Synaptic Unfolding #3

Welcome to the current edition of #Synaptic #Unfolding newsletter. This edition comes in a bit more extended, hence longer, format: two articles by me and some interesting news from a #European perspective.

Noise and Bias: Unseen Threats to Cybersecurity Decision-making

I am just in the process reading Daniel Kahneman’s book ‘Noise’, and it gave me some thoughts about the approach’s applicability in the #cyber domain. The book describes ‘#noise’ and ‘#bias’ and the flaw in human #decision-making, plus offers solutions to deal with these two, and make decisions more coherent.

‘Noise’, as Daniel Kahneman defines, denotes unwanted variability in identical decisions. In #cybersecurity, this noise can manifest in varied responses to the same security threat, investment decisions or divergent perceptions of a risk severity.?The resulting inconsistency could potentially weaken cybersecurity defenses, creating gaps in #vulnerability protection?and defining cyber-digital #transformation technological constrains. Over time,?too much noise in decision-making?can lead to significant costs, either from cyber incidents or from failing to capitalise on technological advancements.?

‘Bias’, the systematic deviation from objective facts, often stems from #cognitive shortcuts. In cybersecurity, biases such as confirmation bias or availability heuristic can lead to the over or underestimation of cyber risks. Bias in decision-making sets a path to certain decisions, while not allowing the investigation of alternate approaches or technologies. In effect, neglecting bias can lead to misguided resource allocation and subsequently, ineffective risk mitigation or technological depts.?

Neglecting noise and bias can seriously jeopardize any organization, especially when they are complex and large. Inconsistencies and inaccuracies in decision-making could lead to financial loss, reputational damage, legal repercussions, and operational inefficiencies. Moreover, in the era of cyber-digital transformation, these factors could result in a distorted understanding of potential and risks associated with #emerging technologies. Noise and bias, if neglected, can have far-reaching consequences, yet their understanding can significantly enhance an organization's overall security posture.

To navigate these challenges, organizations need to filter noise and gain situational awareness of their cyber-digital landscape. Establishing clear baselines for decisions and quantifying deviations from these baselines can help identify and reduce noise. Robust data collection and analysis can also aid in discerning patterns and pinpointing areas of high noise. #Veritable measures are a must.

Addressing bias involves being conscious of cognitive pitfalls and integrating countermeasures. This could involve promoting a culture of #critical thinking, fostering diversity of thought, and leveraging decision-making frameworks that offer checks against bias.

Enhancing #situationalawareness necessitates a holistic view of the organization's cybersecurity status. Real-time monitoring, regular audits and exercising #incidentresponse capabilities can provide up-to-date insights into the security landscape, highlighting potential vulnerabilities and improving responses to threats.?

The Evolving Landscape of Global Semiconductor Industry: Trends, Challenges, and Future Directions

The global #semiconductor industry is a highly dynamic and increasingly important domain, this is the foundation of harvesting the benefit of cyber-digital transformation. This sector, once primarily centered in the United States, has now become a global playing field with numerous nations and as trade wars are intensifying so do more and more nations trying to secure their place in this domain.

The semiconductor landscape has significantly transformed over the years, moving from the production of simple memory #chips to the creation of complex processor chips.?This progression has seamlessly blended into our everyday lives, with a multitude of technologies leaning heavily on these small but incredibly potent bits of #silicon.

Of late, an interesting shift has been observed: major tech giants such as Apple, Google, Amazon, and Facebook have started designing their own specialized chips. This change has effectively reduced the dependency on general-purpose chips, leading to a unique twist in the semiconductor narrative.?

In parallel to this, #military technology is increasingly reliant on chip technology, underscoring the far-reaching implications of chip manufacturing and its influence on #globalsecurity. However, this development doesn't come without its challenges, particularly with protectionist policies that may trigger a domino effect of consequences.

These shifts lead us to several pertinent questions that warrant careful consideration. How will the decreasing use of general-purpose chips and the increasing use of highly specialized ones influence production processes? How can the industry navigate the complex interplay between military applications and chip manufacturing? How can a nation, or a region secure its leader position in the era of cyber-digital transformation without or with limited access to chip manufacturing??

Furthermore, geopolitical tensions, such as the escalating cold war with China and the vulnerability of the South China Sea, add another layer of complexity. What implications could these geopolitical dynamics hold for Southeast Asia's future, a region intricately tied to the global semiconductor supply chain? Also, where does the cognitive talent reside (a.k.a. who has access to professionals)?

