CYBER RISKS

ARTICLE

Read Article | Comments

Author: Paul Meyer

Chair, Canadian Pugwash Group | Senior Advisor, ICT4Peace

Cyberspace, the broad term for the system of networked computer systems for which the Internet is the chief embodiment, is a unique, human-created environment. The potential of information and communication technology to benefit humanity is vast and the growth in its use world-wide has been exponential. Today close to four billion people are connected to the Internet and a community of “netizens” has emerged.

Unfortunately, the growth of cyberspace has not been matched by a similar development of global governance for it. Even more worrisome, is the degree to which cyberspace has become “militarized” with states developing capabilities, not only for the defence of their own systems, but also offensive capabilities that threaten damage and destruction to entities beyond their borders. These trends within national security establishments of leading cyber powers have accelerated and the detrimental impact of cyber operations on civilian interests has grown. A narrative of “cyber war” has been espoused by major states, depicting this remarkable product of human ingenuity as just another “war-fighting domain”.

Read more


Video interview with Paul Meyer


Video credit: ICT4Peace Foundation. A longer interview is available on YouTube at https://youtu.be/BveJ3V1ADUo.

VIDEO

Assessing the Risk of Global Threats

Gandhian Sustainable Development Goals

How to Save the World

The World in July 2020

Meet Our Team

International Cooperation

Green Hope

Religion and Peace

The Cyber Impact

A.I. and You

Social Media Risks

Poland in Cyberspace

Internet Challenges

Werbos, Computers and God

Preventing Cyber Threats

Hacking the Bomb

Outer Space

Lethal Autonomous Weapons

Russia, Midsummer 2020

The World in May 2020

TRANSCRIPT

COMMENTS

To Post a Comment

Please wait a few seconds for the comments to load at the bottom of this page. Then read the ideas other people have shared and reply or add your own knowledge. The space for comments is in a pale font. It’s good to give your comment a title by selecting it and clicking the “B” (for “boldface”). And you can italicize passages with the “I”, indent, add hyperlinks (with the chain symbol) or even attach a photo or graphic from your hard drive by clicking the paperclip at the right side of the space. Have fun with it!

66 Comments
Inline Feedbacks
View all comments

Re: The Government’s approach to address harmful content online

Submitted by: Rose A. Dyson Ed.D.

President: Canadians Concerned About Violence In Entertainment

Vice President: World Federalist Movement of Canada: Toronto Branch

Author: MIND ABUSE Media Violence And Its Threat To Democracy (2021)

email: rose,dyson@alumni.utoronto.ca or rdyson@oise.utoronto.ca

Phone: 416-961-0853 or 647-382-4773

Dear Committee Members

Thank you for the opportunity to participate in this discussion on meaningful action to combat hate

speech and other kinds of harmful content online. Public concern about harmful media content has now been with us for several decades and the need to address the problem has gotten increasingly urgent. The five categories identified as hate speech and other kinds of harmful content online, including child sexual exploitation, terrorist activity, content that incites violence, and the non-consensual sharing of intimate images have skyrocketed as communications technologies have evolved.

As far back as 1975 Judy La Marsh, a lawyer, journalist and former member for the Liberal Government of Canada was appointed by the Government of Ontario to chair the Royal Commission on Violence in the Communications Industry. It was empowered to study the effects on society of increasing violence in the media of the day and make appropriate recommendations on measures to be taken by different levels of government, by industry and the public at large. Most of the 80 plus recommendations have never been implemented. Some have been repeated in subsequent studies but still not implemented.

In my doctoral thesis, completed at OISE/UT in 1995, I reviewed the research findings conducted by the La Marsh Commission and other studies done up until that time, subsequent recommendations and evidence or lack thereof regarding implementation. Two books on the subject followed. The first published in 2000 and the second earlier this year. A complimentary copy of either one is available upon request. The latest is titled, MIND ABUSE Media Violence And Its Threat To Democracy, (2021) Over the past 30 years I have watched the problems mushroom with increasing evidence of commercial reliance on themes of sex and violence in media production. In addition we have had fading boundaries between different forms of media. These include news, fiction, advertisements and educational programming, leading to catch phases such as edutainment and infotainment.

Digital technologies and the internet have magnified the problems with policy makers loath to take on the challenge of much needed and overdue regulation, frequently to avoid accusations of censorship. Inadequate distinctions between individual freedom of expression and corporate freedom of enterprise have persisted. Periodic studies funded by industry are released into the public domain countering evidence of harmful effects thus ensuring no interruptions to business as usual. For decades the cultural industries have been given carte blanche to determine what we see, hear and read.

In 1996, along with 250 other scholars and media activists representing over 88 organizations from around the world, I helped the late George Gerbner, an internationally renowned media scholar, launch the Cultural Environment Movement at Webster University in St. Louis. That Convention was preceded by the International Summit on Broadcast Standards attended by Keith Spicer, then chair of the CRTC and other Canadians representing business and non-profits. In his work, Gerbner frequently referred to violence creep in popular culture and other forms of media, including news and advertisements, as the hidden curriculum for a Mean World Syndrome.

My colleague, retired U.S. Lte. Col. David Grossman, a psychologist and Military Expert, has written 5 books on the subject of violent first person shooter video games and the dangers of indiscriminately marketing these games to the youngest most vulnerable people on the planet. In his latest book, Assassination Generation Aggression, Video Games and the Psychology of Killing (2016) he provides chilling detail on how these have led to mass murders and fueled terrorism. Grossman reveals how violent video games have ushered in a new era of mass homicides worldwide. The trends have led to what he calls Acquired Violence Immune Deficiency Syndrome.

The kind of online hate and extremism that led to the January 29, 2017 mass murders at the Centre culturel islamique de Quebec, and on March 15, 2019, in Christchurch, New Zealand, is inherent in the thematic content of numerous video games played by the killers. In both cases news coverage identified evidence of heavy diets of first person shooter video game playing on the part of these perpetrators. This is a pattern that is described over and over again by other researchers among them, Mark Bourrie, author of Martyrdom, Murder and the Lure of Isis, and Megan Condis, author of Gaming Masculinity, Trolls, Fake Geeks, and the Gendered Battle for Online Culture.

What must be recognized is that the Government’s focus on regulating social media and combating harmful content online cannot be confined to “speech only”. Violent forms of fictional entertainment such as video games depict storylines that glorify violence, hatred, anti semitism and sexual exploitation. It would be duplicitous and of marginal value to address the problems involving work place harassment, misogyny and other excesses on the internet but to leave such content in popular culture unaddressed and unregulated. Countless studies over the years have demonstrated that these fictional depictions lead to learned behaviours based on psychological conditioning that result in distorted value systems, a tendency to resort to violence as a conflict resolution strategy, addiction and feelings of victimization, among other harmful effects.

It has also been demonstrated that violent, first person shooter video games provide fertile soil for sowing the seeds of resentment among young vulnerable white males. An “us versus them” mentality is encouraged, helped along by social media algorithms that capitalize on our genetic tendencies to respond quickly to negative themes. It has also been reported that white supremacist groups watch the latest releases of video games that are most amenable to their purposes of recruitment. Some have taken to producing their own.

