Threat To Democracy (2021)

email: rose,dyson@alumni.utoronto.ca or rdyson@oise.utoronto.ca

Phone: 416-961-0853 or 647-382-4773

Dear Committee Members

Thank you for the opportunity to participate in this discussion on meaningful action to combat hate

speech and other kinds of harmful content online. Public concern about harmful media content has now been with us for several decades and the need to address the problem has gotten increasingly urgent. The five categories identified as hate speech and other kinds of harmful content online, including child sexual exploitation, terrorist activity, content that incites violence, and the non-consensual sharing of intimate images have skyrocketed as communications technologies have evolved.

Read more

Last edited 1 year ago by Project Save The World

Putin Approves Ratification of CIS Agreement on Cyber Security Cooperation

TASS: Russian News Agency | 1 July 2021

MOSCOW, July 1. /TASS/. Russian President Vladimir Putin signed a bill on ratifying an agreement on cooperation between the Commonwealth of Independent States (CIS) countries in the fight against cyber crimes.
The document was published on the official portal of legal information.
The agreement was inked in September 2018 at the meeting of the CIS Heads of State Council in Dushanbe, Tajikistan. The document is aimed at establishing modern legal mechanisms for practical interaction of Russian competent authorities with colleagues from other CIS countries for effectively preventing, detecting, thwarting, investigating and solving cyber crimes.
This involves cooperation in the exchange of data on impending or committed crimes and persons behind them, responding to the calls for assistance in providing data that can facilitate the investigation as well as coordinated operations.”

Read more

Link: https://tass.com/politics/1309447

Defense Official Testifies About DOD Information Technology, Cybersecurity Efforts

Terri Moon Cronk | DOD News | 30 June 2021

President Joe Biden’s interim National Security Strategic Guidance and Secretary of Defense Lloyd J. Austin III’s priorities drive key areas on the Defense Department’s cloud, software network modernization, cybersecurity work, workforce, command-and-control communications and data, DOD’s acting chief information officer said.

John Sherman told the House Armed Services Committee’s panel on cyber, innovative technologies and information systems that cloud computing is a critical step for the enterprise. “We’ve made cloud computing a fundamental component of our global [information technology] infrastructure and modernization strategy,” he said yesterday. “With battlefield success increasingly reliant on digital capabilities, cloud computing satisfies the warfighters’ requirements for rapid access to data, innovative capabilities, and assured support.”

The DOD remains committed in its drive toward a multi-vendor, multi-cloud ecosystem with its fiscal year 2022 cloud investments, which represent more than 50 different commercial vendors, including commercial cloud service providers and system integrators, he added.
And the DOD’s ability to leverage that technology has matured over the last several years, and it’s driving hard to accelerate the momentum even more in that space, Sherman said.”

Read more

Link: https://www.defense.gov/Explore/News/Article/Article/2678059/defense-official-testifies-about-dod-information-technology-cybersecurity-effor/

House Panel Approves DHS Bill with ‘Historic’ Funding for Cybersecurity

Mariam Baksh | Nextgov | 30 June 2021

“A bill to fund the Department of Homeland Security now heads to the full Appropriations Committee in the House after passing unopposed through the related subcommittee with $2.42 billion for the Cybersecurity and Infrastructure Security Agency.

“As the nature of the threats facing the country changes, the missions and investments of the Department of Homeland Security must quickly adapt and respond. This bill makes historic investments in cyber and infrastructure security,” said Rep. Lucille Roybal-Allard, D-Calif., chairwoman of the Appropriations subcommittee on homeland security.

The bill approved Wednesday—which includes funding to deal with contentious immigration issues and a host of other things such as defending the U.S. against Russian aggression in the Arctic—makes $52.81 billion available to DHS in discretionary funding, $934 million more than for 2021. Roughly a third of that increase—$397.4 went to boosting CISA, DHS’ newest agency.

After the committee released a draft of the bill Tuesday, Rep. Jim Langevin, D-R.I., a member of the Cybersecurity Solarium Commission, thanked Roybal-Allard for CISA’s funding level in the bill, which is also $288 million more than President Joe Biden requested for the agency. 

“If we are going to stop the current wave of ransomware and prevent another SolarWinds-like hack, Congress must step up to the plate and adequately fund CISA,” Langevin said. “I’m thrilled that the Appropriations Committee is allocating $2.42 billion for CISA, our nation’s premier cybersecurity agency, in line with the Solarium Commission’s recommendation. For months, I’ve been calling for Congress to allot more resources for CISA, and I’m so grateful to Chairwoman Roybal-Allard for her abiding commitment to shoring up our nation’s cyber defenses.”

