Top stories.
- White House releases National Security Strategy.
- UK's NCSC warns of threats posed by AI prompt injection attacks.
- Maryland man sentenced to prison for involvement in North Korean employment schemes.
White House releases National Security Strategy.
The White House late last week released the United States' new National Security Strategy, a 30-page document outlining the Trump administration's global priorities. On the cyber front, the biggest change is the elevation of economic power, industrial capacity, and supply-chain control as core strategic tools. The strategy says the US government should "partner with regional governments and businesses to build scalable and resilient energy infrastructure, invest in critical mineral access, and harden existing and future cyber communications networks that take full advantage of American encryption and security potential."
The document adds, "[T]he U.S. Government’s critical relationships with the American private sector help maintain surveillance of persistent threats to U.S. networks, including critical infrastructure. This in turn enables the U.S. Government’s ability to conduct real-time discovery, attribution, and response (i.e., network defense and offensive cyber operations) while protecting the competitiveness of the U.S. economy and bolstering the resilience of the American technology sector. Improving these capabilities will also require considerable deregulation to further improve our competitiveness, spur innovation, and increase access to America’s natural resources."
POLITICO notes that the National Security Strategy is the first of several upcoming defense and foreign policy papers scheduled for release by the Trump administration. The others, including the National Defense Strategy, can be expected to be similarly on-brand.
UK's NCSC warns of threats posed by AI prompt injection attacks.
The UK's National Cyber Security Centre (NCSC) published a report this morning looking at threats posed by AI prompt injection, a type of attack in which large language models (LLMs) are tricked into carrying out malicious instructions. The NCSC stresses that these attacks are fundamentally different from SQL injection, despite conceptual similarities: "Whilst the comparison of prompt injection to SQL injection can be tempting, it's also dangerous. SQL injection can be properly mitigated with parameterised queries, but there's a good chance prompt injection will never be properly mitigated in the same way. The best we can hope for is reducing the likelihood or impact of attacks."
Maryland man sentenced to prison for involvement in North Korean employment schemes.
A 40-year-old Maryland man, Minh Phuong Ngoc Vong, has been sentenced to 15 months in prison after pleading guilty to allowing North Korean nationals to use his identity in fraudulent employment schemes, the Record reports. Vong helped "John Doe," a North Korean national living in China, obtain employment at several American companies, including a contractor for the Federal Aviation Administration (FAA) that worked on "a particular software application used by various U.S. government agencies to manage sensitive information regarding national defense matters."
The Justice Department stated, "Between 2021 and 2024, Vong used fraudulent misrepresentations to obtain employment with at least 13 different U.S. companies, who collectively paid Vong more than $970,000 in salary for software development services that were, unbeknownst to them, performed by Doe or other overseas conspirators. Several of these defrauded companies contracted out Vong’s services to U.S. government agencies in addition to the FAA."