The work being done by technology experts like the Institute of Electric and Electronic Engineers (IEEE)on a roadmap for 5G and global integration to facilitate the more efficient use of energy must also focuson the nature of energy use. Spokesmen on behalf of the Institute now stress that more efficient use of what is rapidly becoming unsustainable energy demand on the internet is essential and required to reduce both collective and individual carbon footprints. But, clearly, emphasis on discretionary use is also required. Assuming we are put on a war time footing, as advocated by Seth Klein in his book, A Good War: Mobilizing Canada For The Climate Emergency (2021), rationing of internet use will have to be adopted. In December, 2020, Nicholas Kristoff wrote in the New Yor k Times that Pornhub, owned by Mindgeek in Montreal, was the third most visited and influential website on the Internet. It is inconceivable, in a world focused on sustainability and transitioning to clean energy that, on the Internet, harmful excesses are overlooked and excused as essential components to be protected under the umbrella of civil liberties. Surely the expertise in electronic engineering should not be misdirected in the race against time to ensure internet use that fosters social harm.

There are also concerns expressed by health advocates, such as Devra Davis, author of DISCONNECTThe Truth About Cell Phones, What the Industry Has Done To Hide It and How To Protect Your Family(2010), about harmful radiation from digital devices that can cause cancer. In this context it behooves thegovernment to take note of the recent United States Court of Appeals for the District of Columbia Circuitjudgement in favour of environmental health groups. It found the Federal Communications Commission(FCC) in violation of the Administrative Procedures Act for not responding to comments onenvironmental harm. In short, the FCC failed to respond to record evidence that exposure to low levelradiation from digital devices may cause negative health effects

Re: Strategy to combat hate speech and other harms:

We endorse the move to amend the Canadian Human Rights Act to enable the relevant Commission and Tribunal to review and adjudicate hate speech complaints.

* But, over reliance on industry, itself, to monitor social media content, has proven in the past to be an exercise in futility. One minor exception involves the Canadian Broadcast Standards Council which was set up in 1993 by the Canadian Association of Broadcasters to respond to complaints of inappropriate content on radio or television programming. This Council could be expanded or duplicated to monitor online content. However, the Council has always been reactive rather than proactive with no oversight for industry excesses unless complaints arise from the public at large. That needs to change. Allowing the fox to guard the henhouse with no government oversight has never worked.

* Second, definitions of obscenity and sections on child pornography need to be updated and

expanded. Research conducted in the latter part of the last century, demonstrates how all pornography can be addictive. In addition it involves social learning theories that lead to themes of aggression and dominance. These tendencies can trickle down to the most vulnerable targets of exploitation which are children. Before the bill on child pornography, making possession, production and distribution a crime was passed in 1993, considerable attention was paid by the Government’s Standing Committee on Culture and Communications set up at that time. It came out with a number of additional recommendations that were never implemented. One of them was to determine the criminal legislative measures needed to include extremely violent forms of entertainment in the Criminal Code in ways that would conform with the Charter of Rights and Freedoms. See MIND ABUSE Media Violence In An Information Age (Dyson, 2000).

* The objective to authorize the Government to include or exclude categories of online communication service providers from the application of the legislation within certain parameters is important but there must be complete transparency on how this will be done and who will provide expert advice on these parameters. Advice must be sought from health providers and other researchers not beholden to industrial interests.

* Film and video game monitoring of media content for entertainment purposes is now undertaken by provincial classification boards. A national system would be much more efficient. While great care has been taken over the years to ensure gender and racial diversity on most boards the overall tendency has been for them to bend to the will of industry. Criteria on what is age appropriate should involve input from child development experts. This has yet to happen. Indeed, the prevailing standard for most classification boards throughout the developed world has been set by the industry funded and operated, Hollywood based Motion Picture Association of America. That needs to change.

* Legislation should be passed on a national level to ban advertising to children 13 years and under. Such legislation has been in effect in Quebec for over 25 years. From time to time, bills for implementation have been introduced in Canada at the national and provincial levels of government, boards of health and in 2016 even an editorial in Globe and Mail, called for one. Most developed countries have already adopted this kind of legislation, citing various concerns, among them, protecting children from harmful sexual exploitation, violent content, all advertising, the marketing of junk food known to cause physical health problems such as obesity and heart disease and the dangers of exposure to low level radiation from the internet.

* The Committee must not allow itself to be intimidated by industry push back. On January 14, 2019, it was reported in The Globe and Mail, that a proposal from Health Canada to amend the Food and Drug Act by restricting food and beverage marketing to children had hit a familiar snag: industry protests that such regulation was “unrealistic”, “punitive” and “commercially catastrophic”. The huge jump in commercial exploitation of children in recent decades is nothing short of tragic. According to the Harvard Medical School founded, Boston based, Campaign for a Commercial-free Childhood, over $17 billion was spent by the industry in 2006 in the U.S. alone to market products to children, a staggering increase over $100 million spent in 1983. Over $500 billion in purchases annually by that time was estimated to be influenced by children under the age of 12 years. These trends are clearly at odds with efforts focused on reducing consumer driven habits to facilitate future sustainability.

* A very popular solution for dealing with harmful media has always been better vigilance from parents, along with media and digital literacy taught in schools by teachers. Although it is obvious that the problem is too big and pervasive and that better cultural policy is also urgently needed, there is room for improvement in the provision of reliable, fact based educational resources. Over the years there has been increasing evidence of subtle, industry friendly resources creeping into school curriculums on the subject. In 1975, the La Marsh Commission recommended that an Advisory Board of educators, health professionals and parents be established at the Ontario Institute for Studies in Education at the University of Toronto for the provision of public education. I reiterated the recommendation in my doctoral theses completed at the Institute in1995, and again in my two subsequent books on media violence. Nevertheless, it has yet to be established. Better government funding and support is also needed for NGOs, such as Internetsense First, founded by Charlene Doak Gebauer, which now provide urgently needed help to parents and teachers on digital supervision.

* Funding that is independent of industry donors, should be mandatory to ensure accuracy in monitor media violence and other harmful trends on the internet. Important models were established at the Annenberg School of Communication, University of Pennsylvania and Temple University in Philadelphia, by the late George Gerbner. The Cultural Indicators Model, later expanded into the “Fairness” Indicators Model and used by Paquette and de Guise at Laval University in Quebec City in their study Index of Violence in Canadian, Television done in 1994, is one example.

* An Act respecting the mandatory reporting of Internet child pornography by persons who provide an internet service is needed. But it is not clear how this would interface with the Mandatory Reporting Act.

* New legislation requiring regulated entities to monitor harmful content through the use of automated systems based on algorithms would be a useful way to use the new technology for prosocial purposes, given the widespread evidence of how algorithms are currently employed solely for the purposes of financial gain and fostering errant behaviour .

* Now, within universities across Canada and beyond, there is growing emphasis of courses offered in esport involving first-person shooter video games. This is counter productive to advocacy from experts calling for critical thinking skills, media and digital literacy and studies which point to harmful effects. There has also been ample evidence reported in The Globe and Mail, of generous subsidies given to video game industries such as Ubisoft without any regard for the nature or content involved in the productions. Tax breaks and subsidies for harmful video game production and distribution is no more justifiable than breaks for fossil fuel industries in a time of climate crisis. As pointed out by Globe and Mail business reporter Scott Barlow, this poses a moral dilemna (Barlow, October 14, 2017). Furthermore, these must also not be excused or spun by industry pundits as “funding for electronic arts”.

