This week, China’s military exercises seek to intimidate, the Zaporizhzhia nuclear power plant avoids a meltdown, Russia cuts off external information flows online, Mudge Zatko files a complaint against Twitter for weak security, and CISA prepares to fight against post-quantum vulnerabilities. Additionally, HII wins an $826 million defense contract to develop new technologies, a16z explores a decentralized management model, and Snap settles with Illinois over a privacy lawsuit.
Industrial Policy & International Security
How China could choke Taiwan | The New York Times
China has built up the People’s Liberation Army to take Taiwan if peaceful unification does not happen. The military exercises earlier in August were meant as a political signal of confidence in its ability to encircle Taiwan as opposed to practicing a full-scale blockade operation. If implementing a real blockade, China would need hundreds more ships, aircraft, and missiles to control the sea and airspace, and it would deploy its more advanced weapons systems. Cyber operations and information warfare would also be used to control communications infrastructure and the flow and content of information. While the PLA drills did not mimic a full-scale invasion, they did lay the foundation for heightened military activity in the Taiwan Strait. China’s increased presence could desensitize Taiwan to a real invasion and could deter the United States from supporting the island.
Ukraine’s largest nuclear plant is cut off energy grid | The Washington Post
After nearby fires destroyed its last functioning transmission line, the Zaporizhzhia nuclear power plant (ZNPP, Ukraine’s largest nuclear plant) was cut off from the power grid and forced to rely on emergency backup systems. The incident, which occurred in an occupied region, caused a power outage and heightened concerns about a nuclear disaster. Russian and Ukrainian officials blame each other for the shelling that caused the disconnection; President Zelensky and other Ukrainian officials have repeatedly warned that loss of power could prevent ZNPP from cooling its reactors. Now, Zelensky is demanding that Russian forces leave the area so International Atomic Energy Agency (IAEA) inspectors can assess and stabilize the facility. US Undersecretary of State Bonnie Jenkins and IAEA Director General Rafael Mariano reiterated the urgent need for an IAEA expert mission.
The Russian ‘splinternet’ is here | Politico
Russia may soon get its wish to control its domestic internet. The country is becoming more technologically isolated after the Kremlin restricted social media platforms, blocking Facebook, and US companies continue to reduce or eliminate their business with Russia. Cogent, a US internet provider, announced it will cut off service in the country and is working to transition its customers to other providers. These decisions aren’t easy as companies evaluate the benefit of offering services and independent information to Russian citizens while managing concerns that the Kremlin could use their product to spread misinformation. Nick Clegg, president of global affairs at Meta, confirmed that Facebook is working to restore service in Russia. The US State Department issued a statement that Russia’s bans “violate an international right to freedom of expression under Article 19 of the Universal Declaration of Human Rights.”
The bipartisan Journalism Prevention and Competition Act, if passed, would enable smaller, local publishers to increase their share of digital advertising revenue. Google and Facebook earn ad revenue from aggregating news content but that money is not paid to the publishers, compounding the newspaper industry’s ongoing challenges adapting to the digital age. Over the past two decades, thousands of publications have closed their doors and the job market for journalists proportionally declined. The new legislation would allow local newspapers and TV and radio broadcasters that publish original content to collectively negotiate a fee from big tech platforms. National publications are excluded.
Snap agreed to a $35 million settlement with the state of Illinois last month after facing a class action lawsuit alleging the company violated the Biometric Information Privacy Act (BIPA). The lawsuit claims Snapchat’s filters and lenses collected and stored users’ biometric data without their consent. Snap claims that app users’ personally identifiable biometric data is neither collected nor sent to company servers (it remains local to a user’s device), but it rolled out a new consent notice in Illinois to ensure compliance with state law. Illinois has some of the strictest laws in the United States regulating the collection of biometric information; Google, TikTok, and Facebook have settled similar BIPA lawsuits in the past few years.
The government recently awarded a Decisive Mission Actions and Technology Services task order to HII–formerly Huntington Ingalls Industries–to mature and demonstrate technologies to organizations across the Department of Defense. The contract, which is intentionally broad, could be worth up to $826 million over five years and will allow HII to develop nascent C5ISR technologies without waiting for traditional contracts via programs of record. Earlier this year, HII rebranded and expanded their mission from US shipbuilder to global defense contractor. Through a number of acquisitions, HII has grown in-house expertise in artificial intelligence, unmanned and autonomous technology, and other high-tech areas. The company will continue Ingalls Shipbuilding and Newport News Shipbuilding programs.
