Director’s cut: Insight from Sean Kanuck, IISS Director of Cyber, Space and Future Conflict
At a 6 July cyber security conference in Moscow, Russian President Vladimir Putin called for closer international cooperation to address cyber attacks. He asserted that cyber threats have reached a level that can only be countered by the combined efforts of many nations. Although Russia itself has contributed to the perils of cyberspace, Putin’s claim is accurate in that any truly global challenge – like cyber security or environmental protection – requires multilateral communication and coordination.
Also this week, Beijing will host an international security forum that will explore ‘new concepts for understanding the world’ as a substitute for previous models promoted by the West. If China, or Russia for that matter, seeks to lead new efforts for achieving international peace and security, then transparency regarding their own activities and objectives will be integral. Towards that end, the IISS will partner with universities and other think tanks in the US, China and Russia to convene trilateral roundtable discussions on military cyber stability from 17–19 July in Washington DC. We hope to constructively exchange ideas on the strategic challenges in cyberspace in order to seek systemic solutions for de-escalation and conflict avoidance.
Cyber weapons proliferation
An employee of Israeli firm NSO Group has been indicted for stealing the company’s spyware tool and attempting to sell it online for US$50 million in cryptocurrency. NSO Group sells malware exclusively to government agencies that enables them to break into mobile phones remotely. This incident has revealed the challenge of preventing malware proliferation, and follows a 2016 investigation by Citizen Lab that found that tools sold by the company were being used by the United Arab Emirates to target dissidents and by Mexico to spy on politicians and journalists.
Cellebrite – the Israeli firm hired by the United States Federal Bureau of Investigation to unlock the iPhone used by one of the San Bernardino shooters – is expanding its offerings to the Internet of Things (IoT). With the increasing connectivity of many household devices, hacking into IoT networks could become a source of valuable intelligence for law enforcement investigations. Cellebrite’s capabilities will likely attract governments that want to monitor and control their citizens’ behaviour.
Fitness apps and smartphones threaten security
Researchers have discovered that the fitness app Polar Flow can be used to identify the physical locations of government officials and military personnel at home and in secret locales around the world. This finding follows revelations in January that another fitness app, Strava, published heat maps that revealed similar information.
Last week, United Kingdom defence secretary Gavin Williamson accidentally activated Siri on his iPhone during a speech in Parliament. Some have expressed concern that virtual assistants may be recording sensitive conversations or that malicious actors could issue silent commands to such software. These incidents have raised doubts over the security of smartphones in safeguarding national security.
Mobile forensics to combat asylum fraud
Several European Union countries have enacted or proposed laws that would allow immigration officials to search the mobile phones of asylum seekers. Policymakers hope that analysing text messages and metadata on these devices could help forensic investigators to identify and curb fraudulent asylum applications. However, asylum seekers are heavily reliant on their phones for communication and navigation, and critics argue that these laws violate their privacy.
Twitter cleans the nest
Twitter has sharply escalated its battle against fake and suspicious accounts, suspending more than one million accounts per day in recent months. Such a major effort to lessen the flow of disinformation on the platform constitutes a commendable move by a private company to enhance the security and reliability of the social media ecosystem. The elimination of fake accounts or those used primarily to propagate spam messages will make political influence campaigns and automated cyber attacks more difficult to perpetrate.
France’s AI partnerships
France has recently forged bilateral artificial intelligence (AI) partnerships with both Canada and the UK. French President Emmanuel Macron and his Canadian counterpart Prime Minister Justin Trudeau announced a collaboration between the two countries’ government specialists, scientists and industries to establish an ethical AI framework. The coalition will be charged with determining ways in which developing AI technology can benefit society and the economy.
Similarly, a new five-year agreement between France and the UK will strengthen cooperation between leading research centres in the two countries. Signed at the UK–France Digital Colloque – a summit of over 250 cross-sector representatives from both countries – the accord will facilitate collaboration between the French and British digital industries, extending cooperation on innovation, AI, data and digital administration.
EU copyright proposal voted down
The European Parliament voted against a controversial copyright directive proposal on 5 July. Supporters of the directive asserted that it gave individuals and organisations more control over how their digital content is hosted and shared. However, critics argued that the law undermined the free and open nature of the internet. Although the original version was rejected, EU policymakers have the opportunity to revise the directive and possibly call a revote.
Australia sets up fourth cyber security centre
Australia launched the Perth Joint Cyber Security Centre (JCSC) on 6 July, the fourth such agency established to protect Australia’s business community from cyber attacks. Home to multiple energy and resource corporations, western Australia is particularly dependent on information technology networks, and is vulnerable to cyber intrusions due to its vast land mass. The JCSC model is the Australian government’s AU$47m (roughly US$34.7m) campaign undertaken to improve cyber security practices through information sharing.
Despite such national efforts, China-based hackers infiltrated computer systems at the Australian National University (ANU) in Canberra. Home to the country’s leading national security college and many defence research projects, ANU is working in conjunction with the federal government to assess the scale and scope of the information theft. While officials have confirmed China as the geographic origin of the attack, they cannot prove Chinese government involvement. However, this incident calls into question Beijing’s compliance with a recent Sino-Australian accord against cyber theft.