Cyber Briefing ~ 03/25/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
UnitedHealth Group CEO Andrew Witty is scheduled to testify before the Senate Finance Committee in the coming month regarding a February hack that affected the U.S. healthcare sector. The hearing will be the first time a senior executive from UnitedHealth has testified before Congress since a ransomware attack on its billing subsidiary, Change Healthcare. Lawmakers, industry groups, and the Biden administration have expressed frustration with UnitedHealth's response to the hack and have called for greater transparency. The Senate Finance Committee, led by Senators Ron Wyden and Mike Crapo, will oversee the hearing.
Space Force Installs Mission Analysis Team at Fort Meade to Assess Adding Component to Cyber Command
The Space Force has established a mission analysis team at Fort Meade to determine the potential for a space component within U.S. Cyber Command. The team will work alongside Cyber Command and the NSA to assess the structure and capabilities of a space component. The Space Force is currently focused on resourcing current components before finalizing plans for a Cyber Command component.
The US government has issued a warning to state governors about foreign hackers conducting disruptive cyberattacks on water and sewage systems across the country. The National Security Advisor and the Environmental Protection Agency Administrator specifically mentioned alleged Iranian and Chinese cyber saboteurs. The attacks have the potential to disrupt clean and safe drinking water and impose significant costs on affected communities. The letter urged governors to assess their current cybersecurity practices and prepare for potential cyber incidents.
Researchers have discovered a flaw in Apple's M-series chips that allows attackers to extract secret keys from Macs during cryptographic operations. The vulnerability stems from the chips' microarchitectural design and cannot be directly patched. Mitigations would involve building defenses into cryptographic software, potentially impacting performance. The vulnerability is related to the chips' data memory-dependent prefetcher feature, which can be exploited by malicious applications running on the same CPU cluster. Apple has yet to address the issue.
Senators Richard Blumenthal and Marsha Blackburn have urged the Director of National Intelligence to declassify information regarding the national security risks associated with TikTok. They highlight the concerns raised by the intelligence community in recent classified briefings and emphasize the importance of the American people, especially TikTok users, understanding the national security issues involved. The House has already passed legislation requiring TikTok's parent company to divest from the app, and now the Senate is being urged to take action as well. Senate Intelligence Committee Chair Mark Warner also expressed a desire to declassify information after a recent briefing.
Recorded Future's annual threat analysis report reveals a significant increase in the exploitation of high-risk vulnerabilities in enterprise software and network infrastructure. The number of vulnerabilities exploited in attacks against these systems tripled from 2022 to 2023, with two-thirds of all active exploits targeting operating systems, network infrastructure, and enterprise software. Notable instances included attacks on file-transfer services and Citrix networking products. Threat actors are taking advantage of these vulnerabilities to gain unauthorized access to corporate environments and sensitive data, often leading to ransomware attacks and extortion demands.
California state agencies seeking to purchase artificial intelligence (AI) products will be required to assess them for bias and misinformation, according to new guidance issued under Gov. Gavin Newsom's direction. The guidelines aim to establish a framework for the procurement of AI technology and could serve as a model for other states and cities. The state is already implementing pilot projects that utilize AI for purposes such as traffic management and healthcare licensing. The guidance emphasizes the need for evaluation and monitoring of AI systems while acknowledging potential risks such as data compromise and biases in AI models.
House Republicans express concerns over the White House's use of the Defense Production Act (DPA) to mandate reporting on AI model development. However, Rep. Nancy Mace, chair of the House Oversight Cybersecurity subcommittee, states that her party is not currently planning any action against the DPA-authorized sections of President Biden's executive order. The subcommittee is still examining the potential consequences of the order.
President Joe Biden has announced his intention to nominate Michael Sulmeyer as the assistant secretary of Defense for cyber policy at the Pentagon. This nomination is part of the administration's efforts to enhance the Pentagon's focus on cyber threats and strengthen its response to foreign adversaries such as China and Russia. Sulmeyer, currently the principal cyber adviser to the secretary of the Army, would be the first to serve in this position, created under the 2023 National Defense Authorization Act. The Senate Armed Services Committee will need to approve Sulmeyer's nomination before it proceeds to a vote in the full Senate.
The bipartisan fiscal year 2024 budget proposal released by the House and Senate Appropriations committees includes billions of dollars allocated to the Pentagon for strengthening cyber operations across the Air Force, Army, Navy, and Marine Corps. The proposed budget reflects bipartisan support for addressing cyber defense issues and countering threats from China and Russia. Specific allocations include funds for cyberspace operations, sustainment, defensive cyber operations, and headquarters operations for Cyber Command, among others. The proposed budget must be passed by Congress by Friday night to prevent a government shutdown.
