Cyber Scene #76 - Cybersecurity New Math: Folding, Holding, and Anteing Up
Cyber Scene #76 -
Cybersecurity New Math: Folding, Holding, and Anteing Up
The start of 2023 has been multifaceted. Beyond the unusual issues on Capitol Hill of turnover and leadership changes, and tussling with a debt ceiling of $31 trillion, the cyber world itself has seen considerable action of three sorts in the year's first month: a very recent loss of thousands of Big Tech cyber workers, examples of cyber companies in abeyance and under scrutiny, and instances of more agile endeavors among cyber players that include shifts to new perspectives and approaches. Let us start with the "folding" and save the, well, better, for last.
Several of the greatest cyber institutions have cut back their workforce significantly most recently. The 20 January Washington Post's (the Post) reporters Gerrit De Vynck, Naomi Nix, Julian Mark and Ellen Francis combined to deliver a composite figure of very recent tech layoffs: a stunning 200,000. The reversal, from the beginning of higher tech and the expansion of remote work at the onset of the pandemic in 2020 to the present, is somewhat startling to those who have just been fired.
The Post goes on to report that Alphabet (Google), Meta (Facebook), Amazon, Salesforce, and Microsoft all find themselves in a similar situation. Alphabet CEO Sundar Pichai sums it up: "Over the past two years we've seen periods of dramatic growth. To match and fuel that growth, we hired for a different economic reality than the one we face today." Several tech firms expect additional tightening and have alerted their workforce to the possibility of continued cuts. It is not sitting well with those let go. Instead of pink slips on one's desk, some of the messaging was terse and delivered overnight by email. Alphabet’s Worker Union's executive chair, Parul Koul, found this action clearly unacceptable: "Today, 12,000 of our co-workers woke up to devastating news. In one email Sundar Pichai has taken away the livelihoods of thousands of workers. This is egregious and unacceptable behavior by a company that made $17 billion dollars in profit last quarter alone."
Despite inflation, deglobalization, and a huge drop in tech stocks of about 30% in 2022, the layoffs boosted Google's stock 4% upon notice of the firings.
The impact on the workforce is discussed by the 20 January New York Times (NYT) Tripp Mickle reflecting the difference between younger and older tech folk in reacting to the layoffs. The massive reduction in the workforce also surfaces in rising issues such as noncompete agreement restrictions for those who leave their companies, willingly or not.
Meanwhile, this drum roll of hackers continues; the breach goes on for T-Mobile, PayPal, and a crypto currency firm. The T-Mobile problem, as reported by 20 January Wired's Lily Hay Newman, cited the latest problem that was not resolved by $150 million spent in attempts to do so. The Securities and Exchange Commission (SEC) filing explains that "… a bad actor manipulated one of the company's Application Programming Interfaces (APIs) to steal customers' names, email addresses, phone numbers, billing addresses, dates of birth, account numbers, and service plan details." Approximately one third of T-Mobile's U.S. clientele of 100 million was impacted. The breach, which occurred in November 2022 (the 5th such breach since 2018), came to light on 5 January 2023.
Forbes' Davey Winder on 21 January reported that the hack on U.S. accounts was indirect: "The irony here is that it will have been breaches at other services that were behind the large-scale credential stuffing attack, which led to nearly 35,000 PayPal customer accounts being accessed by an unauthorized third-party criminal actor." The example highlights the interlocking nature of large companies that, along with their clientele, may be indirect victims.
The SEC was also involved in singling out two crypto currency businesses, Genesis Global Capital and Gemini Trust (owned by brothers), for dealing with unregistered securities. According to the SEC Chair, Gary Gensler, Genesis and Gemini bypassed "…disclosure requirements designed to protect investors" per 12 January (NYT) as reported by journalist Ephrat Livni. The SEC said that eventually Genesis stopped, and its clients lost $900 million. The SEC oversight is notable because the crypto industry has been, seemingly intentionally, as unregulated as it could be.
