From blogs and podcasts to feature coverage in international news, researchers affiliated with the Center for Long-Term Cybersecurity have received widespread coverage in the media in recent weeks. Below is a round-up of our latest hits, with links to the original articles when available.
Amit Elazari and Launch of “Disclose.io” in WaPo, Ars Technica
CLTC Grantee Amit Elazari, a doctoral candidate at the University of California at Berkeley School of Law, was featured in the Washington Post’s Cybersecurity 202 newsletter for her work on Disclose.io, which (according to the program’s website) is a “collaborative and vendor-agnostic project to standardize best practices around safe harbour for good-faith security research.”
Disclose.io “aims to protect well-intentioned hackers from legal action when they reveal security vulnerabilities in an organization’s networks or software,” explained Derek Hawkins, who wrote the piece for Cybersecurity 202. “Elazari…has advocated for standardizing disclosure and bug bounty programs, which offer financial rewards for reporting flaws. Some early incarnations of the project have been promising. Mozilla executives recently credited Elazari for motivating them to add new safeguards to their bug bounty program.”
CLTC Report on Defending Civil Society Organizations Online Covered by CBC, Wall Street Journal
The latest CLTC white paper, “Defending Politically Vulnerable Organizations Online,” was also covered by major news outlets.
CBC’s Matthew Braga interviewed the report’s author, Sean Brooks, for his piece, “When activists and human rights groups are targets of government hackers, where can they turn for help?” “The internet has provided those global communities with a way of connecting with one another, to become more effective in fulfilling their missions…lifting up the lives of many individuals who would otherwise be disproportionately harmed by rising authoritarianism,” Brooks said. “And therefore these groups will continue to be targeted.”
The Wall Street Journal’s Adam Janofsky also covered the report in an article entitled “Resource-Strapped Nonprofits Fight Cyberattacks from Governments and Hacktivists,” which ran in WSJ’s CyberPro Newsletter. Janofsky summarized the report concisely, noting that “nonprofit organizations are particularly prone to cyberattacks because they often lack the funding and technological expertise of their corporate counterparts, according to cybersecurity specialists and philanthropic organizations…. Additionally, these organizations often find themselves targeted by governments, hate groups and hacktivists looking to silence their work.”
CLTC’s Steve Weber Publishes Blog on AI Arms Race in “Duck of Minerva”
In a recent post on Duck of Minerva, CLTC Faculty Director Steve Weber discussed how the supposed artificial intelligence ‘arms race’ between the U.S. and China may turn out to be less relevant than the relationships between the two machine-learning superpowers and everyone else. Which race will prove more relevant depends upon the long-term economic and security consequences of general purpose technologies, Weber argued, as well as the distinctive characteristics of the technologies that fall under the AI and machine-learning umbrella.
“An even more important characteristic of machine learning as a technology is that it has strong first mover advantages and positive feedback loops,” Weber wrote. “In simple terms, the better you are at machine learning…the faster you are likely to improve relative to those ‘behind’ you.” Weber described the dynamics, opportunities, and limitations within the international algorithm economy landscape; he concluded his piece by considering how it is more interesting than a simple two-player superpower arms race. “It becomes a place where the superpowers could plausibly see themselves accelerating away from everyone else for a decade or more.” Read Weber’s blog post here.
CLTC Grantee Melissa Griffith on Cybersecurity and National Security in “Trust & Safety” Podcast
In a newly released episode of Sift Science’s “Trust & Safety in Numbers” podcast, CLTC grantee Melissa Griffith discussed the intersection of cybersecurity and national security, and she explained what happens when businesses and governments fight global cyber threats, as well as what happens when they fail. In its narrowest sense, cybersecurity is about securing devices, but as our understanding of cybersecurity moves toward critical functionality of a business or institution, the question of how to secure those systems becomes much more complex. When asked if cybersecurity means something different to a business than it does to a country, Griffith demonstrated how the broadening issue and challenge of cybersecurity means “there’s no clear distinction in terms of responsibility…because sometimes the actor that is most proximate to the incident, a business for example, is not as readily capable or can be reasonably expected to be the primary responder if you think about these more systemic issues.” Listen to the episode.