Top congressional leaders have proposed allocating a budget of $50 million for the State Department's newly established fund aimed at helping allied nations strengthen their cybersecurity. The fund, known as the Cyberspace, Digital Connectivity, and Related Technologies Fund, was established by the 2024 National Defense Authorization Act but has lacked the necessary appropriations. The proposed budget will be crucial for supporting allies that have been targeted by significant cyberattacks. Additionally, the State Department's budget proposal includes funds for strengthening its own cybersecurity and countering the malign influence of China and Russia. The overall spending package must be approved by Congress by Friday night to avoid a government shutdown.
领英推荐
The government funding package for fiscal year 2024 provides $2.8 billion to the Cybersecurity and Infrastructure Security Agency (CISA), which is a slight decrease from its previous budget. This funding will temporarily alleviate concerns that conservative lawmakers would significantly reduce CISA's budget due to allegations that the agency censored conservative voices online. However, the bill includes some cuts to specific programs, such as breach reporting and federal network protection, while providing a boost to CISA's Cyber Defense Education and Training Program. Additionally, the bill introduces new reporting requirements for CISA and mandates the development of an official policy regarding engagement with social media companies.
An Air Force intelligence analyst, Jason Gray, is accused of sharing classified U.S. intelligence on Discord with followers of an anti-government extremist group. Gray allegedly shared the information obtained from his access to National Security Agency intelligence with seven individuals, possibly in furtherance of the Boogaloo ideology. Gray's case raises concerns about the Defense Department's knowledge of personnel sharing classified information on chat platforms like Discord. Gray pleaded guilty to distributing child pornography and received a 60-month prison sentence.
President Biden will nominate Michael Sulmeyer as the inaugural assistant secretary of defense for cyber policy. Sulmeyer, currently the principal cyber adviser for the Army, will be responsible for advising the secretary of defense on all cyber matters, pending Senate confirmation. The position was created by the fiscal 2023 National Defense Authorization Act.
Hong Kong has passed a new national security law that expands offenses such as espionage and treason, raising concerns among foreign executives about its impact on businesses and the erosion of civil liberties. The law aligns Hong Kong more closely with mainland China and has drawn criticism from Western governments. Foreign business groups and corporate lawyers express concerns about the vague wording of certain parts of the law, potentially increasing compliance costs. Confidence in Hong Kong as a global financial center has already been shaken, leading to a decline in regional headquarters of foreign firms in the city.
Hong Kong is experiencing a chilling effect on freedom of expression as bookstores close, shows are canceled, and dissent is whispered behind closed doors due to the new national security law. The law has raised concerns about minor transgressions being punishable and the erosion of sacred spaces like church confessionals. The crackdown on national security has also impacted Hong Kong's economy and led to a brain drain as citizens consider leaving the city.
Nvidia has partnered with Hippocratic AI to develop AI nurses who provide medical advice to patients over video calls in real time. These AI nurses, powered by generative AI, cost only $9 an hour, significantly less than human nurses, who can cost $90 an hour. While the technology aims to address healthcare worker shortages, it has raised concerns about undercutting living wages and the potential limitations of AI in making accurate diagnoses.
Ukraine is increasingly using unmanned ground vehicles (UGVs) in warfare to hit enemy forces, clear land mines, and rescue injured soldiers. The country aims to develop its own "army of robots" to reduce reliance on foreign suppliers and counter Russian advances. Challenges for UGVs include navigating complex terrain and the historical ineffectiveness of land drones. However, improvements in technology are making UGVs more viable, with Ukraine fielding UGVs made by foreign companies, startups, and makeshift creations by soldiers. The simplicity and low cost of these homemade UGVs have proven effective in certain situations.
Mustafa Suleyman, an AI pioneer who co-founded DeepMind and recently led his own startup, is joining Microsoft to oversee the company's AI products for consumer offerings such as Bing search engine and Windows. Suleyman's expertise is expected to bring fresh ideas to Microsoft's consumer AI and help the company stay competitive in the AI race. Despite occasional controversy and mixed success with consumer AI products, Suleyman is considered a prominent figure in the AI community.
A study by Korn Ferry reveals that the average age of enterprise CIOs in Fortune 100 companies is 55, indicating a preference for experienced leaders who can drive business transformation. The average tenure of a CIO is just over five years, with healthcare CIOs being the oldest and financial services CIOs being the youngest. The healthcare industry's slow transition to digital and the demand for experienced CIOs contribute to longer tenures in the healthcare sector.
Microsoft will pay Inflection AI $650 million to license its AI software and has hired the startup's co-founders and the majority of its employees. Inflection is now looking to offload some of its computing capacity as it transitions to an enterprise-focused business model.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to our Cyber Focus podcast.
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.
Absolutely, the pace at which technology evolves demands equally dynamic strategies in cybersecurity. As Confucius said—our greatest glory is not in never falling, but in rising every time we fall. Embracing innovation in defense mechanisms can fortify our digital fortresses. ????? #InnovationInCybersecurity