Cyber Scene #64 - Cyber: Expanding and Constricting

Cyber Scene #64 -

Cyber: Expanding and Constricting

This edition of Cyber Scene will focus on the role of cyber regarding its expansion, in the hands of both Big Tech visionaries and a teen in a garage, as well as attempts to constrict its impacts, at home and abroad. Underlying this discussion is a cobbled mix of strategic developments as well as tactical attempts to resolve cyber issues. The near-term terrain this month stretches from Silicon Valley to Donetsk, Ukraine, with reverberations reaching well beyond these 10 time zones and nearly four dozen countries, for starters. The strategic impact is worldwide. We will begin by sweeping out and move on to the US heartland before visiting Russia and Ukraine.

It is no surprise to this readership that Big Tech is powerful and ambitious. The Wall Street Journal's (WSJ) Christopher Mims explores the groundwork, or rather more technically, Big Tech's undersea fiber-optic capacity that supports the titans' dominance. He singles out Microsoft, Google’s parent Alphabet, Meta (formerly Facebook), and Amazon as now controlling two-thirds of world capacity. They consider this to be only the beginning with a goal to connect all continents except Antarctica via over 30 long-distance undersea cables. Mims notes that they had only one such cable in 2010, and that was between Japan and the U.S.

Expansion is not restricted to undersea operations. On 18 January Microsoft "paid cash" of $69 billion to acquire Activision Blizzard, a video game developer—and twice the cost of LinkedIn (2016) as documented by The Economist on 22 January. This will place Microsoft #3 in gaming revenue behind Tencent and Sony. Microsoft is banking (this is literal) on its Azure cloud-computing support for videos. The Economist believes that this will trigger such acquisitions by other Big Tech firms. If Microsoft is successful, it will be a tribute to its own "gaming" talent.

This assumption tracks with another Economist companion piece entitled "Big tech's supersized ambitions," which provides a new acronym for Alphabet, Amazon, Apple, Meta and Microsoft: MAAMA. The article goes on to discuss the fact that failed big tech companies did not have regulatory problems, but rather did not anticipate the future. "The problem is that nobody knows what it will be." Indeed. But at least the forward-looking MAAMAs have studied the past to enhance their predictions of future successes by studying those that tanked. As the MAAMAs grow "…governments, rivals and billions of customers, who already fear these firms are too powerful, may be alarmed by all this."

The WSJ's Mims returns to this issue in "The Nanotechnology Revolution is Here—We Just haven't Noticed Yet." The key to tech revolution, per Mims, is nanotechnology: "You can thank the microchip." He outlines a score of nanotechnology's developed winners--computer printers, cellphones, sensors to detect air pollution, and even the present 5G issue regarding air traffic safety. But he continues to project how this will expand to applications such as for self-drive car camera that can detect black ice, phone cameras that can detect skin cancer, and many other visions of which Jules Verne would be proud.

With respect to the current chip shortage, Intel has a plan: it is investing $20 billion in a chip-manufacturing facility outside of Columbus, Ohio. WSJ’s Meghan Bobrowsky reports on 21 January that Intel intends to alleviate the world chip shortage and may expand to eight factories at the cost of another $100 billion. The first two facilities are due to begin construction immediately, and have on-line production by 2025. The near-term bonus? The company also pledged $100 million toward partnerships with educational institutions to build a pipeline of talent and foster research programs in the region.

This initiative tracks with President Biden's Build Back Better regarding infrastructure and the Senate's $52 billion to support semiconductor research and production. (N.B. Bobrowsky notes that the House has not passed the Senate bill yet.) It also addresses issues of some Rust Belt steelworkers and former auto factory workers.

As these issues are felt in Pittsburgh, Pennsylvania, as well, it would behoove Intel to extend a job offer to an inventive young undergrad, Sam Zeloof, at Carnegie Mellon University (CMU) in Pittsburgh, 3 hours east on I-70 from Columbus, who at 17 started making chips in his parents' garage, per Wired's Tom Simonite. Wired reports that the parents' garage that served as Zeloof's "low tech" lab is located only 30 miles from Bell Labs in New Jersey where the first transistor was made in 1947.

Within the context of "for better AND for worse," we will examine a few examples of cyber's seedier side as well as the advocates of constriction to include antitrust legislation, and reluctantly as it may be required, cyber warfare.