The view from across the pond is similarly challenging. As reported by the British-published Economist on 12 January, the U.S. National Security Advisor, Jake Sullivan, reflected a much tougher approach to global technology. Sullivan is cited as saying that being the tech leader was not enough. Rather, the U.S. "… had to pursue "as large of a lead as possible" in chipmaking, quantum computing, artificial intelligence, biotechnology and clean energy. To that end, America needed not only to welcome clever people and foster innovation, but also to impede technological advances in countries like China and Russia." It appears that not only the Tech Titans, but countries as well have reset their strategic planning.
On a marginally happier note, TikTok, trying to hold its own, is in the throes of attempting to win over U.S. support for a continuing presence in the U.S., according to the 16 January Wall Street Journal’s Georgia Wells and Stu Woo. The Chinese-owned company is proposing more transparency, and particularly sharing its algorithms with U.S. regulators. It has also shared with the U.S. its $1.5 billion plan to reorganize its work in the U.S. The many issues before TikTok are still under negotiation with the Committee on Foreign Investment in the U.S. (CFIUS). There has been recent talk about TikTok’s reach on Capitol Hill: Congress has proposed a bill to ban TikTok in the U.S. altogether. Representative Mike Gallagher (R-WI), the House of Representatives rep representative to the Cyberspace Solarium Commission (CSC), is worried about Chinese influence on videos on the platform. Along with his co-chair Angus King (I-ME), he has welcomed the omnibus spending bill passage in the last 2 days of 2022 for funding to implement many of CSC's programs.
This is followed by a holding pattern on the European Union side with their examination of the proposed Broadcom acquisition of VMware for $61B. The European Commission, the EU’s antitrust watchdog, is launching an investigation to assess whether the merger would hinder competition in the EU server market. The U.K.'s Competition and Markets Authority is also interested. The U.S. Federal Trade Commission (FTC) is also looking into this, so regulatory eyes are fixed on this deal from both sides of the Atlantic.
The third group is the “moving up” category. Despite the belt tightening of Big Tech generally, there are optimistic examples of stepping back and exploring another approach. As reported by Defense One, the omnibus spending bill, which was passed in late December 2022 and signed by the President on 30 December, totals almost $1.7 trillion. Here is a thumbnail sketch of what is included in the bill as captured by 21 December Defense One's Edward Graham and Kristen Errick. The bill includes “… funding for a wide range of technology, cybersecurity and space initiatives across the federal government, from enhanced efforts to counter cyber threats, to additional funding to accelerate the domestic production of new technologies and spur on the adoption of innovative next-generation solutions.” The details, like the elevation of the Cyber National Mission Force in late December 2022, as reported 20 December by C4ISRNET's Colin Demarest, are broadly not available to the general public. But the Pentagon and Cyber Command are well versed, and now have a subordinate unified command comprising 39 joint cyber teams with CYBERCOM as its parent. C4ISRNET reports that the Pentagon asked for $11.2 billion for cyber.
The U.S. is not alone in anteing up regarding cyber. BBC's Paul Kirby reports on 19 January that French President and current EU chief Emmanuel Macron is also planning to increase military funding from EU 295 billion to EU 413 billion. Macron mentions that with the Russian invasion of Ukraine, there are no more post-Cold War “peace dividends” Of particular interest is the 60% increase in military intelligence, “…adapting to “high-intensity” conflict with investment in drones, cyber-defence and improved air defences.” He added that “We must not do the same with more; we have to do better and differently. We need to be one war ahead.”
Closer to home, let us return to our own cyber leaders. Microsoft, which is among the Big Tech players noted at the beginning of this Cyber Scene, was laying off thousands of its workforce. One door now open to creativity is ChatGPT, which Microsoft believes can reach the masses thanks to AI. Will Oremus, from the 21 January Post reports that CEO Satya Nadella is “…making a big bet that they can be something much more than: the future of knowledge work.” Big Tech does think big. The CEO forecasts that eventually, all Microsoft products will include some of the same AI capabilities used for ChatGPT and other search engine applications. The analysis goes on to point out that “…a new crop of risk-taking upstarts has stolen (Big Tech's) thunder; Now that they've caught on.” Big Tech is playing catch-up. Few are playing it harder than Microsoft.