* It is stated that regulated entities would be required to notify law enforcement in instances where there are reasonable grounds to suspect imminent risk of serious harm to any person or property from potentially illegal content falling within the five categories of harmful – terrorist content; that which incites violence; hate speech; non-consensual sharing of intimate images; and child sexual exploitation. But it is stated that there would be no obligation to report such content to law enforcement or CSIS. Why not?

* And why would the threshold for such reporting of potentially terrorist and violent extremist content be lower than that for potentially criminal hate speech?

* The proposed legislation for a new Digital Safety Commission of Canada to support three bodies that would operationalize, oversee and enforce the new regime sounds promising. But who exactly would sit on the final stage of recourse on the Recourse Council? Diverse expertise and membership that is reflective of the Canadian population is essential to avoid having such a Council stacked with former or retired officials sympathetic to the concerns of industry. This would necessitate expertise from the health and social sciences. Transparency in public reporting obligations would also be required.

* An Advisory Board that would provide both the Commissioner and the Recourse Council with expert advice must include more than expertise on emerging industry trends, technologies and content-moderation standards. Who would be expected to provide information on “content- moderation standards”. Like the recommended advisory group for parents and teachers, with funding independent of industry sources and the Recourse Council, such a Board should include social science expertise and input from both physical and mental health experts. Having the Digital Safety Commissioner of Canada mandated to lead and participate in research and programming, convene and collaborate with relevant stakeholders and support regulated entities in reducing the five forms of harmful content will only work if input is not confined to industry related interests. Again, the composition of the Advisory Board must include, along with all the other stakeholders itemized, health expertise.

Re: Compliance and enforcement

* The powers of the Commissioner are necessary and sound reasonable. Re: Modifying Canada’s existing legal framework including the Canadian Security and Intelligence Act (CSIS)

* Centralizing mandatory reporting of online child pornography offences through the RCMP’s National Exploitation Crime Centre to ensure stronger requirements for internet service providers for reporting excesses would help but continuing vigilance to ensure that is happening must be provided. Not requiring judicial authorization in reports to law enforcement is necessary to expedite police response in cases where an offence is clearly evident. The same criteria should be applied to CSIS to ensure more timely access to relevant information that could help mitigate the threat of online violence extremism. For this process to take 4-6 months, as it does now, seriously diminishes their capacity to be effective.

Again, thank you for the opportunity to participate in this timely discussion. If provision is made for appearance via zoom before the committee to submit a statement I would appreciate the opportunity.

References:

Barlow, S. (2017b, October 24) Getting hooked on gaming stocks. The Globe and Mail. P.B6.

Barlow, S. (2017a, October 14) As investing theme video games score big. The Globe and Mail. P.B3.

Bourrie, M. (2016). The Killing Game: Martyrdom, Murder and the Lure of ISIS. Toronto, ON: Harper Collins Canada

Condis, M. (2018) Gaming Masculinity: Trolls, Geeks and the Gendered Battle for Online Culture. Iowa City, IA: University of Iowa Press.

Davis, D. (2010). The TRUTH About Cell Phone RADIATION: What the INDUSTRY has Done to Hide It, and How to PROTECT Your FAMILY. New York: Dutton.

Doak-Gebauer, C. (2019) THE INTERNET:ARE CHILDREN IN CHARGE? Tellwell, Canada.

Dyson, R. A. (2000). MIND ABUSE: Media Violence in an Information Age. Montreal: Black Rose Books.

Dyson, R.A. (2021). MIND ABUSE: Media Violence and its Threat to Democracy. Montreal: Black Rose Books. UT Press, AMAZON

Grossman, D. (2016). ASSASSINATION GENERATION: Video Games, Aggression and the Psychology of Killing. Boston, MA, Little, Brown & Company.

Klein, Seth. (2021). A Good WAR: Mobilizing Canada For The Climate Emergency. Amazon: U.S.

United States Court of Appeals for the District of Columbia. EHT Victorious in Federal Court Case Against FCC on Wireless Radiation Limits. August 14, 2021.

Putin Approves Ratification of CIS Agreement on Cyber Security Cooperation

TASS: Russian News Agency | 1 July 2021

MOSCOW, July 1. /TASS/. Russian President Vladimir Putin signed a bill on ratifying an agreement on cooperation between the Commonwealth of Independent States (CIS) countries in the fight against cyber crimes.
The document was published on the official portal of legal information.
The agreement was inked in September 2018 at the meeting of the CIS Heads of State Council in Dushanbe, Tajikistan. The document is aimed at establishing modern legal mechanisms for practical interaction of Russian competent authorities with colleagues from other CIS countries for effectively preventing, detecting, thwarting, investigating and solving cyber crimes.
This involves cooperation in the exchange of data on impending or committed crimes and persons behind them, responding to the calls for assistance in providing data that can facilitate the investigation as well as coordinated operations.”

Read more

Link: https://tass.com/politics/1309447

Defense Official Testifies About DOD Information Technology, Cybersecurity Efforts

Terri Moon Cronk | DOD News | 30 June 2021

President Joe Biden’s interim National Security Strategic Guidance and Secretary of Defense Lloyd J. Austin III’s priorities drive key areas on the Defense Department’s cloud, software network modernization, cybersecurity work, workforce, command-and-control communications and data, DOD’s acting chief information officer said.

John Sherman told the House Armed Services Committee’s panel on cyber, innovative technologies and information systems that cloud computing is a critical step for the enterprise. “We’ve made cloud computing a fundamental component of our global [information technology] infrastructure and modernization strategy,” he said yesterday. “With battlefield success increasingly reliant on digital capabilities, cloud computing satisfies the warfighters’ requirements for rapid access to data, innovative capabilities, and assured support.”

The DOD remains committed in its drive toward a multi-vendor, multi-cloud ecosystem with its fiscal year 2022 cloud investments, which represent more than 50 different commercial vendors, including commercial cloud service providers and system integrators, he added.
And the DOD’s ability to leverage that technology has matured over the last several years, and it’s driving hard to accelerate the momentum even more in that space, Sherman said.”

Read more

Link: https://www.defense.gov/Explore/News/Article/Article/2678059/defense-official-testifies-about-dod-information-technology-cybersecurity-effor/

House Panel Approves DHS Bill with ‘Historic’ Funding for Cybersecurity

Mariam Baksh | Nextgov | 30 June 2021

“A bill to fund the Department of Homeland Security now heads to the full Appropriations Committee in the House after passing unopposed through the related subcommittee with $2.42 billion for the Cybersecurity and Infrastructure Security Agency.

“As the nature of the threats facing the country changes, the missions and investments of the Department of Homeland Security must quickly adapt and respond. This bill makes historic investments in cyber and infrastructure security,” said Rep. Lucille Roybal-Allard, D-Calif., chairwoman of the Appropriations subcommittee on homeland security.

The bill approved Wednesday—which includes funding to deal with contentious immigration issues and a host of other things such as defending the U.S. against Russian aggression in the Arctic—makes $52.81 billion available to DHS in discretionary funding, $934 million more than for 2021. Roughly a third of that increase—$397.4 went to boosting CISA, DHS’ newest agency.

After the committee released a draft of the bill Tuesday, Rep. Jim Langevin, D-R.I., a member of the Cybersecurity Solarium Commission, thanked Roybal-Allard for CISA’s funding level in the bill, which is also $288 million more than President Joe Biden requested for the agency. 

