Cyber Scene #74 - Chips Ahoy on Cyber Thursday Horizon

Cyber Scene #74 -

Chips Ahoy on Cyber Thursday Horizon

As a follow-up to the previous "chips down" discussion on Cyber Scene, rather timely work now comes to surface with a new "shore" approach. For those of this readership who have enjoyed a "friends-giving" celebration last week, you will discover a cyber security rendition as you read this Cyber Scene.

Big Tech’s expansion following the demise of the Cold War propelled a laissez-faire economic world grounded in globalism. Now, things have changed. Relations are heating up…rather, freezing, as the U.S. and China are struggling to speak diplomatically to each other. Although it's still partially “the economy, stupid,” the Russian, Chinese and occasionally Iranian reach into Western cybersecurity has changed the game. Protectionism and its sanction minions are moving back to the front page. Cyber climate change is creating icebergs in some seas.

As the Berlin Wall disintegrated during the 1989-1993 presidency of George W. H. Bush, Michael Boskin--the Chair of the Council of Economic Advisors –joked about no big difference between semiconductor and potato chips, as captured by The Economist in "Biden's billions." The article pursues U.S. President's Biden $52billion Chips and Science Act passed by Congress while Europe and Japan head in the same direction. "Onshoring" is the new terminology for bringing it all back home. The Economist article notes that nearly the same funding for the EU--$49billion—will be used for cutting-edge chip-fabrication plants, citing both security and job creation as the drivers. Some economists cited in this article are "doubtful" about the success. On the other hand, the May 2021 Economist entitled "Building a Boom" cited a seminal study by the Chicago Federal Reserve's late David Alan Aschauer on the success of infrastructure trickledown economics supporting job creation.

On the security side of the issue, there is less division. The article states: "More than 90% of advanced chips, many needed for manufacturing weapons, are made in Taiwan—far closer to China than is comfortable for the West." It also adds that as the U.S. becomes more technologically intensive, it is more productive. This "spillover" to innovation from a strong manufacturing base benefits research and development if software is not the only connection. The software connection alone could result in fewer jobs.

The Economist returns to this issue on 27 October in "Adieu, laissez-faire," acknowledging that despite serious economic issues, the White House "…does seem to be having some success in fusing security and economic objectives, especially regarding China." This is principally attributable to China's support for Russia re Ukraine, and its "zero-covid policy." The article does point out that despite the huge economic problems, "That, however, is to overlook the changes he (Biden) has ushered in with three big pieces of legislation: the $1.2 trillion infrastructure law, a $280 billion semiconductor-and-science act, and $390 billion climate-spending package." It goes on to note that these three are cast as "spending bills" due to partisanship issues that make it "…almost impossible to get any other measures through Congress." Given the recent mid-term election returns, it appears that the House and Senate will be split for another two years. What The Economist did not address was the fact that elements on the Hill, to include the Cyberspace Solarium Committee (CSC), are bipartisan. The co-chairs are Independent Senator Angus King (I-ME), and Republican Representative Mike Gallagher (R-WI), with Democratic support from both the Senate and House as well.

Moreover, this approach is not a boomerang to strict protectionism, casting globalization into the dark blue sea. Rather, the administration has adopted "friend-shoring"—a means of strengthening trade with allies and keeping incalculable nautical miles from adversaries as discussed in the Economist’s "The Coming Storm on 27 October." As was mentioned earlier, high-end semiconductor manufacturing is viewed as "…vital to national security," according to the Center for Strategic and International Studies’ Gregory Allen, a former Pentagon AI expert. U.S. and Chinese officials are on speaking terms, but "just."

China is not the only issue. Cybersecurity safe havens exist worldwide, and "friend-shoring" countries continue to be attacked. The following is a brief synopsis of nation-victims reported during the last 4 weeks.

Russia's invasion of Ukraine spills over into all NATO countries and then some. The Economist's "The War in Ukraine: Finding an ending in 10 November" cites "grey" cyber-related threats: sabotaging internet connections to the West, conducting bigger cyberattacks and interfering with communications satellites.