Twitter whistleblower won hacker acclaim for exposing software flaws | The Washington Post
Twitter is facing scrutiny for insufficient security practices after famous hacker and former head of security at Twitter, Pieter “Mudge” Zatko, filed a complaint with the Securities and Exchange Commission. Then-CEO Jack Dorsey hired Zatko to improve security measures, particularly against politically motivated abuses; however, Zatko was later fired by current CEO Parag Agrawal for poor performance. Zatko claims his departure resulted from a disagreement about communicating information security concerns to members of Twitter’s board. His whistleblower complaint alleges that Twitter is unable to secure its production environment from insider threats, such as disgruntled engineers, or hackers and asks regulators like the FTC to step in. The complaint could impact Twitter’s ongoing legal battle with Elon Musk, who is trying to get out of a deal to buy the company.
The transition from classical computing to quantum computing increases security risks to public key encryption, according to the Cybersecurity and Infrastructure Security Agency (CISA). CISA recommends that critical infrastructure and government leaders follow the Preparing for Post-Quantum Cryptography road map and begin identifying and protecting vulnerable information, protocols, and systems. While the post-quantum computing environment is expected to be more secure, classical computers and encryption methods will be vulnerable during the early stages of quantum adoption, putting previously protected data and transactions at risk. Lawmakers introduced legislation in July that would require federal agencies to implement defenses against quantum breaches.
State & Local Tech Ecosystems
Last month, Silicon Valley venture heavyweight Andreessen Horowitz announced that, in a post-COVID era, centralized headquarters are no longer necessary. TechCrunch senior reporter Mary Ann Azevedo interviewed Andreessen Horowitz General Partners Angela Strange and Anish Acharya to discuss the firm’s decentralized management philosophy in action and the impact on fintech. Strange and Acharya emphasized a shift in startup mentality from starting local and expanding to starting global. While this change might be straightforward from a software product perspective, it presents immediate challenges related to managing global teams and currency. With more companies starting with a global market in mind, there is an opportunity for fintech to build a new infrastructure to help them manage distributed teams and multiple currencies on day one.
This week, Alameda County Superior Court Judge Evelio Grillo tentatively denied Tesla’s request to dismiss a Department of Fair Employment and Housing (DFEH) lawsuit accusing the company of racial discrimination and harassment. A three-year investigation led by DFEH uncovered evidence that Black workers at Tesla’s Fremont factory disproportionately faced harassment, unequal pay, and retaliation compared to non-Black workers. Evidence included complaints of persistent racial slurs and pervasive racist graffiti. Tesla attorneys described DFEH claims as “uncertain, ambiguous, and unintelligible.” A former Tesla contractor won a jury verdict over racist abuse at the same factory but is pursuing a retrial after the judge significantly reduced the awarded compensation.
How US Cyber Command, NSA are defending midterm elections: one team, one fight | US Department of Defense
The joint Cybercom-NSA Election Security Group (ESG) re-launched earlier this year in alignment with midterm elections in the United States. Co-led by Air Force Brig. Gen. Victor Marcias from Cybercom and Anna Horrigan from the NSA, the group leads Department of Defense efforts to secure American elections and collaborates with other government partners like DHS and the FBI. The ESG is responsible for discovering foreign influence campaigns; sharing information with the interagency, allies and partners, and private sector entities; and imposing costs on foreign actors. With its foreign intelligence gathering capacity and offensive cyber authority, the ESG is uniquely positioned to disrupt and degrade foreign actor’s operations as soon as they are discovered. The Office of the Director of National Intelligence expects election interference from Russia, China, Iran, and other malicious actors.
In the 1990s, Mary Ellen Zurko proposed user-centered security as a complement to technical security. Today’s phishing warnings and password strength indicators originate from her understanding that how humans interact with technology influences security as much as technical integrity. Zurko, who is currently a cybersecurity researcher at MIT Lincoln Laboratory, is thinking about how this concept could be applied to counteract disinformation campaigns. Her work is focused on identifying weak spots in the paths misleading narratives take as they spread. Zurko is leading efforts to build tools that could identify the accounts behind disinformation campaigns and recognize patterns that amplify content. Even more essential, perhaps, is her intent to create a test bed that would help researchers measure the impact of countermeasures. While it will be difficult to replicate the complex, real-world dynamics between users and multiple platform policies, Zurko foresees the test bed as an essential space for cross-disciplinary research including experts in sociology, policy, and law.