“If we are going to stop the current wave of ransomware and prevent another SolarWinds-like hack, Congress must step up to the plate and adequately fund CISA,” Langevin said. “I’m thrilled that the Appropriations Committee is allocating $2.42 billion for CISA, our nation’s premier cybersecurity agency, in line with the Solarium Commission’s recommendation. For months, I’ve been calling for Congress to allot more resources for CISA, and I’m so grateful to Chairwoman Roybal-Allard for her abiding commitment to shoring up our nation’s cyber defenses.”

Read more

Link: https://www.nextgov.com/cybersecurity/2021/06/house-panel-approves-dhs-bill-historic-funding-cybersecurity/182690/

ASEAN Cyber Challenge in the Spotlight With New Center

Prashanth Parameswaran | The Diplomat | 30 June 2021

“One of the items of note to have come out of the recently concluded virtual ASEAN Defense Ministers Meeting (ADMM) on June 15 was the formalization of a cyber center of excellence based in Singapore. While the development itself was not surprising, it nonetheless spotlighted the continued significance of cyber security as a defense issue of importance for Southeast Asian states, as well as some of their key partners.
Cybersecurity has been an increasing focus for Southeast Asian states as well as ASEAN as a grouping in the context of the region’s attempts to balance the opportunities afforded by the digital economy with the challenges posed by the increasing sophistication of cyber threats in an increasingly networked world and their links to other challenges such as terrorism.
Specifically, these issues have been recently addressed by the ADMM, widely characterized as the premier defense institution within ASEAN. Recent years have seen the institutionalization of a new ADMM-Plus cyber security working group in 2016 and the establishment of new bodies like the ASEAN-Japan Cybersecurity Capacity Building Center, which was announced during Thailand’s 2019 ASEAN chairmanship.”

Read more

Link: https://thediplomat.com/2021/06/asean-cyber-challenge-in-the-spotlight-with-new-center/

UK Cyber Security Council Launches Opening Initiatives

James Coker | Infosecurity | 30 June 2021

“The UK Cyber Security Council has launched its first two initiatives as part of its remit to boost professional standards in the cyber industry.
The council, which started work as an independent body on March 31 2021, has invited 16 members of the Cyber Security Alliance to apply for a role in determining the terms of reference for two new committees: a Professional Standards & Ethics Committee and a Qualifications & Careers Committee. The Cyber Security Alliance is a group of organizations that the UK government established in 2019, from which the council was set up.
The two new committees will be involved in helping ensure a common set of standards are adopted throughout education and training interventions related to cybersecurity. This represents the first stage to provide a focal point through which industry and the professional landscape can advise, shape and inform national policy on cybersecurity professional standards.”

Read more

Link: https://www.infosecurity-magazine.com/news/uk-cyber-security-council-opening/

Incremental Progress or Circular Motion? – The UN Group of Governmental Experts (UNGGE) Report 2021

Making progress on complex issues in a forum like the United Nations with 193 state parties and a consensus decision-makingOne of the most difficult problems that the GGEs faced was the question of how the conduct of states in cyberspace related to international law, including international humanitarian law. A major accomplishment of the 2013 GGE was the affirmation that international law, including the UN Charter, applied to cyberspace. It was soon apparent however that this affirmation had not resolved underlying differences over the interpretation of how international law applied to the cyber conduct of states, particularly in the context of international security. Disagreement over this question had been the proximate reason for the failure of the previous GGE to reach a consensus outcome in 2017. The place of international humanitarian law (aka the law of armed conflict) in this new realm of military operations was especially contentious. Some states sought a confirmation that international humanitarian law would cover state cyber operations, whereas others resisted the notion arguing that this could sanction treating cyberspace as a legitimate domain for armed conflict., if the progress achieved appears more of a circular than linear nature.

This situation is evident in the final report of the UN Group of Governmental Experts (GGE) on “Advancing responsible State behaviour in cyberspace in the context of international security” adopted at the group’s fourth and final meeting May 28, 2021.i The GGE which operated in the 2019-2021 timeframe with 25 nationally appointed “experts” was the most recent in a series of six such GGEs that have been organized by the UN since the turn of the century.ii Two of these (2003-2004 and 2016-2017) failed to achieve consensus and didn’t produce a substantive report. Four were able to agree on consensus reports in 2010, 2013, 2015 and the most recent in 2021. The chief aim of all these GGEs was to develop “norms of responsible state behaviour in cyberspace” as part of the effort to determine how the potent technology of the Internet and related computer networks could be managed in light of the UN’s goal of maintaining international peace and security.

This dispute surfaced in the proceedings of the UN Open-Ended Working Group (OEWG) on “Developments in the field of Information and Telecommunication in the context of International Security” which ran in parallel with the GGE in the 2019-2021 timeframe and was able to arrive at a consensus report at its final meeting in March 2021.iii This result was only achieved by dividing the report into two sections: a section that had consensus approval and a “Chairman’s Summary” which contained elements that were not able to command consensus agreement and had to be issued in a non-binding manner under the Chairman’s own authority. The international humanitarian law issue fell victim to this cut being relegated to the Chairman’s Summary despite the support of many states and an energetic plea by the International Committee of the Red Cross to preserve a positive reference to it in the main report. The ICRC argued that acknowledging that international humanitarian law would apply to an armed conflict occurring in cyberspace should in no way be construed as condoning the militarization of cyberspace or legitimizing cyber warfare. In the event this construction was not sufficient to persuade skeptical states to accept the ICRC’s proposed text in the consensus report.

The fate of this issue in the OEWG is relevant to that of the GGE as observers had hoped that the latter forum (operating under a very similar mandate to that of the OEWG) might be able to provide “value added” to the OEWG proceedings by clarifying this crucial relationship between state conduct and international law. Part of this hope rested on the smaller grouping of the GGE and its more private deliberations. While the issue was addressed in the GGE report it was not resolved. Essentially the question was kicked down the road by the GGE. The key sentence reads: “The Group recognized the need for further study on how and when these principles [IHL] apply to the use of ICTs by States and underscored that recalling these principles by no means legitimizes or encourages conflict”. iv As much in the way of offensive cyber operations conducted by states, which the GGE refers to as “malicious activity”, happens below the threshold of armed conflict the international community is not really any further along in its understanding of what legal constraints apply to these operations. 

This gap is all the more worrisome when one considers the major growth in damaging and disruptive offensive cyber operations carried out by states and/or non-state actors in the past couple of years that the GGE and the OEWG have been functioning. This increased level of threat is acknowledged by the GGE at several points in its report: “Incidents involving the malicious use of ICTs by States and non-state actors have increased in scope, scale, severity and sophistication”; “The Group underlines the assessment of the 2015 [GGE] report that a number of States are developing ICT capabilities for military purposes and that the use of ICTs in future conflicts between States is becoming more likely”; “The Group notes a worrying increase in States’ malicious use of ICT-enabled covert information campaigns to influence the processes, systems and overall stability of States.”; “Harmful ICT activity against critical infrastructure that provides services domestically, regionally or globally…have become increasingly serious.”; “The COVID-19 pandemic has demonstrated the risks and consequences of malicious ICT activities that seek to exploit vulnerabilities in times when our societies are under enormous strain”; “New and emerging technologies expand the attack surface, creating new vectors and vulnerabilities that can be exploited for malicious ICT activity”. After such a litany of rising threats the Group’s conclusion that “Such activity can pose a significant risk to international security and stability, economic and social development, as well as the safety and well-being of individuals” comes across as understated and anticlimactic.