Read more

Link: https://www.nextgov.com/cybersecurity/2021/06/house-panel-approves-dhs-bill-historic-funding-cybersecurity/182690/

ASEAN Cyber Challenge in the Spotlight With New Center

Prashanth Parameswaran | The Diplomat | 30 June 2021

“One of the items of note to have come out of the recently concluded virtual ASEAN Defense Ministers Meeting (ADMM) on June 15 was the formalization of a cyber center of excellence based in Singapore. While the development itself was not surprising, it nonetheless spotlighted the continued significance of cyber security as a defense issue of importance for Southeast Asian states, as well as some of their key partners.
Cybersecurity has been an increasing focus for Southeast Asian states as well as ASEAN as a grouping in the context of the region’s attempts to balance the opportunities afforded by the digital economy with the challenges posed by the increasing sophistication of cyber threats in an increasingly networked world and their links to other challenges such as terrorism.
Specifically, these issues have been recently addressed by the ADMM, widely characterized as the premier defense institution within ASEAN. Recent years have seen the institutionalization of a new ADMM-Plus cyber security working group in 2016 and the establishment of new bodies like the ASEAN-Japan Cybersecurity Capacity Building Center, which was announced during Thailand’s 2019 ASEAN chairmanship.”

Read more

Link: https://thediplomat.com/2021/06/asean-cyber-challenge-in-the-spotlight-with-new-center/

UK Cyber Security Council Launches Opening Initiatives

James Coker | Infosecurity | 30 June 2021

“The UK Cyber Security Council has launched its first two initiatives as part of its remit to boost professional standards in the cyber industry.
The council, which started work as an independent body on March 31 2021, has invited 16 members of the Cyber Security Alliance to apply for a role in determining the terms of reference for two new committees: a Professional Standards & Ethics Committee and a Qualifications & Careers Committee. The Cyber Security Alliance is a group of organizations that the UK government established in 2019, from which the council was set up.
The two new committees will be involved in helping ensure a common set of standards are adopted throughout education and training interventions related to cybersecurity. This represents the first stage to provide a focal point through which industry and the professional landscape can advise, shape and inform national policy on cybersecurity professional standards.”

Read more

Link: https://www.infosecurity-magazine.com/news/uk-cyber-security-council-opening/

Incremental Progress or Circular Motion? – The UN Group of Governmental Experts (UNGGE) Report 2021

Making progress on complex issues in a forum like the United Nations with 193 state parties and a consensus decision-makingOne of the most difficult problems that the GGEs faced was the question of how the conduct of states in cyberspace related to international law, including international humanitarian law. A major accomplishment of the 2013 GGE was the affirmation that international law, including the UN Charter, applied to cyberspace. It was soon apparent however that this affirmation had not resolved underlying differences over the interpretation of how international law applied to the cyber conduct of states, particularly in the context of international security. Disagreement over this question had been the proximate reason for the failure of the previous GGE to reach a consensus outcome in 2017. The place of international humanitarian law (aka the law of armed conflict) in this new realm of military operations was especially contentious. Some states sought a confirmation that international humanitarian law would cover state cyber operations, whereas others resisted the notion arguing that this could sanction treating cyberspace as a legitimate domain for armed conflict., if the progress achieved appears more of a circular than linear nature.

This situation is evident in the final report of the UN Group of Governmental Experts (GGE) on “Advancing responsible State behaviour in cyberspace in the context of international security” adopted at the group’s fourth and final meeting May 28, 2021.i The GGE which operated in the 2019-2021 timeframe with 25 nationally appointed “experts” was the most recent in a series of six such GGEs that have been organized by the UN since the turn of the century.ii Two of these (2003-2004 and 2016-2017) failed to achieve consensus and didn’t produce a substantive report. Four were able to agree on consensus reports in 2010, 2013, 2015 and the most recent in 2021. The chief aim of all these GGEs was to develop “norms of responsible state behaviour in cyberspace” as part of the effort to determine how the potent technology of the Internet and related computer networks could be managed in light of the UN’s goal of maintaining international peace and security.

This dispute surfaced in the proceedings of the UN Open-Ended Working Group (OEWG) on “Developments in the field of Information and Telecommunication in the context of International Security” which ran in parallel with the GGE in the 2019-2021 timeframe and was able to arrive at a consensus report at its final meeting in March 2021.iii This result was only achieved by dividing the report into two sections: a section that had consensus approval and a “Chairman’s Summary” which contained elements that were not able to command consensus agreement and had to be issued in a non-binding manner under the Chairman’s own authority. The international humanitarian law issue fell victim to this cut being relegated to the Chairman’s Summary despite the support of many states and an energetic plea by the International Committee of the Red Cross to preserve a positive reference to it in the main report. The ICRC argued that acknowledging that international humanitarian law would apply to an armed conflict occurring in cyberspace should in no way be construed as condoning the militarization of cyberspace or legitimizing cyber warfare. In the event this construction was not sufficient to persuade skeptical states to accept the ICRC’s proposed text in the consensus report.

