Review of Cyber Week: September 16, 2022
NSA unveils new quantum computing standards, Newsom signs a social media law, the United States sanctions Iranian officials, CISA establishes a task force on ransomware; A Twitter leaker gives evidence.
The social media transparency bill is signed by Gavin Newsom.
A.B. 587, a bill requiring social media transparency, was signed this week by California Governor Gavin Newsom. The legislation mandates that businesses submit semi-annual reports outlining their practises for policing extremism, hate speech, and discrimination on their platforms. Some social media businesses have already started to publish reports on their content moderation procedures, but detractors have remarked that these reports frequently lack consistency and clarity, making it difficult to conduct long-term analyses or company comparisons. The First Amendment has been violated, according to social media firms and other analysts, while other officials have expressed concern that the bill could make it simpler to get over content moderation rules.
U.S. fines Iranian government officials for cyberattacks in Albania
In response to a series of cyberattacks that targeted Albania in July 2022, the Iranian Ministry of Intelligence (MOIS) and Esmail Khatib, the MOIS’s director, were the targets of additional sanctions issued by the U.S. Treasury Department. According to the statement, Iran “disregards principles of responsible State behaviour in cyberspace” with its cyberattacks. A group hostile to the Iranian government convened a seminar in Albania the day before the attacks, which hit multiple official websites and services. Albanian government severed diplomatic ties with Iran as a result of the incident and other factors. Albanian officials reported that they had been the target of another significant Iranian cyberattack two days after their contacts were severed, suggesting that this action did not appear to dissuade Iran.
Joint Ransomware Task Force is established by CISA.
This week, the new Joint Ransomware Task Force’s inaugural meeting was held by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The task force, whose creation was initially announced in May 2022, seeks to improve coordination among several government institutions. The task force, which is co-chaired by the FBI and CISA, will be tasked with a variety of important responsibilities, such as prioritising operations to disrupt particular ransomware actors, promoting cooperation between federal agencies and private businesses, and identifying the ransomware groups that pose the greatest threat. In the past two years, the U.S. government has started to take more overt action against ransomware groups, indicting eleven Iranians and two organisations for their involvement in ransomware attacks on the United States.
NSA publishes updated specifications for algorithms that can withstand quantum computing
This week, the US National Security Agency published its updated specifications for algorithms that can withstand quantum computing. The new specifications outline a roadmap for federal agencies and contractors to switch to the new algorithms, which are impervious to both classical and quantum computer breaking. By 2035, the NSA anticipates that agencies and contractors will have completely switched over to the algorithms. Four of the National Institute of Standards and Technology’s (NIST) quantum-proof algorithms were recently made public, and more are anticipated to follow in the following months. Because quantum computers can decrypt standard techniques far more quickly than classical computers, quantum computing has long been heralded as a new era in cryptography. Meanwhile, competition with China in the field of quantum information sciences is intensifying.
Congress is informed by a whistleblower that Twitter hired Chinese and Indian intelligence agents.
Peiter Zatko, a former leader of Twitter’s security team, spoke to the Senate Judiciary Committee on Tuesday about the social media company’s security flaws. Zatko claimed that by failing to protect the network against hacking and exploitation, Twitter had “misled the public, lawmakers, regulators, and even its own board of directors.” By telling Congress that he had heard the company employed “at least one [Chinese intelligence] agent” while knowingly hiring Indian intelligence agents, Zatko suggested that the corporation was vulnerable to foreign surveillance. Twitter refuted Zatko’s claims, claiming they were “full of contradictions and falsehoods,” and insisted that its recruiting procedure was “free from any foreign influence” and that user data was protected by a number of internal safeguards.