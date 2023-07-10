Comment on this story Comment Gift Article Share

Below: A recent injunction unravels 2024 election integrity efforts, and the FBI was caught off guard by the emergence of deepfakes. First:

The House tees up cyber ideas and amendments for the annual defense policy bill

The House is expected to tackle its annual defense policy bill this week, legislation that has provisions meant to safeguard U.S. nuclear systems from cyberattacks and force the Pentagon to cooperate on cybersecurity with Taiwan.

In recent years, the annual National Defense Authorization Act (NDAA) has become home to some of the biggest ticket cybersecurity actions that Congress has taken, as well as battles over cyber policy. This year there are fewer huge ideas, but some amendments that lawmakers have proposed could add spice to the floor proceedings.

The amendments include proposals to:

Authorize more collaboration on cybersecurity with several Middle Eastern countries.

Direct a cyber agency to conduct a thorough study of the landmark SolarWinds hack.

And order a Department of Homeland Security threat assessment on cyber harassment by terrorists and other foreign threats.

The base bill

As originally introduced, the section of the bill that most heavily deals with cybersecurity “focuses Defense leadership on actually integrating commercial technology — not just developing it — [and] improves their cybersecurity posture through better visibility into networks and endpoints, develops metrics to measure the Department’s success at transitioning technologies, and hardens academic research security from intellectual property thieves, like the Chinese Communist Party,” Rep. Mike Gallagher (R-Wis.), who chairs the House Armed Services subcommittee that advanced that portion of the legislation on June 13, said in a statement.

The bill would, for instance, require the secretary of defense to develop an intellectual property strategy “to better secure the United States’ technological edge, encourage the development of patentable inventions, and thwart adversarial behavior to undermine the U.S. technological base by utilizing intellectual property rights,” as summarized in the committee report on the legislation.

Another provision of the base bill would create an office under the chief information officer “to establish, maintain, and oversee the activities of the Department of Defense in its relationship with academia, to include those entities involved in primary, secondary, and post-secondary education.”

And another would authorize the Defense Department to receive voluntary cybersecurity services from private sector experts. That’s meant to strengthen the legal footing of the Marine Corps Cyber Auxiliary program, which trains Marines to hone their cyber skills, and allow other services to create their own similar programs.

Committee action

When the full Armed Services Committee approved the bill, it also adopted some cyber amendments.

The highlights include:

Don Bacon (R-Neb.) and Gallagher. “Closing gaps in the cybersecurity practices of our nation’s nuclear systems is not one of them.” An amendment to create a working group to inventory nuclear systems that have the greatest cybersecurity risks, following a critical Government Accountability Office report last fall about cybersecurity shortcomings at the National Nuclear Security Administration. “There are some causes that may not seem worth Congress’ time at first glance,” said Rep. Salud Carbajal (D-Calif.) , who sponsored the amendment with Rep.(R-Neb.) and Gallagher. “Closing gaps in the cybersecurity practices of our nation’s nuclear systems is not one of them.”

Chrissy Houlahan (D-Pa.). Lawmakers have cited fears that cyberattacks could aid a Chinese invasion of Taiwan, as they did with Russia’s invasion of Ukraine. An amendment incorporating legislation that would “arm Taiwan to the teeth in the cyber domain” in the words of Gallagher, who co-sponsored the bill with Rep.(D-Pa.). Lawmakers have cited fears that cyberattacks could aid a Chinese invasion of Taiwan, as they did with Russia’s invasion of Ukraine.

The amendments

Meanwhile, lawmakers have offered more than 1,400 amendments to the House NDAA, although some of them are revised versions of the same amendment. The House Rules Committee is scheduled to sift through them Tuesday to decide which ones the whole House will be able to consider. Only a fraction will see floor action, with Democrats likely to get consideration for fewer of their amendments in the GOP-controlled House.

Still, there are several cybersecurity amendments that could be incorporated:

The keys

Social media injunction unravels 2024 election integrity efforts

Civil rights groups and academics say that a recent order that places extraordinary limits on how the U.S. communicates with tech companies undermines efforts to harden social media platforms against election interference, our colleagues Cat Zakrzewski, Naomi Nix and Joseph Menn report.

“After companies and the federal government spent years expanding efforts to combat online falsehoods in the wake of Russian interference on the platforms during the 2016 election, the ruling is just the latest sign of the pendulum swinging in the other direction,” they write.

They add that Silicon Valley companies are shedding content moderation and disinformation research staff amid heightened political scrutiny

The Justice Department last week asked that the ruling be stayed, arguing it is vague and confusing. The plaintiffs in the case — the attorneys general of Louisiana and Missouri — pushed back on Sunday, arguing in a court filing that the motion for a stay should be denied.

The dynamic means that the order will help fuel election lies, civil rights representatives said.

“As the U.S. gears up for the biggest election year the internet age has seen, we should be finding methods to better coordinate between governments and social media companies to increase the integrity of election news and information,” Nora Benavidez, a senior counsel at Free Press, told our colleagues.

FBI officials were caught off guard by emergence of deepfakes, internal emails show

FBI officials in 2018 were thrown off by the emergence of deepfakes, Joseph Cox reports for Motherboard, citing obtained internal emails.

Cox writes: “The news shows that as deepfakes started as a vehicle for non-consensual pornography, government officials were already concerned about other ways deepfakes would impact their work, including for surveillance and investigating crime.”

“Do we have the ability to effectively detect this?” wrote an FBI official from the agency’s Operational Technology Division in a July 2018 email.

Derek Hawkins that explored lawmakers’ concerns about deepfakes. The email referred to a Cybersecurity 202 newsletter authored by our colleaguethat explored lawmakers’ concerns about deepfakes.

Another official replied back with “No” and said a Defense Advanced Research Projects Agency analysis of the technology was the “best current” government research available.

The FBI recently warned AI tools are being used to create sexually explicit materials for intimidation and extortion. The bureau said such images have appeared “true-to-life” and in some cases are used against children.

Deepfakes have also become an emerging matter that communications regulators may need to address in the context of political advertisements and political campaigns, our Technology 202 newsletter previously reported.

Pakistan election commission employees targeted with suspicious emails

Employees working for the Election Commission of Pakistan (ECP) were targeted with suspicious emails, Bahzad Saleemi reports for Samaa News. The ECP warned that the emails could be part of an attempt to install ransomware on ECP systems.

“A statement released by the Commission urgently called on all employees to exercise extreme caution, advising them to disregard and report any emails from unknown or anonymous sources,” Saleemi writes. The development comes as Pakistani general elections are expected later this year.

“Meanwhile, the electoral watchdog has also urged political parties, candidates, and relevant stakeholders to remain vigilant and take necessary precautions to protect their digital infrastructure from potential cyber-attacks,” the Samaa report adds.

It’s not the first time the ECP has been targeted by hackers. It faced another incident in 2013 when an alleged Indian hacker defaced its website ahead of an election period.

