Vid The US House Committee on Homeland Security grilled a panel of experts to understand how foreign adversaries could weaponise emerging technologies like AI and quantum computing in cybersecurity.
“The rapid proliferation of new technology is changing the world,” Cedric Richmond (D-LA), chairman of the Cybersecurity, Infrastructure Protection, and Security Technologies subcommittee of the DHS, said in his opening statement on Tuesday.
“Unfortunately, one man’s tool is another man’s weapon. Sophisticated nation-state actors like Russia, China, Iran, and North Korea have already weaponized new technologies to disrupt our democracy, compromise our national security, and undermine our economy. As technology improves, so will their ability to use it against us.”
Richmond led the hearing with Bennie Thompson (D-MS), chair of the House Homeland Security Committee. The pair were particularly concerned with Russian miscreants planting so-called deepfakes, a type of fake audio and/or visual content generated using machine-learning algorithms, to spread misinformation online to compromise the upcoming 2020 presidential election.
The Internet Research Agency, described as Russia’s troll farm, churned thousands of bot accounts on social media platforms like Twitter to spread fake US propaganda in the 2016 election. Politicians have also recently fallen prey to deepfake attacks, where their likenesses have been manipulated to say and do things they haven’t actually done. So the fear that the next wave of fake social media accounts will be generating and spreading deepfakes in the near distant future isn’t too unreasonable.
Experts are scrambling to study the effect the Kremlim's disinformation campaign had on voters during the 2016 White House race. As part of that research effort, Twitter released a data set containing more than ten million tweets from suspected puppet accounts last week.
Jim Langevin (D-RI) noted that Moscow's election campaign interference was “very well planned.” Fake accounts were set up months before they were used. There was a main group that generated fake content, a second, larger, group responsible for retweeting the fake messages, and finally real people who believed and amplified the messages further by retweeting.
Ken Durbin, a senior strategist of global government affairs & cybersecurity at Symantec, who testified at the hearing, agreed. He also warned that deepfakes didn’t just pose a threat to politicians, they’re also potentially dangerous for enterprise companies, too.
“Fake content like videos, photos, audio recordings or emails represent a serious risk to individuals as well as the organization,” he said. "Imagine a deepfake of a CEO announcing a series of layoffs, or one directing an employee to wire out funds or intellectual property. It would hurt their stock price.”
The race is on for developers to come up with new strategies that can detect deepfakes. Facebook and Google have both compiled data sets made up of AI generated images and videos to help researchers train detection models, and some boffins are trying more esoteric methods.
Corporate espionage, and, erm quantum computing?
Other threats, like quantum computing, were less tangible. Google and IBM are squabbling over alleged quantum supremacy at the moment, though the capabilities discussed during the hearing by lawmakers feel like light years away. Publicly known quantum computers just aren't that useful right now. Above all, China is the enemy, Thompson said.
“We know that China has engaged in intelligence-gathering and economic espionage, and has successfully breached [government employees], navy contractors, and non-government entities from hotels to research institutions," he said.
"We also know that China is investing heavily in developing quantum computing capabilities, which could undermine the security value of encryption within the next decade.”
Sensitive data is typically encrypted using algorithms that scramble the information, making it difficult for adversaries to intercept and recover the data without the necessary keys. Quantum computers could hypothetically crack these encryption algorithms to decrypt classified information, but they don't, to the best of our knowledge, exist nor will exist for some time. And in the meantime, boffins are already developing post-quantum algorithms, anyway.
A more realistic threat, of course, are good old-fashioned phishing attacks that have been used to ransack private contractor companies, steal military secrets, or interfere with power grids. The committee also considered ransomware raids that siphoned off millions in digital cryptocurrencies, and said a lack of information sharing among agencies was an issue.
“There are very few cases where we know what happened,” Robert Knake, a senior research scientist at the Global Resilience Institute at Northeastern University, told the hearing. The culture of secrecy harms the ability for companies and for the government to defend themselves against corporate espionage.
Online deepfakes double in just nine months, scaring politicians – and fooling the rest of usREAD MORE
Knake called for “collaborative defense” partnerships between both business and government. “The ‘partnership’ that has been the central tenet of our national cybersecurity policy for two decades needs to evolve to real-time, operational collaboration," he opined. "In order for that to happen, we need collaboration platforms where the members of this partnership can trust each other.
“Government needs to be able to trust that the intelligence it shares will be protected and only shared appropriately and securely. But private companies need the same degree of assurance when they share with the government and with each other.”
He also called for the government to make it harder for China to infiltrate private US companies in espionage attacks. For example, one important question we should ask is, after cutting China out completely, “can we maintain global supply chains?” Knake said. He warned that components sold in the US, whether networking equipment or smartphones, should be manufactured stateside or in allied countries.
Niloofar Razi Howe, a senior fellow at the Cybersecurity Initiative, New America, a US national security think tank, went further and added: “Tech companies that are co-conspirators with our adversaries must be regulated.” Ahem take note, Tim Cook.
You can watch the 90-minute hearing in full below. ®