Read more

Last edited 1 year ago by Project Save The World

Cyberattacks Grind Hanford Nuclear Energy Workers’ Benefit Program to a Halt
Patrick Malone | The Seattle Times | 10 May 2021

“Cyber attacks on the U.S. government have abruptly paused processing of benefit applications for workers who were sickened while working on nuclear weapons programs at Hanford and other Department of Energy sites, delaying aid to some dying workers, according to advocates.
Without warning, advocates from the Alliance of Nuclear Workers Advocacy Group received notice late last Friday that effective Monday, a vital component of the Energy Employees Occupational Illness Compensation Program would be offline for two to four months.
The Radiation Dose Reconstruction Program databases’ sudden hiatus could delay approval of new benefits for groups of workers who believe they’ve been exposed to workplace hazards.
Among them are more than 550 workers from Hanford, a mothballed plutonium processing site in Richland, who were potentially exposed to radiation and toxins when they were provided leaky respirators, according to a Seattle Times investigation last year.
Those workers are seeking inclusion in the federal benefits program administered by the Department of Labor. The National Institute of Occupational Safety and Health plays an instrumental role in determining eligibility.”

Read more

Link: https://www.seattletimes.com/seattle-news/times-watchdog/cyberattacks-grind-hanford-nuclear-energy-workers-benefit-program-to-a-halt/

Defense is a whole lot harder than offense in this game. And if you catch the hackers, what are the penalties? The heaviest weapon would be economic sanctions against another country, if you could prove that the hackers were government agents. And how far have economic sanctions worked in other cases? Not an impressive record of success. The Russians offered to negotiate treaties a while back but nobody took up their offer. It’s easy to understand why not, but look where things are headed now!

The Cybersecurity 202: A Group of Industry, Government and Cyber Experts have a Big Plan to Disrupt the Ransomware Crisis
Tonya Riley with Aaron Schaffer | The Washington Post | 29 April 2021

“A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom. 

The group, which issued a report today, says swift, coordinated action can disrupt and deter the growing threat of cyberattacks that use ransomware, a malicious software that locks up computer systems so that criminals can demand ransom in exchange for access.

“We’re seeing critical parts of the economy being hit by ransomware, including, for example, health care in particular,” says task force co-chair Megan Stifel, executive director of Americas at the Global Cyber Alliance. “When you start to see a broad scale of victims across multiple elements of the economy being hit there can ultimately, if not abated, be catastrophic consequences.”

Read more

Link: https://www.washingtonpost.com/politics/2021/04/29/cybersecurity-202-group-industry-government-cyber-experts-have-big-plan-disrupt-ransomware-crisis/

U.S. Nuclear Modernization: Security & Policy Implications of Integrating Digital Technology

8 December 2020 | NTI

“An expansive, complex undertaking to modernize the United States’ nuclear bombs and warheads, their delivery systems, and the command, control, and communications infrastructure around them is underway. It is a project that carries the potential for great benefits through an increase in digital systems and automation, as well as the addition of machine learning tools into the U.S. nuclear triad and the supporting nuclear weapons complex. But it also is one that carries significant risks, including some that are not fully understood. If it does not take the time to protect the new systems integrated with some of the deadliest weapons on earth from cyberattack, the U.S. government will be dangerously outpaced in its ability to deter aggressors.”

Given the stakes, why take on new risks at all? The reason to integrate digital technologies into U.S. nuclear weapons systems is clear: this is the first significant upgrade of U.S. nuclear weapons systems in nearly 40 years, and the old systems need replacing. The most efficient way to update the full nuclear triad of bombers, submarines, and ground-based missiles, as well as the bombs, warheads, and command, control, and communications network, is to use today’s technology, including digital tools. From digital displays on bomber aircraft to advanced early-warning sensors and machine-learning-enabled nuclear options planning tools, this U.S. nuclear weapons recapitalization, like past modernizations, will be a product of its time.Read more

Link: https://www.nti.org/analysis/reports/nti-modernization-report-2020

This writer actually tells us that we will be better off with all these improvements in nuclear weapons. What a horrible thought! Just get rid of them, stupid.

Why were they issued leaky respirators? For Covid treatment or because they have to stop breathing regular air when they are in a particularly dangerous area? This article mentions aid to dying workers. Are people still dying from jobs they performed decades ago or what?

Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks

By Alex Stamos, Washington Post, Dec. 15, 2020

Alex Stamos is the director of the Stanford Internet Observatory and the former chief information security officer of Yahoo and Facebook.
The details are still trickling in, but it seems possible that the latest Russian cyberattacks against the Departments of Homeland Security, Treasury and State; the National Institutes of Health; and possibly dozens of companies and departments will turn out to be one of the most important hacking campaigns in history.

The current reporting suggests that the Russian Foreign Intelligence Service (SVR), long considered Russia’s most advanced intelligence agency in cyber operations, managed to compromise the servers of an important vendor of information technology software and implant a back door. This company, SolarWinds, services tens of thousands of corporate and government clients, and its products naturally have access to critical systems. Since March, we’ve now learned, the SVR has been able to use this toehold to jump into the networks of a variety of highly sensitive organizations. I expect the true impact of the overall campaign won’t be known for months or years as thousands of companies scramble to determine whether they were breached and what was stolen.
While we don’t have all the details, it is already clear that something is wrong with how our country protects itself against the hackers working for our adversaries in Russia, China, Iran and North Korea. As the Biden administration puts together its plan to secure the United States against these kinds of attacks, and Congress considers how to update the existing bipartisan cybersecurity consensus, I offer three initial fixes.

First, we need to build a cyberspace equivalent of the National Transportation Safety Board. Such an agency would track attacks, conduct investigations into the root causes of vulnerabilities and issue recommendations on how to prevent them in the future. As things stand now, our only public account of this latest attack will come from the class-action lawsuits filed by lawyers acting on behalf of affected companies and shareholders. When I worked for Yahoo, I saw myself what happened after the company was attacked by the Russians. Legal teams produced dozens of depositions and reviewed hundreds of thousands of documents; then they collected their million-dollar payouts, and that was that. No public documentation resulted; no useful lessons were learned.

We should create a mechanism to handle cyberattacks the same way we react to serious failures in other complex industries; the NTSB offers a useful model. While voluntary transparency from technology companies such as FireEye has been helpful, it won’t provide the kinds of detailed reporting across dozens of victims that will enable other security teams to learn from this attack and thereby make the SVR’s job a bit harder.
And while we’re at it, let’s make sure Congress passes a federal data breach law that covers the thousands of secret breaches that occur every year but aren’t publicly discussed. Such attacks have included attempts to acquire critical vaccine datarocket designs or trade secrets. But there’s no law requiring that they be disclosed unless they include the credit card numbers, email addresses and other bits of personal information covered by state breach laws. Our society can’t respond to the overall risk as long as we’re discussing only a fraction of the significant security failures.

Second, Congress and the new administration can work together to put defensive cybersecurity on the same level as offensive cyber operations and intelligence gathering. The Cybersecurity and Infrastructure Security Agency (CISA) was created only two years ago to coordinate defending both the public and private sectors. While CISA quickly established itself under director Chris Krebs, who was fired by President Trump for his truthful statements regarding election security, the size and technical competence of the agency does not yet match up to that of its offensive cousins.

CISA has about 2,200 employees spread across its cyber and infrastructure responsibilities. By comparison, the National Security Agency, only one of 17 members of the U.S. intelligence community, has more than 40,000. Patching routers at the Interior Department isn’t as sexy as destroying Iranian centrifuges or reading the correspondence of the Chinese Communist Party, but it is certainly just as important when you consider that the United States has the largest, most technologically advanced, and therefore most vulnerable, economy in the world.

Third, the Biden administration can appoint individuals with practical, hands-on defensive experience to key roles in the White House and critical agencies. Official Washington has long disrespected cybersecurity expertise in a way that would be unthinkable in other complex professions. The Senate would never confirm a malpractice attorney to be a surgeon general, and the president would never ask a Judge Advocate General Corps officer to serve as chairman of the Joint Chiefs of Staff.
But this, in effect, is just how Washington has treated cybersecurity — as something best understood by the lawyers who prosecute cybercrime and defend breached companies. This isn’t to dismiss the contributions made by members of the legal profession; there are many smart, dedicated lawyers working in the cybersecurity field. Even so, the Biden cybersecurity team should include the voices of people who have real experience preventing, detecting and responding to crises like the one our country is facing today. It’s long overdue that we started treating cyberthreats with the seriousness they deserve.

Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace

19 October 2020 | Department of Justice, United States of America | https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and

“On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort. 

Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics. The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

Read more

“Democrats Push for More Transparency about Russian Election Interference”

By Joseph Marks

“Top Democrats are slamming the Trump administration for not sharing enough information with the public about Russian efforts to interfere in November’s election.”