Cyberattacks against Australia's second-biggest telecom company has hit current and former users--about 40% of the country's population. A phone company, a health insurer, an online marketplace, and an on-line wine marketer have also been breached. Alastair MacGibbon, the country's former national cyber-security adviser, suggests that it is Russian hackers who "cause fear, uncertainly and doubt" toward countries supporting Ukraine, as reported in the 3 November Economist's "Once more unto the breach." The companies themselves are feeling the pain: many of their customers are leaving.

Sometimes the hacks are the result of an individual's bad behavior.

In the first instance, let us look at personal behavior which the Economist in 1 November's "The home office" avers is the real problem, "…as anyone in an IT team can attest. Powerful folk tend to think that their time outweighs whatever risk the nerds fret about. They are wrong." The UK exemplars of what not to do focus first on the very recent former Prime Minister, whose personal phone hack included a year of her messages, reportedly including Ukrainian arms discussions, and her very recent, and now former Home Secretary who found it cumbersome to use her work phone when she found it easier to download official documents to her personal device to use them during video calls on her official phone. These behaviors are not news to this readership. But recent very senior examples remind us that dismissiveness of strong anti-hacking procedures remains a serious, but correctable, weakness.

Sometimes the weakness is a result of could-be-better business practices.

In Ireland, where Meta, Google, Twitter and Tik Tok have set up their EU hubs, Ireland's Data Protection Commission has imposed more fines in response to pressure from privacy groups who wish the E.U. regulators were more aggressive, according to the New York Times' 28 November "Meta Fined $275 Million." Meta now has reached $900 million in fines since last year. Tik Tok is also under investigation. Ireland is responsible for enforcing EU data protection rules for the entire EU since the 2018 General Data Protection Regulation (GDPR)—a recurrent subject of Cyber Scene.

France has its own problem with Twitter, as reported by the Washington Post's Annabelle Timsit on 22 November on France's regulation of Twitter. France's digital regulator, ARCOM (the Regulatory Authority for Audiovisual and Digital Communication), has asked Twitter to confirm its ability to meet French legal obligations to moderate harmful content and misinformation. France is particularly worried about manipulating information and disseminating online hate speech. If Twitter cannot comply, fines of up to $20.5 million or 6% of global revenue for the previous fiscal year are at risk. The French head of Twitter announced last week that he had left (without clarification of quitting or being laid off).

In addition to the GDPR, the Post article mentions a new "sweeping piece of legislation" from the EU—the Digital Services Act—that imposes transparency restrictions on tech companies. The Post cites a New York Times editorial of 18 November by Yoel Roth, the former Twitter chief of Trust and Safety, confirming that "Regulators have significant tools at their disposal to enforce their will on Twitter and on Mr. Musk," while referencing the new Digital Services Act.

Two ongoing developments show some progress in bolstering U.S. cybersecurity.

Forbes’ Councils Member Greg Murphy reminds us in 22 November’s "Revisiting the U.S. Cyberspace Solaruim Commission Report" that serious work continues on the Hill. He underscores the value of the U.S. Cyberspace Solarium Commission (CSC) work, to secure our national supply chains and develop a strong cybersecurity workforce. As discussed in earlier Cyber Scenes, the CSC has succeeded in having had many, but not yet all, of its recommendations acted upon. The Forbes article goes on to call for more support for the nation to confront new threats.

Last, but not least, is Lawfare's Eugenia Lostri's 18 November discussion of the White House’s second meeting of the International Counter Ransomware Initiative (CRI), this time, in person, in Washington D.C. Thirty countries joined as of October 2021, with the intent of a whole-of-government leverage of a range of criminal, diplomatic, economic and military capabilities to combat ongoing ransomware threats. Now one year old, CRI has divided into five groups, chaired as follows: Lithuania and India—resilience; Australia—disruption, the U.K. and Singapore—financial mechanisms, Spain—public/private partnerships, and Germany—leveraging diplomacy. Thirteen private companies were also invited. Ms. Lostri discusses the successes and the challenges; she particularly cites the greatest challenge being the 3 safe haven countries (China, Russia and Iran) are non-members, and concludes that "the CRI’s most concrete deliverable seems to be the future establishment of a task force." It is, at a minimum, a foundational direction.