In the face of these burgeoning threats what defences has the GGE to offer? It basically can only revert to the eleven norms of responsible state behaviour agreed as part of the 2015 GGE. A rather limp injunction is directed at those responsible: “States are called upon to avoid and refrain from the use of ICTs not in line with the norms of responsible state behaviour”. vi The impression left in reviewing the chief body of the report, which consists of reproducing the 11 norms of the 2015 GGE with some annotation, is that matters have not progressed much beyond the norms agreed six years ago. While the GGE claims that it has “developed additional layers of understanding to these norms” these layers seem rather thin and even threadbare. Frequently, the report simply offers up a tentative recommendation for states to consider further action in realizing the normative goals. For example, in a section on the issue of attribution, the report “…recommends that future work at the UN could also consider how to foster common understandings and exchanges of practice on attribution”.vii The task is passed on to some unspecified body at some indeterminate future point in time.

Similarly, in a section devoted to cooperation to counter terrorist or criminal use, the report’s advice is that “States may need to consider whether new measures need to be developed in this respect”. viii The report notes the utility of common templates to facilitate requests for assistance and the response to them, but then merely states: “Such templates could be developed at the bilateral, multilateral or regional level”ix. On the sensitive issue of vulnerability disclosures (and the unmentioned black market in “zero-day” cyber exploits in which government buyers have driven prices up exponentially) the report again manages only a convoluted and theoretical response: “At the national, regional and international level, States could consider putting in place impartial legal frameworks, policies and programmes to guide decision making on the handling of ICT vulnerabilities and curb their commercial distribution as a means of protecting against misuse that may pose a risk to international peace and security or human rights and fundamental freedoms”.x Too often the report’s recommendations have a diffuse, aspirational quality of the “somebody might consider doing something about this at some point” variety.

The GGE like the OEWG before it, gives only a brief, ritual nod to the contribution that other stakeholders (“the private sector, civil society, and the technical community”) could make to inter-state dialogues.xi The GGE in its consideration of the existing norms also fails to recognize the positive role that accountability mechanisms for implementation could play in incentivizing states to align their cyber practices with the “norms of responsible behaviour” they have endorsed. As with the OEWG, the GGE has not really advanced tangible action to curb malicious cyber activity. Regrettably, the GGE efforts seem to have yielded more circular motion than real progress. Translating the 2015 norms from the status of declaration to one of implementation remains, six years after they were agreed, largely unfinished business for the UN. 

Link: https://ict4peace.org/wp-content/uploads/2021/06/GGECyber2021Circular-Motionf.pdf

Cyberattacks Grind Hanford Nuclear Energy Workers’ Benefit Program to a Halt
Patrick Malone | The Seattle Times | 10 May 2021

“Cyber attacks on the U.S. government have abruptly paused processing of benefit applications for workers who were sickened while working on nuclear weapons programs at Hanford and other Department of Energy sites, delaying aid to some dying workers, according to advocates.
Without warning, advocates from the Alliance of Nuclear Workers Advocacy Group received notice late last Friday that effective Monday, a vital component of the Energy Employees Occupational Illness Compensation Program would be offline for two to four months.
The Radiation Dose Reconstruction Program databases’ sudden hiatus could delay approval of new benefits for groups of workers who believe they’ve been exposed to workplace hazards.
Among them are more than 550 workers from Hanford, a mothballed plutonium processing site in Richland, who were potentially exposed to radiation and toxins when they were provided leaky respirators, according to a Seattle Times investigation last year.
Those workers are seeking inclusion in the federal benefits program administered by the Department of Labor. The National Institute of Occupational Safety and Health plays an instrumental role in determining eligibility.”

Read more

Link: https://www.seattletimes.com/seattle-news/times-watchdog/cyberattacks-grind-hanford-nuclear-energy-workers-benefit-program-to-a-halt/

Defense is a whole lot harder than offense in this game. And if you catch the hackers, what are the penalties? The heaviest weapon would be economic sanctions against another country, if you could prove that the hackers were government agents. And how far have economic sanctions worked in other cases? Not an impressive record of success. The Russians offered to negotiate treaties a while back but nobody took up their offer. It’s easy to understand why not, but look where things are headed now!

The Cybersecurity 202: A Group of Industry, Government and Cyber Experts have a Big Plan to Disrupt the Ransomware Crisis
Tonya Riley with Aaron Schaffer | The Washington Post | 29 April 2021

“A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom. 

The group, which issued a report today, says swift, coordinated action can disrupt and deter the growing threat of cyberattacks that use ransomware, a malicious software that locks up computer systems so that criminals can demand ransom in exchange for access.

“We’re seeing critical parts of the economy being hit by ransomware, including, for example, health care in particular,” says task force co-chair Megan Stifel, executive director of Americas at the Global Cyber Alliance. “When you start to see a broad scale of victims across multiple elements of the economy being hit there can ultimately, if not abated, be catastrophic consequences.”

Read more

Link: https://www.washingtonpost.com/politics/2021/04/29/cybersecurity-202-group-industry-government-cyber-experts-have-big-plan-disrupt-ransomware-crisis/

U.S. Nuclear Modernization: Security & Policy Implications of Integrating Digital Technology

8 December 2020 | NTI

“An expansive, complex undertaking to modernize the United States’ nuclear bombs and warheads, their delivery systems, and the command, control, and communications infrastructure around them is underway. It is a project that carries the potential for great benefits through an increase in digital systems and automation, as well as the addition of machine learning tools into the U.S. nuclear triad and the supporting nuclear weapons complex. But it also is one that carries significant risks, including some that are not fully understood. If it does not take the time to protect the new systems integrated with some of the deadliest weapons on earth from cyberattack, the U.S. government will be dangerously outpaced in its ability to deter aggressors.”

Given the stakes, why take on new risks at all? The reason to integrate digital technologies into U.S. nuclear weapons systems is clear: this is the first significant upgrade of U.S. nuclear weapons systems in nearly 40 years, and the old systems need replacing. The most efficient way to update the full nuclear triad of bombers, submarines, and ground-based missiles, as well as the bombs, warheads, and command, control, and communications network, is to use today’s technology, including digital tools. From digital displays on bomber aircraft to advanced early-warning sensors and machine-learning-enabled nuclear options planning tools, this U.S. nuclear weapons recapitalization, like past modernizations, will be a product of its time.Read more

Link: https://www.nti.org/analysis/reports/nti-modernization-report-2020

This writer actually tells us that we will be better off with all these improvements in nuclear weapons. What a horrible thought! Just get rid of them, stupid.

Why were they issued leaky respirators? For Covid treatment or because they have to stop breathing regular air when they are in a particularly dangerous area? This article mentions aid to dying workers. Are people still dying from jobs they performed decades ago or what?

Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks

By Alex Stamos, Washington Post, Dec. 15, 2020

Alex Stamos is the director of the Stanford Internet Observatory and the former chief information security officer of Yahoo and Facebook.
The details are still trickling in, but it seems possible that the latest Russian cyberattacks against the Departments of Homeland Security, Treasury and State; the National Institutes of Health; and possibly dozens of companies and departments will turn out to be one of the most important hacking campaigns in history.