“While intelligence officials have warned that U.S. adversaries are trying to hack into political campaigns and election systems – and cited Russia, China and Iran as the biggest threats — House Speaker Nancy Pelosi (D-Calif.) and Senate Minority Leader Chuck Schumer (D-N.Y.) say that’s not enough to help voters gird themselves against social media disinformation or the sort of hacking and leaking campaign that upended Hillary Clinton’s campaign in 2016.”

Read more

comment image

Beware Chinese Drones- They Might Be Spying on Us!

By: Joseph Marks

“Researchers are warning about cybersecurity vulnerabilities in an Android app that powers a popular Chinese-made drone they say could help the Chinese government scoop up reams of information. 
The accusation comes amid a diplomatic clash between Washington and Beijing over everything from trade to the search for a coronavirus vaccine and it’s sure to worsen U.S. distrust of a broad range of consumer technology.”

Read more

Clueless governments

With such fast-paced technological advancement, how will governments keep up with policies that protect its citizens?

We need more government regulation on software controlled components…

If they sell it, they should be responsible for making it work

We should hold all conglomerates responsible for their faulty technology! Since they’re selling us these products, they have to ensure our safety as the consumer!

Why Our Nuclear Weapons Can Be Hacked

By Bruce G. Blair
New York Times, 14 March 2017

Article Excerpt(s):

“It is tempting for the United States to exploit its superiority in cyberwarfare to hobble the nuclear forces of North Korea or other opponents. As a new form of missile defense, cyberwarfare seems to offer the possibility of preventing nuclear strikes without the firing of a single nuclear warhead.

But as with many things involving nuclear weaponry, escalation of this strategy has a downside: United States forces are also vulnerable to such attacks.

Imagine the panic if we had suddenly learned during the Cold War that a bulwark of America’s nuclear deterrence could not even get off the ground because of an exploitable deficiency in its control network.

We had such an Achilles’ heel not so long ago. Minuteman missiles were vulnerable to a disabling cyberattack, and no one realized it for many years. If not for a curious and persistent President Barack Obama, it might never have been discovered and rectified.

In 2010, 50 nuclear-armed Minuteman missiles sitting in underground silos in Wyoming mysteriously disappeared from their launching crews’ monitors for nearly an hour. The crews could not have fired the missiles on presidential orders or discerned whether an enemy was trying to launch them. Was this a technical malfunction or was it something sinister? Had a hacker discovered an electronic back door to cut the links? For all the crews knew, someone had put all 50 missiles into countdown to launch. The missiles were designed to fire instantly as soon as they received a short stream of computer code, and they are indifferent about the code’s source.

It was a harrowing scene, and apprehension rippled all the way to the White House. Hackers were constantly bombarding our nuclear networks, and it was considered possible that they had breached the firewalls. The Air Force quickly determined that an improperly installed circuit card in an underground computer was responsible for the lockout, and the problem was fixed.

But President Obama was not satisfied and ordered investigators to continue to look for similar vulnerabilities. Sure enough, they turned up deficiencies, according to officials involved in the investigation.

Read more

Censored Contagion: How Information on the Coronavirus is Managed on Chinese Social Media

By Lotus Ruan, Jeffrey Knockel, and Masashi Crete-Nishihata
The Citizen Lab (University of Toronto), 3 March 2020

Article Excerpt(s): From the Key Findings Section:

1) “YY, a live-streaming platform in China, began to censor keywords related to the coronavirus outbreak on December 31, 2019, a day after doctors (including the late Dr. Li Wenliang) tried to warn the public about the then unknown virus.

2) WeChat broadly censored coronavirus-related content (including critical and neutral information) and expanded the scope of censorship in February 2020. Censored content included criticism of government, rumours and speculative information on the epidemic, references to Dr. Li Wenliang, and neutral references to Chinese government efforts on handling the outbreak that had been reported on state media.

3) Many of the censorship rules are broad and effectively block messages that include names for the virus or sources for information about it. Such rules may restrict vital communication related to disease information and prevention.”

From the Article Itself:

(Regarding one of the methods of censorship):

“YY censors keywords client-side meaning that all of the rules to perform censorship are found inside of the application. YY has a built-in list of keywords that it uses to perform checks to determine if any of these keywords are present in a chat message before a message is sent. If a message contains a keyword from the list, then the message is not sent. The application downloads an updated keyword list each time it is run, which means the lists can change over time.