In addition to these broad strokes, there are other areas within the ongoing rush for resources that remain underexplored. These include the impact of #MachineLearning (ML) on chip demand and manufacturing, the use of ML in chip design and production, and the influence of emerging technologies like Field Programmable Gate Arrays (#FPGA), laser printing, and Extreme Ultraviolet Lithography (#EUVL) on the industry.

We also must consider the recovery time from potential retooling disasters and the effect of new chip manufacturing equipment, particularly from #European regions like the Netherlands. There's still much to analyze in terms of economies of scale with laser printing and its implications for the industry.

In conclusion, the global semiconductor landscape is experiencing fascinating shifts. This is a field where innovation, geopolitics, and economy intersect, creating a complex, challenging, but exciting domain to explore. However, it is clear that any policymaker serious about digital sovereignty should consider the semi-conductor aspect in future discussions.

News from the world

Over the past few weeks, I have observed significant developments that merit thoughtful discussion. This newsletter aims to dissect these events and trends, hopefully sparking ideas and facilitating informed conversations.

Let's dive right in.

Cybersecurity Update: Truebot Malware Threat

On a different note, the Cybersecurity and Infrastructure Security Agency (#CISA), the Federal Bureau of Investigation (#FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) have jointly released a Cybersecurity Advisory (#CSA) regarding the increasing use of newly identified #Truebot malware variants against organizations in the United States and Canada.

The new Truebot variants are being leveraged by malicious cyber groups like the CL0P Ransomware Gang to collect and exfiltrate information from victims. Threat actors are using phishing campaigns and exploiting remote code execution vulnerabilities to deliver the malware. Organizations are advised to apply incident responses, mitigation measures, and vendor patches urgently.

Find more details?here.

The Tipping Point for Russia's Military Bloggers

The recent mutiny of the #Wagner Group, a #Russia-based private military company, underscores a significant shift in Russia's information landscape. The events surrounding the attempted coup, spearheaded by Yevgeny #Prigozhin, a long-time #Putin ally, have put the country's military bloggers or "voenkory" in a challenging spot.

The voenkory, characterized by their pro-nationalist and pro-war stance, have successfully filled the information gap left by the government's silence on the warfront. They've been instrumental in moulding public sentiment via social media platforms like Telegram, boasting millions of followers across different channels. However, the rebellion has stirred uncertainty amongst them, as choosing sides could result in grave consequences.

As the situation unfolded, the voenkory showed signs of hesitation and self-censorship, a new development for this otherwise vocal group. This reveals the precariousness of their position - they are at the mercy of their affiliations and must walk a tightrope between pleasing their followers and aligning with the government's narrative.

From a European perspective, this shift is notable. The voenkory, by fueling pro-nationalist sentiment, influence public opinion not only within Russia, but also within Russian-speaking communities across Europe. Their accounts offer a window into the nation's military actions, but their newfound self-censorship may obstruct the flow of information that has previously been relied upon.

Furthermore, the event indicates the limits of Russia's "citizen-journalism-meets-propaganda" model, suggesting that the state may be looking to rein in these independent voices. As Putin attempts to centralize control, it will be essential to monitor how these dynamics evolve and what implications they could have for European-Russia relations.

More on the topic?here?and?here.

Closure of Internet Research Agency a.k.a. Russian Troll Farm

Speaking of Wagner mutiny, consequances are reaching further than just military bloggers, or end of Wagner PMC as a standalone company (empire?). After Yevgeny Prighozin staged a failed coup against the Russian government, the infamous Internet Research Agency (IRA), known for disinformation campaigns, is now closing. The St. Petersburg-based troll farm was a significant part of Russia's interference with Western social media. It's shutting down after Prighozin, who is also the creator of IRA, had his assets in Russia stripped due to the Wagner Group's brief revolt.

This doesn't mean the world is suddenly becoming a safer place suddenly, but hopefully for the time being Russia's domestic and international power struggle will lower the efficiency of the successor organisation. At the same time it can also mean the appearance of several smaller entities utilising their military grade psyops capability against governments, organisations and civil population. Just like Cambride Analytica did.

Early Insights into the Security of LLMs: Version 0.5

As the world moves towards a future increasingly defined by AI, the security of Language Learning Models (LLMs) is gaining paramount importance. This document by #OWASP, labeled as Version 0.5, serves as a significant landmark on this journey towards a safer AI landscape.

