This week, Harvard professor Graham Allison responds to the deepening ties between Russia and China, Beijing opposes the sale of TikTok, House Republicans fail to override Biden’s veto of an ESG investing ban, and Amazon is spending over $10 billion to launch Project Kuiper to compete with Starlink in the space-based, high-speed internet access market. Additionally, fake, AI-generated photos of Trump being arrested go viral, and security researchers win a hackathon with help from ChatGPT.
Industrial Policy & International Security
Xi and Putin have the most consequential undeclared alliance in the world | Foreign Policy
Harvard professor, Graham Allison, argues that the US is in the unfortunate position of confronting an “alliance of the aggrieved” as Russia and China deepen their relationship with ambitions to end US hegemony. This week, Xi Jinping visited Moscow in his first trip abroad since his reelection. China and Russia have been growing their partnership since Xi first took office; the two have held forty one-on-one meetings. While some experts are still skeptical of the alliance due to a clash of geography, history, culture, and economics, Allison warns that the Sino-Russian relationship is more consequential today than most official US alliances. China was Russia’s top trading partner before the war in Ukraine and continues to provide the country an economic lifeline in the face of Western sanctions, even exporting critical technologies like integrated circuits. Furthermore, the countries often vote together in the United Nations National Security Council, reinforce each other’s political narratives, engage in regular joint military exercises, share intelligence, and collaborate on technology research and development. The US must recognize the depth and seriousness of this undeclared alliance between presidents serving indefinite terms.
US Regulation
Biden’s options on TikTok narrow after Beijing pushes back | The New York Times
This week, Beijing said China firmly opposes the sale of TikTok, narrowing the options the Biden administration has to respond to increasing political demand for action. Shou Chew, TikTok chief executive, testified in front of Congress for the first time this week but left legislators no more comfortable with Project Texas, TikTok’s proposed solution. The project would store American user data in domestic Oracle servers and would allow Oracle to monitor the TikTok algorithm. Alternatively, banning the app is still on shaky legal ground. A new bill introduced in the Senate, if passed, may grant the Department of Commerce power to enact a ban for national security concerns. But in the meantime, the Biden administration faces the same legal arguments that undermined the attempted ban under Trump. The decision to force a sale is more fraught with Beijing’s latest comments, and new Chinese regulation would require ByteDance to obtain government permission to sell TikTok to an American buyer. James Lewis, a senior vice president at the Center for Strategic and International Studies, says Biden’s decision may come down to whether or not the president wants “to have a confrontation with China over TikTok.”
House GOP fails to override Biden veto of ESG investing ban | Associated Press
Last month, a Republican-led bill to ban the consideration of environmental, social, or governance (ESG) issues in investment decisions passed in the House and Senate with a simple majority. However, President Biden vetoed the bill. During this week’s vote to override the president’s veto, Republicans failed to generate enough support to meet the required two-thirds votes as members voted mostly along party lines. The bill sought to push back against ESG investing, which has gained popularity in retirement and other investments. In December, the Department of Labor issued a rule allowing investment plan fiduciaries to consider ESG factors when making investment decisions. The contest over this bill was the first major legislative friction point between the new Republican majority in the House and the Democratic president.
Innovation
Amazon is about to go head to head with SpaceX in a battle for satellite internet dominance | MIT Technology Review
Amazon’s Project Kuiper and SpaceX’s Starlink are set to compete for market dominance in the space-based, high-speed internet access sector. With US Federal Communications Commission approval, Amazon has plans to launch 3,236 Project Kuiper satellites over a period of five years, beginning in 2024. Although OneWeb and other companies are developing similar projects, Tim Farrar, a satellite expert, sees Amazon and SpaceX as the key players. Amazon has deals with United Launch Alliance, Blue Origin, and Arianspace to send its satellites into orbit. The company is spending over $10 billion to develop Kuiper and must move quickly to catch up to Starlink’s operational satellite constellation. However, astronomers and others concerned about space debris are worried that the increasing number of satellites in orbit will affect astronomers’ observations from Earth and will make collisions inevitable. Approximately 3,000 satellites were in orbit before 2019 but Amazon and SpaceX launches could increase that count to 20,000 by 2030.
Cyber
ChatGPT helped win a hackathon | The Wall Street Journal
Last month, two security researchers from Claroty Ltd. used ChatGPT to write code that helped them win $123,000 as part of Pwn2Own, a Zero Day Initiative hack-a-thon in Miami. The goal of the competition was to gain access to and disrupt Internet of Things and industrial systems. Contestants chose targets and prepared their code in advance. The Claroty Ltd. researchers developed several bugs to exploit vulnerabilities and used ChatGPT to write the code that sequenced and chained their bugs together. Not only did they save development time by using ChatGPT, but their chain of bugs succeeded in taking over the target system each of the ten times they tried. Companies are programming controls into generative AI bots that may prevent hackers from prompting them to write malicious code; however, bad actors may find ways to compose requests that fail to trigger safeguards.
ESF partners, NSA, and CISA release Identity and Access Management Recommended Best Practices for Administrators | National Security Agency/Central Security Service
This week, the National Security Agency (NSA) and Cybersecurity Infrastructure Agency (CISA) released a new guide for system administrators to secure their systems from threats to Identity and Access Management (IAM). The Recommended Best Practices Guide for Administrators is part of the Enduring Security Framework (ESF), which is a public-private, cross-sector partnership focused on reducing risks to critical infrastructure and national security systems. The IAM best practices are organized around five topics: identity governance, environmental hardening, identity federation/single sign-on, multi-factor authentication, and IAM auditing and monitoring. Notably, the 2021 ransomware attack on Colonial Pipeline leveraged IAM components including a leaked password and inactive VPN account. The new guide is also accompanied by a presentation and talking points designed to help technical leaders explain the risks of a weak IAM posture to nontechnical leaders.
State & Local Tech Ecosystems
SVB’s loans underpinned venture capital boom that’s now busting | Bloomberg
The collapse of Silicon Valley Bank (SVB) raises concerns for venture capital funds that are losing their most important lender. SVB’s capital call lines of credit and partner lending products helped accelerate the venture capital boom. Call lines of credit allowed funds to collect capital from SVB when they were ready to make a startup investment instead of going through the process of issuing a capital call to investors. The popularity of this product and resulting efficiency contributed to record amounts of deal activity. At the same time, the size of funds increased dramatically to a median of $50 million by September 2022. Partners at venture firms are expected to invest 1 to 2 percent of their own money into the funds they manage, and SVB loans helped them to keep up with this trend. Larger banks operate similar businesses but typically work with bigger funds. Although SVB’s lending commitments will be met, the regional bank’s failure may influence venture capital funds to return to the older, slower way of making investments.
Democracy Online
The massive problem with the viral fake Trump arrest photos | Newsweek
This week, Eliot Higgins, founder and creative director of investigative journalism website Bellingcat, posted AI-generated photos of former President Donald Trump being arrested. The Manhattan District Attorney’s Office is expected to indict Trump in relation to an investigation of hush money payments to adult-film star Stormy Daniels. Though easily verifiable as false, the AI-generated photos circulated widely across social media platforms given this context. AI experts explain that although these photos were not intended to deceive, this case illustrates the ease with which AI-generated content can spread unnoticed when separated from Higgins’ original tweet and posted in siloed information spaces. People quickly swiping past posts or seeking out media that validates their worldview may be slow to recognize artificially created images. Consequently, the anticipated threat of deepfakes may not be large-scale deception but, instead, content that preys on social and political factions.