WeChat censors content server-side meaning that all the rules to perform censorship are on a remote server. When a message is sent from one WeChat user to another, it passes through a server managed by Tencent (WeChat’s parent company) that detects if the message includes blacklisted keywords before a message is sent to the recipient. Documenting censorship on a system with a server-side implementation requires devising a sample of keywords to test, running those keywords through the app, and recording the results. In previous work, we developed an automated system for testing content on WeChat to determine if it is censored.”

[…]

“On December 31, 2019, a day after Dr. Li Wenliang and seven others warned of the COVID-19 outbreak in WeChat groups, YY added 45 keywords to its blacklist, all of which made references to the then unknown virus that displayed symptoms similar to SARS (the deadly Severe Acute Respiratory Syndrome epidemic that started in southern China and spread globally in 2003).

Among the 45 censored keywords related to the COVID-19 outbreak, 40 are in simplified Chinese and five in traditional Chinese. These keywords include factual descriptions of the flu-like pneumonia disease, references to the name of the location considered as the source of the novel virus, local government agencies in Wuhan, and discussions of the similarity between the outbreak in Wuhan and SARS. Many of these keywords such as “沙士变异” (SARS variation) are very broad and effectively block general references to the virus.”

Read more

Six Reasons the Kremlin Spreads Disinformation About the Coronavirus [Analysis]

By Jakob Kalenský
Digital Forensic Research Lab (Atlantic Council), 24 March 2020

Article Excerpt(s):

“A recent internal report published by the European Union’s diplomatic service revealed that pro-Kremlin media have mounted a “significant disinformation campaign” about the COVID-19 pandemic aimed at Europe. Previous statements by Western officials, including acting U.S. Assistant Secretary of State for Europe and Eurasia Philip Reeker, warning of the campaign suggested that its contours were already visible by the end of February 2020.
The Kremlin’s long-term strategic goal in the information sphere is enduring and stable: undermining Western unity while strengthening Kremlin influence. Pro-Kremlin information operations employ six complementary tactics to achieve that goal, and the ongoing disinformation campaign on COVID-19 is no exception.

1. Spread anti-US, anti-Western, and anti-NATO messages to weaken them

Russian media started spreading false accusations that COVID-19 was a biological weapon manufactured by the United States in late January. The claim has appeared in other languages since then. This messaging is in line with decades of Soviet and Russian propaganda that has been fabricating stories about various diseases allegedly being a U.S. creation at least since 1949.
Read more

Cyberattacks on Our Wastewater?

I saw a video by Vice News about the vulnerability of water and wastewater (sewage) treatment plants. Apparently many of the systems are being digitized and monitored remotely. As such, they become increasingly vulnerable to cyberattacks. The video focused on some research in Israel around protecting these vital infrastructure locations and demonstrated how easy it is to hack the system. Alarming news to watch. What other infrastructure is vulnerable to cyber security threats?

Keeping your medical secrets

Wearable technology covers a broad area of devices. With its use becoming more common in the healthcare sector, the issue concerning privacy becomes more crucial. New devices can help physicians monitor patients’ vital signs; sleep patterns and heart rhythms remotely transforming the face of medicine as we know it. These developments in technology will help detect early signs of diseases and aid in diagnosing medical conditions. Essentially these devices are mini computers that send and receive data which can be used for further analysis.

This is a company that delivers iOT solutions…it might be worth investing in…
https://www.st.com/content/st_com/en.html

Getting ahead of the Christchurch Call

By Alistair Knott, Newsroom, Oct 20, 2019
https://www.newsroom.co.nz/2019/10/10/850847/getting-ahead-of-the-christchurch-call

Instead of using what amounts to censorship, tech companies signed up to the Christchurch Call would be wise to adopt a more preventative tactic, writes the University of Otago’s Alistair Knott:

We have heard a lot recently from the world’s tech giants about what they are doing to implement the pledge they signed up to in the Christchurch Call. But one recent announcement may signal a particularly interesting development. As reported in the New Zealand Herald, the world’s social media giants ‘agreed to join forces to research how their business models can lead to radicalisation’. This marks an interesting change from a reactive approach to online extremism, to a preventative approach.

Until now, the tech companies’ focus has been on improving their methods for identifying video footage of terrorist attacks when it is uploaded, or as soon as possible afterwards. To this end, Facebook has improved its AI algorithm for automatically classifying video content, to make it better at recognising (and then blocking, or removing) footage of live shooting events. The algorithm in question is a classifier, which learns through a training process. In this case, the ‘training items’ are videos, showing a mixture of real shootings and other miscellaneous events.

The Christchurch Call basically commits tech companies to implementing some form of Internet censorship. The methods adopted so far have been quite heavy-handed: they either involve preventing content being uploaded, or removing content already online, or blocking content in user search queries. Such moves are always closely scrutinised by digital freedom advocates. Companies looking for ways to adhere to the Christchurch pledge are strongly incentivised to find methods that avoid heavy-handed censorship.

