Cyber Week in Review: October 6, 2023

NSA to launch an artificial intelligence security center

The U.S. National Security Agency is starting an artificial intelligence security center, which will be housed within the agency’s Cybersecurity Collaboration Center (CCC). The AI security center will be focused on preventing the theft of cutting-edge models and intellectual property and will consolidate the NSA’s disparate, existing approaches to securing AI models. It is unclear how much the new center will interact with the private sector, but it is important to note that the CCC is designed to foster collaboration both within government and with private industry. Although U.S. officials have long emphasized the threat of intellectual property theft, officials outside of the NSA have grown more vocal over the last six months about the threat of AI model theft.

State Department releases report on Chinese disinformation campaigns

The U.S. State Department’s Global Engagement Center released a new report on China’s efforts to shift the global information environment last week. The report identifies multiple ways the Chinese government is seeking to shape the information space: leveraging traditional propaganda efforts, coercing companies and individuals, both in China and abroad, to support the government’s narrative, exercising control over Chinese language media, and promoting digital authoritarianism worldwide. The Chinese government’s progress on information operations has been uneven, but earlier this year it was accused of using U.S. newswire services to inject propaganda into news outlets as part of a campaign to shape U.S. attitudes toward sensitive topics.

Freedom House releases Freedom on the Net 2023 report

Freedom House released the 2023 edition of its annual Freedom on the Net report earlier this week. The report found that internet freedom declined globally for the thirteenth consecutive year, with the largest decline seen in Iran, where the government cracked down on protests after the death of Mahsa Amini by blocking access to WhatsApp and Instagram and restricting access to the internet. Artificial intelligence is also increasingly being integrated into internet censorship efforts, with at least twenty one countries mandating or incentivizing platforms to use machine learning to evaluate and remove controversial political, social, or religious content. Elections were a major driver of internet censorship, as leaders criminalized a variety of online activities to maintain power. This phenomenon comes as the world heads into one of the busiest electoral seasons in decades.

Red Cross releases rules for hacktivists carrying out cyberattacks

The International Committee of the Red Cross (ICRC) published the ICRC’s first-ever guidance regarding rules of engagement under international humanitarian law for “civilian hackers” operating within the context of an armed conflict. The guidance comes at a moment of increasing activity by civilian hackers not only in Ukraine and Russia, but also across a growing range of conflict environments, from Sudan to Armenia. The authors  released eight rules for civilian hacktivists operating in wartime conditions: do not direct cyberattacks against civilian objects, don’t use automatically spreading malware, avoid collateral damage to civilian systems when attacking military targets, don’t attack military targets, don’t attack systems essential to civilian survival, such as power stations, don’t attack with the intent of terrorizing the population, don’t incite other groups to violate international law, and comply with international law even when enemy groups do not. The authors also say that states should ensure that hacktivist groups operating within their borders adhere to international law. Hacktivist groups have often stymied attribution or international governance, and they have become increasingly common over the past decade.

Fifth Circuit Court of Appeals bars CISA from communicating with social media companies

On October 4, in the case Missouri v. Biden, a three-judge panel of the U.S. Fifth Circuit Court of Appeals blocked the Cybersecurity and Infrastructure Security Agency (CISA) from discussing election security with social media companies.  The court modified a September 8 ruling preventing the White House, Surgeon General, FBI, and CDC from communicating with social media companies about potential misinformation related to COVID-19 or elections, adding just one paragraph to include CISA and pointing to the role that CISA played in facilitating FBI communications with social media companies. The Biden administration plans to appeal to the U.S. Supreme Court, although it is unclear if or when the court would take up the case.