At a glance.
- The US Executive Order on artificial intelligence is out.
- Passkeys as successors to passwords.
- Hive ransomware gang may be back, and rebranded.
- Coinminers exploit AWS IAM credentials.
- LockBit claims to have obtained sensitive information from Boeing.
- Internet and telecoms in Gaza are interrupted.
- Deepfakes have an effect even when they're not used.
- Ukrainian auxiliaries disrupt Internet service in Russian-occupied territory.
The US Executive Order on artificial intelligence is out.
US President Biden this morning issued an executive order (EO) on artificial intelligence (AI). Initially available to the public in the form of a White House Fact Sheet, the EO "establishes new standards for AI safety and security, protects Americans’ privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and competition, advances American leadership around the world, and more." The closing "and more" is seriously intended. The EO is complex and far-ranging, touching on both the risks and opportunities the family of emerging technologies presents.
Many of the provisions of the EO have little to do directly with cybersecurity proper, but those that do include:
- "New Standards for AI Safety and Security." The EO will apply the Defense Protection Act to require that development and subsequent training of "any foundation model that poses a serious risk to national security, national economic security, or national public health and safety" must be reported to the federal government. Such reporting must include "the results of all red-team safety tests." These measures will ensure AI systems are safe, secure, and trustworthy before companies make them public. The National Institute of Standards and Technology (NIST) will establish "rigorous standards for extensive red-team testing to ensure safety before public release." The Department of Homeland Security (DHS) will establish an AI Safety and Security Board to ensure compliance. DHS will also work with the Department of Energy to address AI-based threats to critical infrastructure. The Department of Commerce will develop guidance for content authentication (the EO specifically mentions "watermarking") to ensure the AI-generated content is clearly recognizable as such. The National Security Council will lead preparation of a National Security Memorandum to "ensure that the United States military and intelligence community use AI safely, ethically, and effectively in their missions, and will direct actions to counter adversaries’ military use of AI." Some of the aspirations in this section are positive rather than preventive. The EO promises a cybersecurity program to develop AI tools that can find and fix software vulnerabilities
- "Protecting Americans’ Privacy." The EO promises a range of measures designed to develop technologies that can protect individuals' privacy. New cryptographic tools are specifically mentioned. Here too the provisions are both positive and preventive, seeking not only to protect data from AI-enabled snooping, but to use AI in ways that would enhance privacy.
- "Ensuring Responsible and Effective Government Use of AI." The EO promises "guidance for agencies’ use of AI, including clear standards to protect rights and safety, improve AI procurement, and strengthen AI deployment."
Other sections of the EO focus on ensuring competition, preserving and creating jobs, avoiding certain civil rights risks (particularly in employment and housing), and supporting AI research and development. The White House Fact Sheet emphasizes the degree to which international consultation shaped the EO, and the list of partners is long and instructive: Australia, Brazil, Canada, Chile, the European Union, France, Germany, India, Israel, Italy, Japan, Kenya, Mexico, the Netherlands, New Zealand, Nigeria, the Philippines, Singapore, South Korea, the UAE, and the UK. (Notably absent are China and Russia.) The UK is hosting a much-anticipated AI summit this week, and the United Nations has announced the formation of an AI governance advisory committee. For more on the Executive Order concerning artificial intelligence, see CyberWire Pro.