Australian Cyber Security Strategy outlines how govt plans to tackle cyber crime | OpenAI talks to bring back Altman continue | Power grab by France, Germany and Italy threatens to kill EU’s AI bill

Good morning. It's Wednesday 22nd November.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.

Follow us on Twitter and on LinkedIn.

• A ransomware playbook for businesses and attracting migrants with cyber expertise are some of the ways Australia will look to bolster its cybersecurity, according to a new federal government plan. The 2023-2030 Australian Cyber Security Strategy has outlined ways the Australian government and its agencies would try to better protect themselves, individuals and businesses from cyber criminals – a year after millions of Optus and Medibank customers had their personal data leaked in high-profile cyber attacks. ABC

• Talks were ongoing Tuesday about the future of OpenAI and the potential return of Sam Altman, the ousted CEO, people familiar with the discussions said, a day after nearly all of the artificial intelligence company’s employees threatened to quit.Investors and executives were scrambling to figure out a plan to bring back Altman after it was revealed late Sunday night that he would be leading Microsoft’s new AI lab. The Washington Post

• Europe's three largest economies have turned against regulation of the most powerful types of artificial intelligence, putting the fate of the bloc's pioneering Artificial Intelligence Act on the line. France, Germany and Italy are stonewalling negotiations over a controversial section of the EU's draft AI legislation so it doesn't hamper Europe's own development of "foundation models," AI infrastructure that underpins large-language models like OpenAI's GPT and Google's Bard. POLITICO

Australia

Australian Cyber Security Strategy outlines how government plans to tackle cyber crime
ABC
Evelyn Manfield
A ransomware playbook for businesses and attracting migrants with cyber expertise are some of the ways Australia will look to bolster its cybersecurity, according to a new federal government plan. The 2023-2030 Australian Cyber Security Strategy has outlined ways the Australian government and its agencies would try to better protect themselves, individuals and businesses from cyber criminals – a year after millions of Optus and Medibank customers had their personal data leaked in high-profile cyber attacks.

• Hackers’ honeypot: customer data storage laws set to be wound back
  The Sydney Morning Herald
  Matthew Knott
  Laws requiring telecommunications companies to store vast troves of customer data are set to be wound back as part of a sweeping $600 million federal government plan to make Australia less vulnerable to crippling cyberattacks.

  The government will on Wednesday release its long-awaited cybersecurity strategy, including plans to force companies to reveal when they have been hacked while creating a new system of “health checks” for small and medium-sized businesses.

Legislating against social media misinformation is misguided, says top cyber body
The Age
Paul Sakkal
A cyber body chaired by a former Labor minister says the Albanese government’s intent to legislate against misinformation is misguided, as new documents reveal the government’s decision to delay the bill was due to a deluge of criticism. The Cyber Security Co-operative Research Centre is urging Communications Minister Michelle Rowland to drop the government’s proposal to give a regulator power to fine companies for failing to remove misinformation and instead focus on teaching Australians to sort fact from fiction on social media.

Telstra denies 000 failure, rejects ‘expensive’ network sharing idea
Australian Financial Review
Paul Smith
Telstra says it is not responsible for the problems Optus’ customers had making emergency calls during a major outage on November 8, telling an inquiry into the incident that it should not be forced to share its own network with its rivals during crises because it is too risky and expensive. Telstra’s preliminary submission to the Senate inquiry scheduled on Friday argues it is unrealistic to expect that outages be eliminated.

Gov commits $18.2m for SME cyber security boost
iTnews
Kate Weber
The federal government has announced two initiatives aimed at boosting support to small and medium businesses to fortify their cyber security skills. The government has promised $7.2 million to set up a voluntary cyber health-check program, enabling access to a free, self-assessments of cyber security maturity. It’s also committed another $11 million towards the Small Business Cyber Resilience Service, which offers one-on-one assistance towards cyber challenges, and covers cyber attack recovery.

Aussie tech unveils cyber defense for critical infrastructure
The Mirage
A cutting-edge collaboration between tech startup Tide Foundation and RMIT University is translating ground-breaking research into homegrown cybersecurity capability. Now a mathematical breakthrough allows system access authority to be spread invisibly and securely across a network, so there's no weak link. Study lead author from RMIT's School of Science, Dr Joanne Hall, said the advance was built on multi-disciplinary collaboration, bringing her team's expertise on mathematics and cryptography together with computing, technology and business insights to produce a thorough, cutting-edge solution.

Australia's public service has a big future in AI (but it'll have an American accent)
Riotact
Chris Johnson
The Federal Government has announced it will “explore safe and responsible use of generative artificial intelligence in the public service”, in partnership with Microsoft, through the Digital Transformation Agency. Prime Minister Anthony Albanese made the announcement with Microsoft chairman and CEO Satya Nadella in San Francisco on the sidelines of the APEC gathering on Thursday last week.

