Geopolitical Competition

Dunnmon, a CISAC affiliate and senior advisor to the director of the Defense Innovation Unit, spoke about the “holistic geopolitical competition” among world powers in the AI realm as these systems offer “unprecedented speed and unprecedented scale.”

“Within that security lens, there’s actually competition across the entirety of the technical AI stack,” he said.

Dunnmon said an underlying security question involves whether a given AI software is running on top of libraries that are sourced from Western companies then if software is being built on top of an underlying library stack owned by state enterprises. “That’s a different world.”

He said that “countries are competing for data, and it’s becoming a battlefield of geopolitical competition.”

Societal, Environmental Implications

Lobell, a senior fellow at FSI and the director of the Center for Food Security and the Environment, said his biggest concern is about how AI might change the functioning of societies as well as possible bioterrorism.

“Any environment issue is basically a collective action problem, and you need well-functioning societies with good governance and political institutions, and if that crumbles, I don’t think we have much hope.”

On the positive aspects of AI, he said the combination of AI and synthetic biology and gene editing are starting to produce much faster production cycles of agricultural products, new breeds of animals, and novel foods. One company found how to make a good substitute for milk if pineapple, cabbage and other ingredients are used.

Lobell said that AI can understand which ships are actually illegally capturing seafood, and then they can trace that back to where they eventually offload such cargo. In addition, AI can help create deforestation-free supply chains, and AI mounted on farm tractors can help reduce 90% of the chemicals being used that pose environmental risks.

“There’s clear tangible progress being made with these technologies in the realm of the environment, and we can continue to build on that,” he added.
 

AI and Democracy

Persily, a senior fellow and co-director of FSI’s Cyber Policy Center, said, “AI amplifies the abilities of all good and bad actors in the system to achieve all the same goals they’ve always had.”

He noted, “AI is not social media,” even though it can interact with social media. Persily said AI is so much more pervasive and significant than a given platform such as Facebook. Problems arise in the areas of privacy, antitrust, bias and disinformation, but AI issues are “characteristically different” than social media.

“One of the ways that AI is different than social media is the fact that they are open-source tools. We need to think about this in a little bit of a different way, which is that it is not just a few companies that can be regulated on closed systems,” Persily said.

As a result, AI tools are available to all of us, he said. “There is the possibility that some of the benefits of AI could be realized more globally,” but there are also risks. For example, in the year and a half since OpenAI released ChatGPT, which is open sourced, child pornography has multiplied on the Internet.

“The democratization of AI will lead to fundamental challenges to establish legacy infrastructure for the governance of the propagation of content,” Persily said.

Balance of AI Power

Fukuyama pointed out that an AI lab at Stanford could not afford leading-edge technology, yet countries such as the U.S. and China have deeper resources to fund AI endeavors.

“This is something obviously that people are worried about,” he said, “whether these two countries are going to dominate the AI race and the AI world and disadvantage everybody.”

Manuel said that most of AI is now operating with voluntary governance – “patchwork” – and that dangerous things involving AI can be done now. “In the end, we’re going to have to adopt a negotiation and an arms control approach to the national security side of this.” 

Lobell said that while it might seem universities can’t stay up to speed with industry, people have shown they can reproduce those models’ performances just days after their releases.
 

On regulation — the European Union is currently weighing legislation — Persily said it would be difficult to enforce regulations and interpret risk assessments, so what is needed is a “transparency regime” and an infrastructure so civil entities have a clear view on what models are being released – yet this will be complex.

“I don’t think we even really understand what a sophisticated, full-on AI audit of these systems would look like,” he said.

Dunnmon suggested that an AI governance entity could be created that’s similar to how the U.S. Food and Drug Agency reviews pharmaceuticals before release.

In terms of AI and military conflicts, he spoke about the need for AI and humans to understand the rewards and risks involved, and in the case of the latter, how the risk compares to the “next best option.”

“How do you communicate that risk, how do you assess that risk, and how do you make sure the right person with the right equities and the right understanding of those risks is making that risk trade-off decision?” he asked.

The Ford Dorsey Master’s in International Policy program was established in 1982 to provide students with the knowledge and skills necessary to analyze and address complex global challenges in a rapidly changing world, and to prepare the next generation of leaders for public and private sector careers in international policymaking and implementation.

On March 2, the Office of the National Cyber Director released the public version of the long-awaited National Cybersecurity Strategy. This document is intended to provide strategic guidance for how the United States should protect its digital ecosystem against malicious criminal and nation-state actors. The document is a welcome and sharp break from a few past practices and principles. If fully implemented, it has the potential to change the U.S. cybersecurity posture significantly for the better.

The scope of the document is limited to cybersecurity, as its title is “National Cybersecurity Strategy” rather than “National Cyber Strategy.” Many press reports (e.g., here and here) on the strategy’s release have conflated the two, but they are not identical in scope. The U.S. government generally operates from a definition of “cybersecurity” promulgated in 2008 under NSPD-54 and HSPD-23:

"cybersecurity'' means prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation.  

Two omissions from this definition are noteworthy—the lack of reference to information or influence operations and to the use of offensive operations in cyberspace to advance any national goals other than the one explicitly noted. Both of these topics would naturally be included in a National Cyber Strategy, but that is not what this document is—and it should not be criticized for those omissions. The strategy document is also silent on cybersecurity for national security systems, such as those operated by the Department of Defense and the intelligence community.

Although the strategy builds on cybersecurity efforts from the previous three administrations, its most important characteristic is its departure from past perspectives and practices.