Read more

Solar Storms and Cyber-Security

What role would geomagnetic and solar storms have on cyber-security? In 1859, a large solar storm hit Earth – causing the electronics of the day (such as telegraphs) to go haywire. In more recent times (Cold War era, etc.) – atmospheric conditions and solar flares have almost sparked nuclear exchanges. Are current cyber systems shielded adequately from these phenomenon? Are operators able to identify these phenomenon vs. hostile attacks?

I think perhaps one of the earliest examples of cyber-warfare was the intercepted Zimmerman telegram in 1917 – between Germany and Mexico. Are there other examples of pre-internet “cyber” (electric, digital, etc.) warfare that should be considered within these contexts?

The NSA Must Share More Info (with YOU?)

Maybe the NSA is good for something. At least now they are intending to share more information. (With whom?) Here’s another piece in the Washington Post by Joseph Marks, who certainly is following these affairs closely. ]
“New NSA cyber lead says agency must share more info about digital threats,” Sept. 5.

THE KEY

The NSA is the U.S. government’s premier digital spying agency and it has a well-earned reputation for keeping secrets. But the agency needs to stop keeping so many things confidential and classified if it wants to protect the nation from cyberattacks.

That’s the assessment from Anne Neuberger, director of NSA’s first Cybersecurity Directorate, which will launch Oct. 1 and essentially combine the work of many disparate NSA divisions dealing with cybersecurity, including its offensive and defensive operations.

The directorate’s mission is to “prevent and eradicate” foreign hackers from attacking critical U.S. targets including election infrastructure and defense companies, Neuberger said yesterday during her first public address since being named to lead the directorate in July.

Read more

Hybrid Warfare

Excerpt:
“Misinformation poses the most serious risk, says Futter, to “those ICBMs in the US and Russia that only need a few minutes to go.” Simple interference in communications – Unal points to satellites as a potential weak point – could be enough to stop the most important military decisions being made with a cool head. “Keeping weapons on high alert in a cyber environment,” says Futter, “is an enormous risk.”

Beyza Unal recalls the story – related memorably in David E. Hoffman’s Pulitzer-winning investigation of automatic nuclear systems, Dead Hand – of the most cool-headed decisions of the Cold War. The Russian lieutenant-colonel Stanislav Petrov was in charge of the Serpukhov-15 early warning station on the night in September 1983 when the Soviet Union’s satellites, sending data to the country’s most powerful supercomputer, registered a nuclear attack by the US. Despite being warned that five ICBMs were on their way to the USSR, Petrov told the decision-makers above him that the signals were a false alarm. “And he was right,” says Unal. “But a cyberattack could look like that, a spoofing of the system. Some say that humans are the weakest link in cyber issues. I say humans are both the weakest link and the strongest link. It depends on how you train them.””

and

“In the spring of 2013, a Ukrainian army officer called Yaroslav Sherstuk developed an app to speed up the targeting process of the Ukrainian army’s Soviet-era artillery weapons, using an Android phone. The app reduced the time to fire a howitzer from a few minutes to 15 seconds. Distributed on Ukrainian military forums, the app was installed by over 9,000 military personnel.

“By late 2014, however, a new version of the app began circulating. The alternate version contained malware known as X-Agent, a remote access toolkit known to be used by Russian military intelligence. The cyber security firm Crowdstrike, which discovered the malware, said that X-Agent gave its users “access to contacts, SMS, call logs and internet data,” as well as “gross locational data”. In the critical battles in Donetsk and Debaltseve in early 2015, the app could have shown Russian forces where Ukraine’s artillery pieces were, who the soldiers operating them were talking to, and some of what they were saying. It may be, then, that Russia’s concern – Futter describes it as “panic” – about the risks of hybrid warfare is based on the knowledge that it has been used in battle, and it works.”

Canadian Security

I had only learned recently of the CSA(Canadian Security Agency) recently as my education in Information security demanded it. I did search on it and realized the agency’s name might have been miscommunicated or misinterpreted by me…and it was actually the CSE(Communications Security Establishment which I found the website for.

It has a very interesting site (https://www.cse-cst.gc.ca/en/careers-carrieres) which I briefly looked over. The gist of it all is I am happy to know we have such an agency to watch over our national boundaries and protect us from Cyber threats abroad from Russia and China and even some of our friendly neighbors whoever they may be. So many conflicting technical standards produce wide gaping holes in our technical information communication infrastructures not to mention software bugs and malicious virus activity. The average computer user is in a difficult position and has to make use of available protection software to keep themselves safe. That requires an awareness of what products are available and learning how they are used. Products like AVAST, AVGand McAfee are offering now not just antivirus but tool suites to cope with potential computer intrusions. And it seems like new tools are rolled out quickly and I find myself doing searches on browsers that have high security …like epic, brand and the like that don’t track my information. Connection through vpn’s seems to be encouraged but all these things if free usually cost the price of sales pitches and repeated upgrade offers. Choose your tools wisely and guard your IT footprint.

