At a Glance.
- The FCC will target AI-generated robocalls after Biden primary deepfakes.
- External cybersecurity contractors reduce national security contributions for fears of political retaliation.
FCC targets AI-generated robocalls for Biden primary deepfakes.
The News.
The Federal Communications Committee (FCC) has announced it will target artificial intelligence (AI) robocalls after deepfakes were created to mimic President Biden ahead of the New Hampshire primaries. These fake robocalls attempted to convince New Hampshire voters to hold their vote for the general election in November and avoid participating in the primaries. The Biden campaign commented on these fake robocalls saying that this “deep fake disinformation [was] designed to harm Joe Biden, suppress votes, and damage our democracy.”
Additionally, the FCC chair, Jessica Rosenworcel, proposed that AI-generated robocalls be recognized as “artificial voices” under the Telephone Consumer Protection Act, which would make these calls illegal. Rosenworcel stated, "AI-generated voice cloning and imaging are already sowing confusion by tricking consumers into thinking scams and frauds are legitimate.”
The Knowledge.
As AI usage continues its rapid proliferation, concerns surrounding the technology have only continued to mount with growing calls for increased government oversight following suit. With this announcement, the FCC now joins several other major federal bodies, such as the Federal Trade Commission and Congress, in beginning to address concerns surrounding AI.
However, this most recent incident has raised concerns about how malicious actors can abuse AI to scam consumers as opposed to other concerns related to safeguarding AI’s development or securing fair markets. Notably, these concerns have already been raised beforehand as Representative Clarke introduced the DEEPFAKES Accountability Act, and Representative Pettersen introduced the Preventing Deep Fake Scams Act last September. Currently, neither bill has been passed in either the House of Representatives or the Senate.
The Impact.
As mentioned above, while this latest situation regarding AI has garnered significant government attention, these concerns have existed for some time amongst Congressional members. While Congress has not taken any action at this time, people should expect both Congress and federal agencies to renew their interest in AI robocalls and become more involved.
For now, consumers across the globe should be wary of potential scams. Until legislative action is taken, consumers should remain vigilant for potential AI robocalls and other phishing scams as malicious attackers continue to find ways to exploit the emerging technology.
Fears of retaliation amongst US cybersecurity contractors hampering defense initiatives.
The News.
Reports have emerged surrounding the federal government’s Joint Cyber Defense Collective (JCDC), stating that the collective has seen a substantial loss in participation due to fears of retaliation from far-right extremist groups. The JCDC was originally formed by the Cybersecurity and Infrastructure Security Agency (CISA) in 2021 and was designed to enlist external cybersecurity professionals in combating cyber criminals and nation-state actors. The JCDC was designed as a threat-sharing hub, where professionals could exchange relevant breach information to help prevent future attacks.
However, despite the JCDC’s mission, the group's activity has dropped substantially according to several participants citing two issues.
- Participants felt the JCDC needed to be better organized.
- Participants felt that CISA’s work to combat disinformation was making them political targets for far-right extremists.
While the JCDC had no role in content moderation, participants remarked that they felt fearful that they were becoming potential political targets. Several notable cybersecurity professionals have reported receiving online harassment, death threats, and being targeted by various lawsuits and legal challenges.
The Knowledge.
While new, the JCDC is a notable cybersecurity asset for the US’s security posture. As most of the US’s networks operate on privately owned software and hardware, the US relies heavily on external cybersecurity specialists to help secure critical infrastructure and sensitive information. With participants contributing less to the JCDC, concerns have only continued to rise, especially after several top cybersecurity officials have warned lawmakers that Chinese hackers are beginning to increasingly target US infrastructure.
While CISA's Executive Assistant Director, Eric Goldstein, has responded to these claims stating that he has not seen any notable drops in JCDC participation, Marc Rogers, founder of the CTI-League, claimed that both CISA and the JCDC are currently a “dumpster fire.” Goldstein also commented that CISA is aware of these concerns and is “eager to work toward an environment where researchers [can] contribute…without fear for their own safety.”
The Impact.
While at this moment the JCDC still exists, its future is not certain. While Goldstein has expressed significant interest in keeping the collective going and working to create a safer environment for participants, no major changes to the JCDC’s structure have been implemented at this time. Both members of CISA and external participants agree that these collaborative efforts are critical to the national security posture. If the JCDC were to address these concerns, a significant reorganization would need to occur to ensure external participants feel safe and valued within this collective. Until this reorganization, security practitioners should be aware that the national security posture has diminished and that foreign actors are looking to exploit this security vulnerability.
Other Noteworthy Stories.
Several major nations sign agreement to address the proliferation of spyware technology.
What: On Tuesday, several major nations, including the US, France, and Britain, as well as major tech firms, including Google, Meta, and Microsoft, have signed a joint statement that aims to address the malicious use of spyware tools. This declaration was signed by thirty-five nations at a conference hosted by Britain and France.
Why: This agreement looks to address how the spyware market has continued to grow and how it has impacted national security and human rights. The declaration called on its signatories to use spyware tools in legal and responsible manners as well as implement greater regulatory oversight. This recent agreement comes after the US announced a new visa restriction policy on Monday for those misusing commercial spyware. With this new agreement, signatories look to regulate spyware usage and prevent bad actors from being able to hack into the phones and devices of potential targets.
Chinese hacking campaign aimed at critical infrastructure goes back five years, US says.
What: US and allied intelligence agencies announced in a joint statement Wednesday that an advanced group of Chinese hackers have been targeting critical infrastructure within the US for at least half a decade. The group, also known as “Volt Typhoon,” has been reportedly targeting aviation, rail, mass transit, highway, maritime, pipeline, water, and sewage organization networks with the goal of sabotage rather than traditional espionage. This statement was co-signed by Britain, Australia, Carnage, and New Zealand’s respective cybersecurity agencies.
Why: This latest announcement comes a week after the US government announced its intention to target the advanced group by remotely targeting and disabling aspects of the group’s hacking operations. Additionally, this statement comes after reports over the past months have noticed significant upticks in Chinese cyber attacks against critical US infrastructure assets. As tensions between the US and China continue to grow, organizations should take steps to ensure that their assets are secured from both espionage and sabotage efforts.
Concerns grow as Affordable Connectivity Program may end.
What: The Biden administration announced that it would stop accepting new enrollments after Wednesday to the Affordable Connectivity Program amid funding concerns. This program was created to provide broadband discounts to Americans across the US; however, without increased funding, the program is expected to run out of funding in May. While the Biden administration has called on Congress to approve additional funding for the program, at this time, no funding has been set aside.
Why: Currently, the Affordable Connectivity Program provides financial assistance to 23 million households across the US to enable families to access the Internet. This program enables low-income households to receive internet access discounts of up to thirty dollars per month, with houses in tribal communities receiving up to seventy-five dollars in discounts. The FCC Chair, Jessica Rosenworcel stated that losing this program could result in a significant loss in efforts made to close the digital divide across the nation. While the program is still operating at the moment, concerns about securing nationwide broadband are growing as many consider the service an essential public necessity in modern society.