Continue reading at lawfareblog.com

The vulnerability of critical infrastructure and financial systems to cyber operations remains a primary concern for national security. Protecting the state from cyber operations requires active deterrent measures through intelligence gathering, monitoring, and public-private cooperation in defense. However, when deterrence fails and malicious cyber activity occurs, questions arise about the ‘approprate’ response that balances escalation and deterrence (Borghard and Lonergan 2019). In seeking to understand how states choose to respond to cyber attacks,1 one important consideration is the significant public debate surrounding them.

Scholars have suggested public support for conflict may encourage governments to engage, while public opposition to conflict can restrain government behavior (Haesebrouck 2019; Kertzer and Brutger 2016; Kertzer et al. 2020; Levendusky and Horowitz 2012; Tomz and Weeks 2020). Currently, there is only a nascent literature on how the public reacts to cyber attacks. Survey work has found the public is less likely to support retaliation against cyber operations than against kinetic operations that produce the same effects (Kreps and Schneider 2019). It is not particularly clear why this is: psychological responses to cyber and conventional terrorism are similar (Gross et al. 2016), and individual concern about cybersecurity issues is low and resistant to change (Kostyuk and Wayne 2020). At least the scale of the cyber attack does seem to matter: scholars have found support for retaliation against cyber attacks with casualties (Kreps and Das 2017; Shandler et al. 2021) but a preference for restraint in response to electoral interference (Tomz et al. 2020). Existing experimental surveys provide an important foundation, but they leave many questions unanswered. While some existing research has found attitudes about cyber and kinetic conflicts differ, many existing surveys do not address the mechanisms by which these differences arise. One exception is Snider et al. 2021 which finds threat perception to be an important moderator for retaliation support.

Continue reading at the Journal of Conflict Resolution.

There are a number of ways to run a legitimate election. But the U.S. has learned in recent years, and Brazil learned in recent weeks, that it’s not always simple.

There are technical mechanics and processes of how votes are cast, collected and counted. But those are ultimately less important than the agreement – among opposing parties, and across a society – to abide by the results of those processes.

In 2020, President Donald Trump alleged, without evidence, that election fraud in several states had caused him to lose. A number of audits in various states found no evidence that irregularities in voting or vote counting processes had any effect on the outcome of balloting in those states.

Some of these results were later challenged in lawsuits seeking to alter the results of the election, and in every case, the election’s outcome was determined to be accurate.

Continue reading at theconversation.com

Mass atrocities—genocide, ethnic cleansing, war crimes and crimes against humanity—constitute a particularly unacceptable assault on ‘the moral conscience of mankind’. Such acts are certainly not unique to the twenty-first century, but what is unique now is the pervasiveness and sophistication of cyberspace. Cyberspace has had an unprecedented effect on how society functions, especially as a tool for fomenting division and organizing violence. The increasing focus on the politics and ethics of cyber operations has occurred alongside recognition of the need to protect vulnerable populations from mass atrocity crimes. In an effort to move away from the ‘right’ to intervene militarily, at the United Nations' 2005 World Summit states unanimously agreed to the Responsibility to Protect (R2P) norm. According to R2P, states have duties to safeguard their populations from genocide, war crimes, ethnic cleansing and crimes against humanity (Pillar I). The international community has a duty to aid states in fulfilling these duties (Pillar II) and has a responsibility to act in a ‘timely and decisive manner’ in cases where a state is ‘manifestly failing’ to protect its population—including, if necessary, via armed humanitarian interventions, subject to UN Security Council (UNSC) authorization (Pillar III).

Continue reading at academic.oup.com with free access available until April 9th. 

Russia’s invasion of Ukraine has been a watershed moment for the world of intelligence. For weeks before the shelling began, Washington publicly released a relentless stream of remarkably detailed findings about everything from Russian troop movements to false-flag attacks the Kremlin would use to justify the invasion. 

This disclosure strategy was new: spy agencies are accustomed to concealing intelligence, not revealing it. But it was very effective. By getting the truth out before Russian lies took hold, the United States was able to rally allies and quickly coordinate hard-hitting sanctions. Intelligence disclosures set Russian President Vladimir Putin on his back foot, wondering who and what in his government had been penetrated so deeply by U.S. agencies, and made it more difficult for other countries to hide behind Putin’s lies and side with Russia.

Continue reading at foreignaffairs.com

The standoff between China and Taiwan (and the U.S.) has heightened tensions to their highest level in decades but — so far at least — economic observers haven’t seen a worst-case scenario.

The island’s crucial semiconductor industry has dodged a direct hit and, while China currently has Taiwan effectively blockaded, that is expected to end this weekend.

But White House officials and other observers say that doesn’t mean Taiwan’s economy and world markets are getting off scot free. There are three key economic ripples — from global shipping to cyber attacks to trade wars — that may be felt across world markets in the weeks and months to come, even if tensions don’t get any worse.

“We will not seek, nor do we want, a crisis,” NSC Coordinator for Strategic Communications John Kirby told reporters Thursday, but he was clear that China’s actions “erode the Cross-Strait status quo” on both economic and military issues.

Here are some of the immediate economic effects likely to be felt even if China stops short of full scale economic (or actual) warfare following House Speaker Nancy Pelosi’s trip to the island.

Continue reading at finance.yahoo.com.

When the Department of Homeland Security’s Advisory Council announces it plan next week for overhauling how the agency combats the spread of disinformation online, its focus will be on “how to achieve greater transparency across our disinformation related work” and how to “increase trust with the public,” according to council meeting minutes released Monday.

Read more at Cyberscoop.com

In late June, Iran’s state-owned Khuzestan Steel Co. and two other steel companies were forced to halt production after suffering a cyberattack. A hacking group claimed responsibility on social media, saying it targeted Iran’s three biggest steel companies in response to the “aggression of the Islamic Republic.”

Read more at The Washington Post.