The current reporting suggests that the Russian Foreign Intelligence Service (SVR), long considered Russia’s most advanced intelligence agency in cyber operations, managed to compromise the servers of an important vendor of information technology software and implant a back door. This company, SolarWinds, services tens of thousands of corporate and government clients, and its products naturally have access to critical systems. Since March, we’ve now learned, the SVR has been able to use this toehold to jump into the networks of a variety of highly sensitive organizations. I expect the true impact of the overall campaign won’t be known for months or years as thousands of companies scramble to determine whether they were breached and what was stolen.
While we don’t have all the details, it is already clear that something is wrong with how our country protects itself against the hackers working for our adversaries in Russia, China, Iran and North Korea. As the Biden administration puts together its plan to secure the United States against these kinds of attacks, and Congress considers how to update the existing bipartisan cybersecurity consensus, I offer three initial fixes.

First, we need to build a cyberspace equivalent of the National Transportation Safety Board. Such an agency would track attacks, conduct investigations into the root causes of vulnerabilities and issue recommendations on how to prevent them in the future. As things stand now, our only public account of this latest attack will come from the class-action lawsuits filed by lawyers acting on behalf of affected companies and shareholders. When I worked for Yahoo, I saw myself what happened after the company was attacked by the Russians. Legal teams produced dozens of depositions and reviewed hundreds of thousands of documents; then they collected their million-dollar payouts, and that was that. No public documentation resulted; no useful lessons were learned.

We should create a mechanism to handle cyberattacks the same way we react to serious failures in other complex industries; the NTSB offers a useful model. While voluntary transparency from technology companies such as FireEye has been helpful, it won’t provide the kinds of detailed reporting across dozens of victims that will enable other security teams to learn from this attack and thereby make the SVR’s job a bit harder.
And while we’re at it, let’s make sure Congress passes a federal data breach law that covers the thousands of secret breaches that occur every year but aren’t publicly discussed. Such attacks have included attempts to acquire critical vaccine datarocket designs or trade secrets. But there’s no law requiring that they be disclosed unless they include the credit card numbers, email addresses and other bits of personal information covered by state breach laws. Our society can’t respond to the overall risk as long as we’re discussing only a fraction of the significant security failures.

Second, Congress and the new administration can work together to put defensive cybersecurity on the same level as offensive cyber operations and intelligence gathering. The Cybersecurity and Infrastructure Security Agency (CISA) was created only two years ago to coordinate defending both the public and private sectors. While CISA quickly established itself under director Chris Krebs, who was fired by President Trump for his truthful statements regarding election security, the size and technical competence of the agency does not yet match up to that of its offensive cousins.

CISA has about 2,200 employees spread across its cyber and infrastructure responsibilities. By comparison, the National Security Agency, only one of 17 members of the U.S. intelligence community, has more than 40,000. Patching routers at the Interior Department isn’t as sexy as destroying Iranian centrifuges or reading the correspondence of the Chinese Communist Party, but it is certainly just as important when you consider that the United States has the largest, most technologically advanced, and therefore most vulnerable, economy in the world.

Third, the Biden administration can appoint individuals with practical, hands-on defensive experience to key roles in the White House and critical agencies. Official Washington has long disrespected cybersecurity expertise in a way that would be unthinkable in other complex professions. The Senate would never confirm a malpractice attorney to be a surgeon general, and the president would never ask a Judge Advocate General Corps officer to serve as chairman of the Joint Chiefs of Staff.
But this, in effect, is just how Washington has treated cybersecurity — as something best understood by the lawyers who prosecute cybercrime and defend breached companies. This isn’t to dismiss the contributions made by members of the legal profession; there are many smart, dedicated lawyers working in the cybersecurity field. Even so, the Biden cybersecurity team should include the voices of people who have real experience preventing, detecting and responding to crises like the one our country is facing today. It’s long overdue that we started treating cyberthreats with the seriousness they deserve.

Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace

19 October 2020 | Department of Justice, United States of America | https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and

“On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort. 

Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics. The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

Read more

“Democrats Push for More Transparency about Russian Election Interference”

By Joseph Marks

“Top Democrats are slamming the Trump administration for not sharing enough information with the public about Russian efforts to interfere in November’s election.”

“While intelligence officials have warned that U.S. adversaries are trying to hack into political campaigns and election systems – and cited Russia, China and Iran as the biggest threats — House Speaker Nancy Pelosi (D-Calif.) and Senate Minority Leader Chuck Schumer (D-N.Y.) say that’s not enough to help voters gird themselves against social media disinformation or the sort of hacking and leaking campaign that upended Hillary Clinton’s campaign in 2016.”

Read more

comment image

Beware Chinese Drones- They Might Be Spying on Us!

By: Joseph Marks

“Researchers are warning about cybersecurity vulnerabilities in an Android app that powers a popular Chinese-made drone they say could help the Chinese government scoop up reams of information. 
The accusation comes amid a diplomatic clash between Washington and Beijing over everything from trade to the search for a coronavirus vaccine and it’s sure to worsen U.S. distrust of a broad range of consumer technology.”

Read more

Clueless governments

With such fast-paced technological advancement, how will governments keep up with policies that protect its citizens?

We need more government regulation on software controlled components…

If they sell it, they should be responsible for making it work

We should hold all conglomerates responsible for their faulty technology! Since they’re selling us these products, they have to ensure our safety as the consumer!

Why Our Nuclear Weapons Can Be Hacked

By Bruce G. Blair
New York Times, 14 March 2017

Article Excerpt(s):

“It is tempting for the United States to exploit its superiority in cyberwarfare to hobble the nuclear forces of North Korea or other opponents. As a new form of missile defense, cyberwarfare seems to offer the possibility of preventing nuclear strikes without the firing of a single nuclear warhead.

But as with many things involving nuclear weaponry, escalation of this strategy has a downside: United States forces are also vulnerable to such attacks.

Imagine the panic if we had suddenly learned during the Cold War that a bulwark of America’s nuclear deterrence could not even get off the ground because of an exploitable deficiency in its control network.

We had such an Achilles’ heel not so long ago. Minuteman missiles were vulnerable to a disabling cyberattack, and no one realized it for many years. If not for a curious and persistent President Barack Obama, it might never have been discovered and rectified.

In 2010, 50 nuclear-armed Minuteman missiles sitting in underground silos in Wyoming mysteriously disappeared from their launching crews’ monitors for nearly an hour. The crews could not have fired the missiles on presidential orders or discerned whether an enemy was trying to launch them. Was this a technical malfunction or was it something sinister? Had a hacker discovered an electronic back door to cut the links? For all the crews knew, someone had put all 50 missiles into countdown to launch. The missiles were designed to fire instantly as soon as they received a short stream of computer code, and they are indifferent about the code’s source.

It was a harrowing scene, and apprehension rippled all the way to the White House. Hackers were constantly bombarding our nuclear networks, and it was considered possible that they had breached the firewalls. The Air Force quickly determined that an improperly installed circuit card in an underground computer was responsible for the lockout, and the problem was fixed.

But President Obama was not satisfied and ordered investigators to continue to look for similar vulnerabilities. Sure enough, they turned up deficiencies, according to officials involved in the investigation.

Read more

Censored Contagion: How Information on the Coronavirus is Managed on Chinese Social Media

By Lotus Ruan, Jeffrey Knockel, and Masashi Crete-Nishihata
The Citizen Lab (University of Toronto), 3 March 2020

Article Excerpt(s): From the Key Findings Section:

1) “YY, a live-streaming platform in China, began to censor keywords related to the coronavirus outbreak on December 31, 2019, a day after doctors (including the late Dr. Li Wenliang) tried to warn the public about the then unknown virus.

