Cyber Week in Review: September 16, 2022

Gavin Newsom signs social media transparency bill  

California governor Gavin Newsom signed a social media transparency bill, A.B. 587, earlier this week. The bill requires companies to file semiannual reports that publicly disclose their content moderation policies for extremism, hate speech, and discrimination on their platforms. Some social media companies have already begun to produce reports on their content moderation policies, although critics have noted that these reports are often confusing and inconsistent, making long-term analysis or comparisons between companies difficult. Social media companies and other analysts have said the bill is a violation of the First Amendment, while other officials have raised concerns that the bill could make evading content moderation policies easier. 

U.S. sanctions Iranian officials over Albanian cyberattacks 

The U.S. Treasury Department announced new sanctions against the Iranian Ministry of Intelligence (MOIS) and Esmail Khatib, the head of that department, for a series of cyberattacks which struck Albania in July 2022. The statement condemned Iran’s cyberattacks and said it “disregards norms of responsible State behavior in cyberspace.” The attacks took place before a conference hosted in Albania by a group opposed to the Iranian regime and affected several government websites and services. The attack, along with other considerations, led Albanian officials to sever diplomatic ties with Iran. This step does not appear to have deterred Iran, however, as two days after severing relations Albanian officials said they were hit by another major Iranian cyberattack. 

CISA launches Joint Ransomware Task Force 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) convened the first meeting of its new Joint Ransomware Task Force earlier this week. The task force was first announced in May 2022 and aims to increase cooperation between several government agencies Co-chaired by the FBI and CISA, the task force will take on a number of significant duties, including prioritizing operations to disrupt specific ransomware actors, encourage coordination between federal agencies and private companies, and identifying the highest threat ransomware groups. The U.S. government has begun to take more visible action against ransomware groups in the past two years, including issuing indictments against ten Iranian and two organizations for their role in ransomware attacks on the United States. 

NSA releases new requirements for quantum computing-resistant algorithms 

The U.S. National Security Agency released its new requirements for quantum computing-resistant algorithms this week. The new requirements set out a path for federal agencies and contractors to transition to the new algorithms, which are resistant to cracking by both classical and quantum computers. The NSA expects agencies and contractors to have fully transitioned to the algorithms by 2035. The National Institute of Standards and Technology (NIST) recently unveiled four of its quantum-proof algorithms in July of this year and is expected to unveil more in the coming months. Quantum computing has long been heralded as a new age in cryptography, largely because of the ability of quantum computers to break traditional algorithms far faster than classical computers, and there is growing competition with China over quantum information sciences. 

Whistleblower tells Congress that Twitter employed Chinese and Indian intelligence agents  

On Tuesday, former Twitter security chief Peiter Zatko testified before the Senate Judiciary Committee about the social media company’s security vulnerabilities. Zatko said that Twitter had “misled the public, lawmakers, regulators and even its own board of directors” by failing to defend the platform from cyberattacks and exploitation. Zatko implied that the company was susceptible to foreign surveillance, telling Congress he had heard that the company employed “at least one [Chinese intelligence] agent” while knowingly hiring Indian intelligence agents. Twitter rejected Zatko’s assertions as “full of inconsistencies and inaccuracies,” maintaining that its hiring process is “free from any foreign influence" and that user data is kept secure through a series of internal mechanisms.