This preliminary document encapsulates the collective insights and understandings of a dedicated team that has been studying the unique vulnerabilities of applications leveraging #LLMs. It is worth noting that this is not the final version of the OWASP Top 10 for LLMs. Instead, it is to be seen as a glimpse into what's on the horizon.

In Europe there are initiatives and activities towards a European repository of #vulnerabilities and recommendations. Europe, with its strong emphasis on data privacy and security, should also benefit from the insights into potential vulnerabilities inherent in LLM applications, especially that the leading technological solutions are non-European.

For an in-depth look into this document, follow the link?here.

Hacking EV charging stations

The?report?on #electric vehicle (EV) charging station hacking and security vulnerabilities is of significant importance from a European perspective due to several reasons:

1. Increasing dependence on EVs:?Europe, like the rest of the world, is experiencing a surge in EV adoption as part of its climate change mitigation strategies. With a rise in EV usage, the number and usage of charging stations will increase, exposing more opportunities for potential cyber threats.
2. Threat to power grid stability:?The vulnerability of #chargingstations presents a risk to the stability of the #powergrid. #Hackers can exploit these weaknesses to remotely turn charging stations on and off, causing power fluctuations that could destabilize and potentially bring down entire electricity networks. This threat is not just confined to a single country but is a shared risk across Europe due to interconnected power grids.
3. Lack of standards and regulations:?Presently, there are no universally accepted standards or regulations in place to ensure the cybersecurity of EV charging stations. Europe, with its focus on regulatory frameworks, could lead in establishing these guidelines.
4. Privacy and Data Security:?Hackers exploiting these vulnerabilities could potentially access sensitive customer data and vehicle information, raising serious privacy and data security concerns.
5. International security implications:?Cyber threats to critical infrastructure like EV charging networks can also be a tool for international conflict, as these systems can be targeted by nation-states, posing a threat to national and regional security.

There is an need for imminent attention to the cybersecurity of EV charging stations and (not just) EV cars in Europe, emphasising on proactive measures, establishment of standards, and regulatory oversight. Ideally this should be done proactively before the issue reaches a critical mass.

US Intelligence Agencies might not be able to purchase American’s data anymore without a warrant. But they might do so with non-Americans.

The proposed amendment to a "must-pass" defense bill in the United States House of Representatives could potentially end the governmental practice of buying Americans' data without a warrant, a process criticized as a way to circumvent the #Fourth #Amendment's protections against unreasonable searches and seizures. This legislation, supported by both #Republican and #Democratic lawmakers, addresses concerns raised in a recently declassified report about the extensive purchase of citizens' data by intelligence and law enforcement agencies.

From a European perspective, this development is significant for several reasons:

1. It underscores the ongoing global conversation about the balance between national security and individual privacy rights, a concern shared by many European countries.
2. The #US is a major player in setting global digital standards. Changes in its digital #privacy laws could impact the international digital rights landscape and inspire similar measures in Europe, where data protection is a core value, as shown by the implementation of the General Data Protection Regulation (#GDPR) or Digital Services Act (#DSA).
3. Many global tech companies are based in the US, so changes in the way these companies handle data could impact European users as well.
4. The amendment could affect US-EU data sharing agreements such as the "#Privacy #Shield", impacting how European data is handled when it's transferred to the US.
5. Lastly, this development may foster a renewed debate on the nature and extent of governmental surveillance, which could influence the stance of European countries on similar issues.

More on the topic?here.

France justice reform to enable law enforcement to spy through connected devices

The #French justice reform bill, which includes a provision enabling law enforcement to spy on suspects by remotely activating the camera, microphone, and GPS of their devices, has been approved by lawmakers and it is on its way to the Parliament for acception. The law covers various devices including phones, laptops, cars, and others, aiming to geolocate suspects in crimes that are punishable by at least five years' imprisonment.

Despite assurances from Justice Minister éric Dupond-Moretti that this would impact only a few cases annually, the law has stirred controversy, being criticized as an authoritarian snoopers' charter. Digital rights group La Quadrature du Net raised concerns about potential infringement of fundamental liberties, such as the right to security, privacy, and freedom of movement.

This law, exemplifies a broader debate about balancing public security with personal freedoms. The legislation also sparks questions about its potential effects on the wider European context, given the interconnected nature of digital communications and international law enforcement cooperation. It could potentially set a precedent for other European countries considering similar legislation, thereby shaping the continent's approach to digital privacy and surveillance

Read more?here.

Keep an eye out for our next issue where we'll further explore the emerging trends and beyond. I highly value your insights, feedback, and suggestions to make our discussions more engaging and enriching.