2) WeChat broadly censored coronavirus-related content (including critical and neutral information) and expanded the scope of censorship in February 2020. Censored content included criticism of government, rumours and speculative information on the epidemic, references to Dr. Li Wenliang, and neutral references to Chinese government efforts on handling the outbreak that had been reported on state media.

3) Many of the censorship rules are broad and effectively block messages that include names for the virus or sources for information about it. Such rules may restrict vital communication related to disease information and prevention.”

From the Article Itself:

(Regarding one of the methods of censorship):

“YY censors keywords client-side meaning that all of the rules to perform censorship are found inside of the application. YY has a built-in list of keywords that it uses to perform checks to determine if any of these keywords are present in a chat message before a message is sent. If a message contains a keyword from the list, then the message is not sent. The application downloads an updated keyword list each time it is run, which means the lists can change over time.

WeChat censors content server-side meaning that all the rules to perform censorship are on a remote server. When a message is sent from one WeChat user to another, it passes through a server managed by Tencent (WeChat’s parent company) that detects if the message includes blacklisted keywords before a message is sent to the recipient. Documenting censorship on a system with a server-side implementation requires devising a sample of keywords to test, running those keywords through the app, and recording the results. In previous work, we developed an automated system for testing content on WeChat to determine if it is censored.”

[…]

“On December 31, 2019, a day after Dr. Li Wenliang and seven others warned of the COVID-19 outbreak in WeChat groups, YY added 45 keywords to its blacklist, all of which made references to the then unknown virus that displayed symptoms similar to SARS (the deadly Severe Acute Respiratory Syndrome epidemic that started in southern China and spread globally in 2003).

Among the 45 censored keywords related to the COVID-19 outbreak, 40 are in simplified Chinese and five in traditional Chinese. These keywords include factual descriptions of the flu-like pneumonia disease, references to the name of the location considered as the source of the novel virus, local government agencies in Wuhan, and discussions of the similarity between the outbreak in Wuhan and SARS. Many of these keywords such as “沙士变异” (SARS variation) are very broad and effectively block general references to the virus.”

Read more

Six Reasons the Kremlin Spreads Disinformation About the Coronavirus [Analysis]

By Jakob Kalenský
Digital Forensic Research Lab (Atlantic Council), 24 March 2020

Article Excerpt(s):

“A recent internal report published by the European Union’s diplomatic service revealed that pro-Kremlin media have mounted a “significant disinformation campaign” about the COVID-19 pandemic aimed at Europe. Previous statements by Western officials, including acting U.S. Assistant Secretary of State for Europe and Eurasia Philip Reeker, warning of the campaign suggested that its contours were already visible by the end of February 2020.
The Kremlin’s long-term strategic goal in the information sphere is enduring and stable: undermining Western unity while strengthening Kremlin influence. Pro-Kremlin information operations employ six complementary tactics to achieve that goal, and the ongoing disinformation campaign on COVID-19 is no exception.

1. Spread anti-US, anti-Western, and anti-NATO messages to weaken them

Russian media started spreading false accusations that COVID-19 was a biological weapon manufactured by the United States in late January. The claim has appeared in other languages since then. This messaging is in line with decades of Soviet and Russian propaganda that has been fabricating stories about various diseases allegedly being a U.S. creation at least since 1949.
Read more

Cyberattacks on Our Wastewater?

I saw a video by Vice News about the vulnerability of water and wastewater (sewage) treatment plants. Apparently many of the systems are being digitized and monitored remotely. As such, they become increasingly vulnerable to cyberattacks. The video focused on some research in Israel around protecting these vital infrastructure locations and demonstrated how easy it is to hack the system. Alarming news to watch. What other infrastructure is vulnerable to cyber security threats?

Keeping your medical secrets

Wearable technology covers a broad area of devices. With its use becoming more common in the healthcare sector, the issue concerning privacy becomes more crucial. New devices can help physicians monitor patients’ vital signs; sleep patterns and heart rhythms remotely transforming the face of medicine as we know it. These developments in technology will help detect early signs of diseases and aid in diagnosing medical conditions. Essentially these devices are mini computers that send and receive data which can be used for further analysis.

This is a company that delivers iOT solutions…it might be worth investing in…
https://www.st.com/content/st_com/en.html

Getting ahead of the Christchurch Call

By Alistair Knott, Newsroom, Oct 20, 2019
https://www.newsroom.co.nz/2019/10/10/850847/getting-ahead-of-the-christchurch-call

Instead of using what amounts to censorship, tech companies signed up to the Christchurch Call would be wise to adopt a more preventative tactic, writes the University of Otago’s Alistair Knott:

We have heard a lot recently from the world’s tech giants about what they are doing to implement the pledge they signed up to in the Christchurch Call. But one recent announcement may signal a particularly interesting development. As reported in the New Zealand Herald, the world’s social media giants ‘agreed to join forces to research how their business models can lead to radicalisation’. This marks an interesting change from a reactive approach to online extremism, to a preventative approach.

Until now, the tech companies’ focus has been on improving their methods for identifying video footage of terrorist attacks when it is uploaded, or as soon as possible afterwards. To this end, Facebook has improved its AI algorithm for automatically classifying video content, to make it better at recognising (and then blocking, or removing) footage of live shooting events. The algorithm in question is a classifier, which learns through a training process. In this case, the ‘training items’ are videos, showing a mixture of real shootings and other miscellaneous events.

The Christchurch Call basically commits tech companies to implementing some form of Internet censorship. The methods adopted so far have been quite heavy-handed: they either involve preventing content being uploaded, or removing content already online, or blocking content in user search queries. Such moves are always closely scrutinised by digital freedom advocates. Companies looking for ways to adhere to the Christchurch pledge are strongly incentivised to find methods that avoid heavy-handed censorship.

Read more

Solar Storms and Cyber-Security

What role would geomagnetic and solar storms have on cyber-security? In 1859, a large solar storm hit Earth – causing the electronics of the day (such as telegraphs) to go haywire. In more recent times (Cold War era, etc.) – atmospheric conditions and solar flares have almost sparked nuclear exchanges. Are current cyber systems shielded adequately from these phenomenon? Are operators able to identify these phenomenon vs. hostile attacks?

I think perhaps one of the earliest examples of cyber-warfare was the intercepted Zimmerman telegram in 1917 – between Germany and Mexico. Are there other examples of pre-internet “cyber” (electric, digital, etc.) warfare that should be considered within these contexts?

The NSA Must Share More Info (with YOU?)

Maybe the NSA is good for something. At least now they are intending to share more information. (With whom?) Here’s another piece in the Washington Post by Joseph Marks, who certainly is following these affairs closely. ]
“New NSA cyber lead says agency must share more info about digital threats,” Sept. 5.

THE KEY

The NSA is the U.S. government’s premier digital spying agency and it has a well-earned reputation for keeping secrets. But the agency needs to stop keeping so many things confidential and classified if it wants to protect the nation from cyberattacks.

That’s the assessment from Anne Neuberger, director of NSA’s first Cybersecurity Directorate, which will launch Oct. 1 and essentially combine the work of many disparate NSA divisions dealing with cybersecurity, including its offensive and defensive operations.

The directorate’s mission is to “prevent and eradicate” foreign hackers from attacking critical U.S. targets including election infrastructure and defense companies, Neuberger said yesterday during her first public address since being named to lead the directorate in July.