Spreading Political Misinformation

We’d better worry, not only about the military application of Internet skulduggery, but even the inadvertent consequences of its normal use. This research shows that Bolsonaro’s victory in Brazil may be largely caused by the spread of misinformation from YouTube through WhatsApp among Brazil’s poor. So what kind of action can be taken against this?

https://www.nytimes.com/column/the-interpreter/

From Paul Meyer:

ICT4Peace

This is the submission by ICT4Peace, written by Paul Meyer for the UN Open-Ended Working group on Cyber Security, which will begin its work in September. (The UN Office of Disarmament Affairs has now posted it to the official site for the OEWG: https://www.un.org/disarmament/open-ended-working-group/ .)
Here is the submission itself:

1ICT4Peace Submission to theUNOpen Ended Working Group (OEWG)on ICT and International Security

We commend the OEWG’s openness to input from civil society, academia and the private sector and ICT4Peace will look forward to contributing to its work through a sustained dialogue. The 2015 report of theUNGroup of Governmental Experts (GGE) noted that even as ICTs have grown in importance for the international community, “there are disturbing trends that create risks to international peace and security. Effective cooperation amongst states is essential to reduce these risks”. More recently, the Secretary General, in connection with his Agenda for Disarmament, has warned that malicious activity in cyberspace has already been directed at critical infrastructure with serious consequences for international peace and security.

It is incumbent on the international community to work to counter such threats and to ensure the “secure and peaceful ICT environment” that your authorizing resolution (A/RES/73/27) stipulates. The OEWG represents the latest installment of the 20-yearUN endeavour to address developments in ICTs in the context of international security. This effort has yielded some important results, notably the consensus GGE reports of 2010, 2013, 2015. Yet these positive findings have not been adequately reflected in the actual conduct of states in pursuit of a “militarization” of cyberspace. With increasing reports of state-conducted offensive cyber operations including the targeting of critical infrastructure in other countries, promoting adherence in practice to UN identified norms of responsible state behaviour is vital. If the international community is to foster digital human security alongside cybersecurity for states it will need to keep pace with these developments and ideally steer them towards cooperative ends.
2It is our hope and expectation that the OEWG will deliver results that tangibly contribute to conflict prevention and preserve cyberspace as a realm for peaceful purposes. In doing so it will need to build on the accomplishments of the past, while “further developing” these and promoting their implementation. ICT4Peace believes the following norms merit priority attention:

1.Non-targeting of critical infrastructure including devising common understandings as to what constitutes such infrastructure.
Read more

Bugs in the Plane

The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet

By Joseph Marks (From Washington Post‘s The Cybersecurity 202) Aug 14.

And they did it with the Air Force’s blessing.

Read more

Building Ethics, Not Bombs

The Role of Scientists and Engineers in Humanitarian Disarmament

By E. Golding
So is a scientist responsible for the harms caused by the military uses of their discoveries and inventions? How about the medical principle: “Do no harm”?

Read more

Importance of Real-Time Reports and Traceability in Software Testing

In this rather technical article for coders, Somesh Roy discusses the factors that cannot be resolved unless there are good reports kept that can be traced. (Or: How are you going to fix it if you can’t find it?)

https://www.kovair.com/blog/importance-of-real-time-reports-and-traceability-in-testing/?fbclid=IwAR1s9kVGSyRFgf7Mk4p695_iB6ohT-6BAbjxnzu9ZR8ttxlJG3wKNY2lJzE

Software companies rush to get their products to market, buggy or not

Yes, accidents do happen, even to careful people. But careful programmers and their demanding bosses can greatly reduce the bugginess of software. They will do so only when the law holds them responsible for bad results.

Should Trump wage cyber war?

There have been several news stories reporting speculations or insider information that Trump had used a cyberattack against Iran.

They did not seem to get much press coverage and no outrage at all. Whether you like Iran’s government or not, it will pay to think carefully about this kind of quasi-warfare. It if gets to be considered normal, we will have a much harder time putting a stop to it.

The Heading

Select the Videos from Right

We produce several one-hour-long Zoom conversations each week about various aspects of six issues we address. You can watch them live and send a question to the speakers or watch the edited version later here or on our Youtube channel.