Defense, Intelligence, and War
Human-Machine Interaction and Human Agency in the Military Domain
(Ingvild Bode – Centre for International Governance Innovation – 15 January 2025) Militaries increasingly use artificial intelligence (AI) technologies for decision support and combat operations. AI does not replace humans, but personnel interact with AI technologies more frequently. Practices of human-machine interaction have the potential to profoundly alter the quality of human agency, understood as the ability to make choices and act, in warfare. Specifically, they introduce distributed agency between humans and machines. Forms of distributed agency will be shaped along a spectrum, preserving more room for either human or machine agency. Such practices happen in multiple locations and with multiple, networked systems. Accounting for the phenomenon of distributed agency requires going beyond perceiving challenges of human-machine interaction as straightforward problems to solve. Rather, distributed agency needs to be recognized as raising foundational operational, ethical-normative and legal challenges. – https://www.cigionline.org/publications/human-machine-interaction-and-human-agency-in-the-military-domain/
Don’t blow the budget on ChatGPT: Army CIO sounds alarm on big bills for GenAI
(Sydney J. Freedberg Jr. – Breaking Defense – 15 January 2025)The generative AI explosion that began with ChatGPT has led some Army organizations to run up big and unexpected bills, the service’s chief information officer told reporters Tuesday. Getting GenAI costs under control will be a major focus for a forthcoming rollout of best practices and new policies, expected by April, Leonel Garciga said. But in the meantime, said Garciga, maybe think a little harder before you click. – https://breakingdefense.com/2025/01/dont-blow-the-budget-on-chatgpt-army-cio-sounds-alarm-on-big-bills-for-genai/
Security
No new funding in EU plan to tackle ransomware attacks against hospitals
(Alexander Martin – The Record – 15 January 2025) The European Commission announced on Wednesday an “action plan” to reduce the health sector’s vulnerability to cyberattacks, following what it said was four years in which the sector was hit by more attacks than any other industry in Europe. The proposed actions include providing guidance to the healthcare sector and a list of services that the commission will not itself provide, but which entities in the sector can avail themselves of. The plan does not include any new funds for these actions, with the guidance instead directing the sector towards existing opportunities, despite acknowledging that funding for cybersecurity is “limited” and “a universal challenge across the EU.” – https://therecord.media/ransomware-hospitals-european-commission-plan
US, Japan and S. Korea urge crypto industry to take action against North Korean hackers
(Jonathan Greig – The Record – 15 January 2025) Japan, South Korea and the U.S. on Tuesday accused North Korea of orchestrating several of the largest cryptocurrency thefts in 2024, warning the blockchain industry that the rogue state will continue to pose a major threat in the year ahead. “The DPRK’s cyber program threatens our three countries and the broader international community and, in particular, poses a significant threat to the integrity and stability of the international financial system,” the governments said, highlighting North Korea’s role in siphoning $308 million from DMM Bitcoin and $235 million from WazirX. – https://therecord.media/us-japan-south-korea-urge-crypto-industry-of-north-korean-hackers
How Role-Based Identity Management Can Protect Against AD- And Entra ID-Related Risk
(Andrew Bermender – Infosecurity Magazine – 15 January 2025) Active Directory (AD) is prolific, with an estimated deployment at 90% of organizations worldwide. Meanwhile, Entra ID deployment is increasing, as is the prevalence of Hybrid environments which deploy both. The widespread use of AD makes the repository a target for cybercriminals. Although rarely discussed, identity, access privileges, and cybercrime are intrinsically linked, with 90% of organizations being victims of at least one identity-related incident in 2023. – https://www.infosecurity-magazine.com/blogs/how-role-based-identity-protect/
University of Oklahoma isolates systems after ‘unusual activity’ on IT network
(Jonathan Greig – The Record – 15 January 2025) The University of Oklahoma said it is taking steps to address unusual cyber activity it discovered on its network. The school, which has more than 34,000 students, appeared on the leak site of a ransomware gang on Tuesday, with the group claiming to have stolen 91 MB of data that allegedly includes employee data, financial information and more. – https://therecord.media/university-of-oklahoma-isolates-systems-unusual-activity
OneBlood reports data breach to state regulators after ransomware attack
(Jonathan Greig – The Record – 15 January 2025) Names and Social Security numbers were stolen from the nonprofit blood donation organization OneBlood during a ransomware attack last year. The organization, which provides blood to healthcare facilities across the southeastern U.S., reported a cyberattack to regulators in Maine, Vermont and Massachuests this week but declined to say how many people were impacted by the incident. – https://therecord.media/oneblood-breach-report-regulators-privacy
FTC cracks down on GoDaddy for cybersecurity failings
(Suzanne Smalley – The Record – 15 January 2025) The web hosting giant GoDaddy will be required to bolster its cybersecurity program to address years-long deficiencies, the Federal Trade Commission (FTC) announced on Wednesday. GoDaddy’s failure to use industry standard security measures led to what the FTC called “several major security breaches” between 2019 and 2022. The agency also alleges that GoDaddy deceived its customers about how adequately it safeguards its web hosting product. – https://therecord.media/ftc-godaddy-cyber-failings-fine
Easterly: SEC vs. CIRCIA a ‘recipe for dysfunction’ after private sector complaints
(Jonathan Greig – The Record – 15 January 2025) Private sector companies have told the federal agency for cybersecurity that they are confused about how to abide by two relatively new cyber incident reporting rules. In one of her final appearances as director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly spoke at a think tank event on Wednesday about a range of cyber issues related to China, workforce training and more. Easterly said private sector companies have come to her with issues about how to balance the U.S. Securities and Exchange Commission’s cyber incident reporting regime against the upcoming incident reporting rules under the Cyber Incident Reporting for Critical Infrastructure Act, also known as CIRCIA. – https://therecord.media/cyber-incident-reporting-sec-circia-cisa-easterly