China

The end of anonymity on Chinese social media
Rest of World
Caiwen Chen
On October 31, Weibo, as well as several other major Chinese social media platforms including WeChat, Douyin, Zhihu, Xiaohongshu, and Kuaishou, announced that they now required popular users’ legal names to be made visible to the public. Chinese social media users expressed criticism and concern over the new rule, with many saying it would violate user privacy, enable toxic online behaviors like doxxing and harassment, and limit the diversity of voices on the Chinese internet. Several famous online influencers, such as science blogger Ming Yu Zhui Ran, have decided to remove some of their followers to avoid making their identity public. Others, such as rapper Kindergarten Killer, have decided to delete their social media accounts altogether.

Anti-censorship tools are quietly disappearing into thin air in China
TechCrunch
Jagmeet Singh
China — the biggest internet market globally with more than 1 billion users — is no stranger to online censorship. For years, authorities in the country have built out a series of techno-policy restraints, commonly referred to as The Great Firewall, to restrict open access to the internet. But those restrictions have also given rise to a creative industry: circumvention tools used by tens of millions of people to get around the wall and use the internet like others do elsewhere. Yet recently, some of the most popular of these tools have mysteriously started to disappear.

USA

Cyber Strategy: November 2023
US Navy
The next fight against our major adversary will be like no other in prior conflicts. The use of non-kinetic effects and defense against those effects prior to and during kinetic exchanges will likely be the deciding factor in who prevails. The side that most effectively sequences and synchronizes non-kinetic effects will have a decisive advantage. We must ensure our capabilities to project power and defend in cyberspace take top priority to ensure the success of the traditional power projection capabilities of our naval forces.

• Navy unveils its first cyber strategy
  The Record
  Martin Matishak
  The U.S. Navy on Tuesday released its long-awaited cyber strategy, as the service tries to revamp its efforts in the digital domain after years of personnel and readiness issues. The strategy is a more detailed version of the two-page Navy Cyberspace Superiority Vision that was released last year. The document was expected to be unveiled earlier this year but was delayed until the Defense Department released its latest cyber strategy.

Secretive White House surveillance program gives cops access to trillions of US phone records
WIRED
Dell Cameron and Dhruv Mehrotra
A little-known surveillance program tracks more than a trillion domestic phone records within the United States each year, according to a letter WIRED obtained that was sent by US senator Ron Wyden to the Department of Justice on Sunday, challenging the program’s legality. According to the letter, a surveillance program now known as Data Analytical Services has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.

Detailed data on employees of U.S. national security lab leak online
CyberScoop
Christian Vasquez
A cybercrime group that has engaged in politically motivated attacks breached a human resources application belonging to Idaho National Laboratory, claiming in a post to Telegram on Sunday that it had obtained detailed information on employees working at the nuclear research lab. The hacking group SiegedSec said it had accessed “hundreds of thousands of user, employee, and citizen data,” including full names, social security numbers, bank account information, and addresses. The group posted a sample of the leaked data, but CyberScoop could not confirm whether SiegedSec is in possession of the much larger data set it claims to have stolen.

Berkeley cyber experts train next generation of digital defenders
CBS News
Kenny Choi
A cybersecurity clinic at Berkeley is training the next generation of experts to help organizations that have limited resources to defend themselves. The students at the Citizen Clinic provide pro bono services to organizations in the Bay Area and abroad in countries where human rights are being violated, their work can ultimately save lives. "They are being targeted so that their infrastructures are cut off. They're being targeted so that their population is disabled with injuries with unprecedented violence," said Zaina Siyed.

The 2023 New York Cyber Task Force report
Columbia School of International and Public Affairs
The New York Cyber Task Force has spent the last year investigating the private sector’s perspective on the current and future state of operational collaboration, as well as to understand the federal government’s aims and aspirations in improving how industry and government work together. This third report examines recent high-profile cyber incidents—SolarWinds, Colonial Pipeline, and Shields Up—to evaluate the private sector’s perspective on operational collaboration.

Why Silicon Valley loves the techno-optimist manifesto
Foreign Policy
Cameron Abadi and Adam Tooze
Andreessen Horowitz, the world’s largest venture capital fund, based in Silicon Valley, manages a total of $35 billion ranging from small start-ups to established major companies, including, at various times, Facebook, Twitter, and Skype. The co-founder of the fund, Marc Andreessen, is widely respected as an investor and also as a public intellectual. His most recent essay, “The Techno-Optimist Manifesto,” sets out a vision for unrestrained technological development, criticizing all the various political forces that stand in the way. The manifesto was widely praised across Silicon Valley.

Cybersecurity firm executive pleads guilty to hacking hospital
Bleeping Computer
Sergiu Gatlan
The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center, in June 2021 to boost his company's business. Vikas Singla, who worked for Securolytics, a network security company that provided services to the healthcare industry, pleaded guilty to hacking into the systems of GMC Northside Hospital hospitals in Duluth and Lawrenceville, as prosecutors said in a June 2021 indictment.