Read more

Hybrid Warfare

Excerpt:
“Misinformation poses the most serious risk, says Futter, to “those ICBMs in the US and Russia that only need a few minutes to go.” Simple interference in communications – Unal points to satellites as a potential weak point – could be enough to stop the most important military decisions being made with a cool head. “Keeping weapons on high alert in a cyber environment,” says Futter, “is an enormous risk.”

Beyza Unal recalls the story – related memorably in David E. Hoffman’s Pulitzer-winning investigation of automatic nuclear systems, Dead Hand – of the most cool-headed decisions of the Cold War. The Russian lieutenant-colonel Stanislav Petrov was in charge of the Serpukhov-15 early warning station on the night in September 1983 when the Soviet Union’s satellites, sending data to the country’s most powerful supercomputer, registered a nuclear attack by the US. Despite being warned that five ICBMs were on their way to the USSR, Petrov told the decision-makers above him that the signals were a false alarm. “And he was right,” says Unal. “But a cyberattack could look like that, a spoofing of the system. Some say that humans are the weakest link in cyber issues. I say humans are both the weakest link and the strongest link. It depends on how you train them.””

and

“In the spring of 2013, a Ukrainian army officer called Yaroslav Sherstuk developed an app to speed up the targeting process of the Ukrainian army’s Soviet-era artillery weapons, using an Android phone. The app reduced the time to fire a howitzer from a few minutes to 15 seconds. Distributed on Ukrainian military forums, the app was installed by over 9,000 military personnel.

“By late 2014, however, a new version of the app began circulating. The alternate version contained malware known as X-Agent, a remote access toolkit known to be used by Russian military intelligence. The cyber security firm Crowdstrike, which discovered the malware, said that X-Agent gave its users “access to contacts, SMS, call logs and internet data,” as well as “gross locational data”. In the critical battles in Donetsk and Debaltseve in early 2015, the app could have shown Russian forces where Ukraine’s artillery pieces were, who the soldiers operating them were talking to, and some of what they were saying. It may be, then, that Russia’s concern – Futter describes it as “panic” – about the risks of hybrid warfare is based on the knowledge that it has been used in battle, and it works.”

Canadian Security

I had only learned recently of the CSA(Canadian Security Agency) recently as my education in Information security demanded it. I did search on it and realized the agency’s name might have been miscommunicated or misinterpreted by me…and it was actually the CSE(Communications Security Establishment which I found the website for.

It has a very interesting site (https://www.cse-cst.gc.ca/en/careers-carrieres) which I briefly looked over. The gist of it all is I am happy to know we have such an agency to watch over our national boundaries and protect us from Cyber threats abroad from Russia and China and even some of our friendly neighbors whoever they may be. So many conflicting technical standards produce wide gaping holes in our technical information communication infrastructures not to mention software bugs and malicious virus activity. The average computer user is in a difficult position and has to make use of available protection software to keep themselves safe. That requires an awareness of what products are available and learning how they are used. Products like AVAST, AVGand McAfee are offering now not just antivirus but tool suites to cope with potential computer intrusions. And it seems like new tools are rolled out quickly and I find myself doing searches on browsers that have high security …like epic, brand and the like that don’t track my information. Connection through vpn’s seems to be encouraged but all these things if free usually cost the price of sales pitches and repeated upgrade offers. Choose your tools wisely and guard your IT footprint.

Spreading Political Misinformation

We’d better worry, not only about the military application of Internet skulduggery, but even the inadvertent consequences of its normal use. This research shows that Bolsonaro’s victory in Brazil may be largely caused by the spread of misinformation from YouTube through WhatsApp among Brazil’s poor. So what kind of action can be taken against this?

https://www.nytimes.com/column/the-interpreter/

From Paul Meyer:

ICT4Peace

This is the submission by ICT4Peace, written by Paul Meyer for the UN Open-Ended Working group on Cyber Security, which will begin its work in September. (The UN Office of Disarmament Affairs has now posted it to the official site for the OEWG: https://www.un.org/disarmament/open-ended-working-group/ .)
Here is the submission itself:

1ICT4Peace Submission to theUNOpen Ended Working Group (OEWG)on ICT and International Security

We commend the OEWG’s openness to input from civil society, academia and the private sector and ICT4Peace will look forward to contributing to its work through a sustained dialogue. The 2015 report of theUNGroup of Governmental Experts (GGE) noted that even as ICTs have grown in importance for the international community, “there are disturbing trends that create risks to international peace and security. Effective cooperation amongst states is essential to reduce these risks”. More recently, the Secretary General, in connection with his Agenda for Disarmament, has warned that malicious activity in cyberspace has already been directed at critical infrastructure with serious consequences for international peace and security.

It is incumbent on the international community to work to counter such threats and to ensure the “secure and peaceful ICT environment” that your authorizing resolution (A/RES/73/27) stipulates. The OEWG represents the latest installment of the 20-yearUN endeavour to address developments in ICTs in the context of international security. This effort has yielded some important results, notably the consensus GGE reports of 2010, 2013, 2015. Yet these positive findings have not been adequately reflected in the actual conduct of states in pursuit of a “militarization” of cyberspace. With increasing reports of state-conducted offensive cyber operations including the targeting of critical infrastructure in other countries, promoting adherence in practice to UN identified norms of responsible state behaviour is vital. If the international community is to foster digital human security alongside cybersecurity for states it will need to keep pace with these developments and ideally steer them towards cooperative ends.
2It is our hope and expectation that the OEWG will deliver results that tangibly contribute to conflict prevention and preserve cyberspace as a realm for peaceful purposes. In doing so it will need to build on the accomplishments of the past, while “further developing” these and promoting their implementation. ICT4Peace believes the following norms merit priority attention:

1.Non-targeting of critical infrastructure including devising common understandings as to what constitutes such infrastructure.
Read more

Bugs in the Plane

The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet

By Joseph Marks (From Washington Post‘s The Cybersecurity 202) Aug 14.

And they did it with the Air Force’s blessing.

Read more

Building Ethics, Not Bombs

The Role of Scientists and Engineers in Humanitarian Disarmament

By E. Golding
So is a scientist responsible for the harms caused by the military uses of their discoveries and inventions? How about the medical principle: “Do no harm”?

Read more

Importance of Real-Time Reports and Traceability in Software Testing

In this rather technical article for coders, Somesh Roy discusses the factors that cannot be resolved unless there are good reports kept that can be traced. (Or: How are you going to fix it if you can’t find it?)

https://www.kovair.com/blog/importance-of-real-time-reports-and-traceability-in-testing/?fbclid=IwAR1s9kVGSyRFgf7Mk4p695_iB6ohT-6BAbjxnzu9ZR8ttxlJG3wKNY2lJzE

Software companies rush to get their products to market, buggy or not

Yes, accidents do happen, even to careful people. But careful programmers and their demanding bosses can greatly reduce the bugginess of software. They will do so only when the law holds them responsible for bad results.

Should Trump wage cyber war?

There have been several news stories reporting speculations or insider information that Trump had used a cyberattack against Iran.

They did not seem to get much press coverage and no outrage at all. Whether you like Iran’s government or not, it will pay to think carefully about this kind of quasi-warfare. It if gets to be considered normal, we will have a much harder time putting a stop to it.

66
0
Would love your thoughts, please comment.x
()
x