Cyber Scene readers are conversant with a panoply of suggestions for and attempts to temper the global and unregulated expansionism of Big Tech. It is reportedly bracing for this "wave of regulation" that spans the Western world, from the U.S. to the U.K. the E.U. (now chaired, rotationally, by France), and Asia. WSJ’s Sam Schechner reports that Big Tech firms worry that this is impacting their bottom line. To date, Silicon Valley has not suffered much. Schechner notes that in the last five years, five of the biggest of the Big Tech quadrupled their market value, cranking it up to $9.31 trillion. However, internationally, various laws being enacted impact them. Facebook has had to sell one of its companies under a U.K. November 2021 mandate and now has to shut down its facial recognition system. Google has had to remove online-tracking cookies. Twitter is dealing with new legislative directives in over six countries. Google believes that in complying with EU decisions, they have lost market share to competitors.

In the U.S., the Senate Judiciary Committee cleared a bill on 20 January to proceed, in a bi-partisan vote, to advance antitrust legislation which intends to restrain anti-competitive influence of the "titans," according to Cat Zakrzewski and Gerrit De Vynck of the Washington Post. (N.B. Amazon's Jeff Bezos owns the Washington Post.) This debate continues amid intense and well-funded lobbying. California's two senators did not endorse the bill.

A view through legal eyes, courtesy of Lawfare's Stewart Baker, underscores how Facebook and Google seem to be bearing the brunt of the antitrust thrashing. He discusses the accusation that the two Big Tech titans had "cornered the market on antitrust troubles." There seems plenty to go around. Baker goes on to offer an update of current-event cyber issues, to include rampant "…rumors of war on the Russian-Ukrainian border—and in cyberspace."

A week earlier, New York Times' (NYT) Andrew E. Kramer broke the story of the hacking of Ukrainian government websites following a diplomatic impasse in Russian discussions with the U.S. and NATO regarding a possible Russian invasion of Ukraine. Threats to the Ukrainians included "Be afraid and expect the worst." The Ukrainian government believes that it was indeed a reaction to issues regarding Ukraine's relationship with NATO. (N.B. There has been no offer or action to open NATO admission to Ukraine.) The attack did not drive Ukraine further from NATO; the response was the opposite, with NATO and EU countries offering help, as reported in the NYT.

Lawfare's Stephanie Pell provides a pithy analysis of this event on 21 January, including reporting on a follow-up attack. On 15 January, Microsoft noted the appearance of malware on the Ukrainian government's IT firm's system that was dealing with the hack the prior day. However, the appearance of malware hit governmental agencies as well as other organizations providing "critical executive branch or emergency response functions" in Ukraine. Further study surfaced that the malware was disguised as ransomware, where activation would infect and immobilize the targeted computer system. She continues, providing an overview of US Department of Defense definitions of cyberattacks, of updates regarding the malware (that the perpetrators may have originated in Belarus) and presents varying views on the use of cyber operations in this Russo-Ukrainian context.

Regardless of how this is construed in retrospect, the immediate response has not been to estrange NATO from Ukraine. It is quite the opposite, as captured by the Economist in early January, even prior to the cyberattack on Ukraine. The article parses out several possible directions Russia might take, but while trying to size up how Putin's brinkmanship might play out, "Russia's menacing of Ukraine is unlikely to induce NATO to retreat. It may have the opposite effect."

Given military movements since then along Russia's Baltic and south-western borders, and despite diplomatic engagements prior to the departure of many US and foreign diplomats from Kyiv in late January, the Economist's analysis seems accurate. NYT's David Sanger reviews President Biden's 19 January statements regarding Putin "regretting having done it." Sanger recounts the President's reference to US and NATO troop movements to Bulgaria and Romania (both NATO countries) citing this "as a sacred obligation to defend those nations, both of which are NATO nations." The President had spoken as well about non-military measures, such as sanctions, although he did not address this specifically on 19 January. However, the Economist in mid-December (Economic sanctions SWIFT thinking) did discuss the closing down of Russian access to SWIFT, "…the messaging network used by 11,000 banks and 200 countries to make cross-border payments" as it did to Iran in 2018.As this Presidential address pre-dated continued diplomatic discussions between U.S. Secretary of State Antony Blinken and Russian counterpart Sergei Lavrov, some doors which might have been cracked open a few inches seem to be closing as of this writing. As President Biden noted and captured in Sanger's reporting, this is as dangerous as the world has gone since World War II. Whether SWIFT is engaged as a cyber weapon, or other non-boots-on-the-ground options are considered, remains to be seen as of this publication.

Ad interim, the President has signed a new cybersecurity memo on 19 January supporting additional steps to be taken to better coordinate the US national security system. This supports the standards of Executive Order 14028 and imposes relatively short term 7 to 90 day deadlines for most actions and 180 day deadlines for broader interagency cyber coordination for both data-at-rest and data-in-transit, for example.