North Asia

South Korea-China NAND technology gap narrows to two years
Business Korea
Jasmine Choi
Samsung Electronics and SK hynix, leaders in the memory semiconductor market, are facing intense competition from China. The Chinese government is pouring substantial funds into developing a self-sufficient memory semiconductor industry to reduce its dependency on foreign technology. According to industry sources on Nov. 20, the technological gap in NAND, a type of memory semiconductor, between Chinese companies and global leaders like the U.S. and South Korea, has narrowed to around two years.

Kishida and Yoon agree on new quantum tech framework
Nikkei Asia
Hiroyuki Akiyama and Junnosuke Kobara
Japanese Prime Minister Fumio Kishida and South Korean President Yoon Suk Yeol have announced a collaborative framework for research and development in quantum technologies. The two leaders spoke Friday at Stanford University, which organized the session. The announcement came a day after Kishida and Yoon held their seventh meeting of the year on the sidelines of the Asia-Pacific Economic Cooperation leaders meeting.

Taiwan’s top computer maker to produce servers in US to tap AI boom
Financial Times
Cheng Ting-Fang
Taiwan’s Asustek Computer is building a server production line in the US for the first time as the personal computer maker seeks fresh growth catalysts from the boom in demand for artificial intelligence-powered equipment. The world’s fifth-biggest computer maker, known for its Asus brand, is also growing its mini PC and smart manufacturing businesses, as the overall consumer electronics market remains sluggish.

South & Central Asia

A renewed focus on emerging technologies
The Hindu
Nishant Rajeev, Anit Mukherjee and Rajeswari Pillai Rajagopalan
Emerging technologies, an euphemism for capabilities that rely on a combination of cyber technology, artificial intelligence, unmanned systems, and advanced computing, is in vogue among most militaries. The Indian military is seemingly alive to this development. At the Chanakya Defence Dialogue, the Chief of the Army Staff, General Manoj Pande, said that the Army had identified 45 niche technologies in the field of military applications. Similarly, under ‘UDAAN’, the Indian Air Force is using AI, cyber and virtual reality to address its operational, logistical, and training needs. The Navy, too, says that it is moving forward with emerging technologies, which includes an Integrated Unmanned Roadmap, while also encouraging indigenisation under project ‘Swavlamban’.

Facing pressure in India, Netflix and Amazon back down on daring films
The Washington Post
Gerry Shih and Anant Gupta
When the U.S. streaming giants, Netflix and Amazon’s Prime Video, entered India seven years ago, they promised to shake up one of the world’s most important entertainment markets, a film-obsessed nation with more than 1 billion people and a homegrown moviemaking industry with fans worldwide. In the last four years, however, a chill has swept through the streaming industry in India as Prime Minister Narendra Modi’s Bharatiya Janata Party tightened its grip on the country’s political discourse and the American technology platforms that host it.

Europe

Power grab by France, Germany and Italy threatens to kill EU’s AI bill
POLITICO
Gian Volpicelli
Europe's three largest economies have turned against regulation of the most powerful types of artificial intelligence, putting the fate of the bloc's pioneering Artificial Intelligence Act on the line. France, Germany and Italy are stonewalling negotiations over a controversial section of the EU's draft AI legislation so it doesn't hamper Europe's own development of "foundation models," AI infrastructure that underpins large-language models like OpenAI's GPT and Google's Bard.

Stellantis, CATL plan to build EV battery plant in Europe
Bloomberg
Albertina Torsoli
Stellantis NV and China’s Contemporary Amperex Technology Co. Ltd. plan to set up a factory for low-cost electric-vehicle batteries in Europe, deepening ties between the Fiat maker and Chinese companies. The plant will make lithium-iron-phosphate batteries, Stellantis said Tuesday, adding that no decision has been made on its size or location. The partners are also considering a joint venture in which both contribute equally.

UK

Patient privacy fears as US spy tech firm Palantir wins £330m NHS contract
The Guardian
Denis Campbell
The NHS has sparked controversy by handing the US spy tech company Palantir a £330m contract to create a huge new data platform, leading to privacy concerns around patients’ medical details. The move immediately prompted concerns about the security and privacy of patient medical records and the suitability of Palantir to be given access to and oversight of such sensitive material.

Cyber attack on British Library raises concerns over lack of UK resilience
Financial Times
Rafe Uddin and Stephanie Stacey
A cyber attack on the British Library has raised concerns from security experts about the vulnerability of public sector IT infrastructure at a time when hacking by state-backed foreign actors is on the rise. The British Library, one of the world’s largest document repositories, confirmed this week that it had been hit by a major technical outage as a result of a ransomware attack. The library first said it had been experiencing technical issues on October 28.

Africa

Cyberattacks on Nigerian govt agencies rise — Report
Punch Newsroom
Temitayo Jaiyeola
Cyberattacks on government agencies and organisations are on the rise in Nigeria, other African countries, and across the Middle East. The escalation in cyber threats has been particularly severe in Africa, with Mauritius ranking 6th, Nigeria 11th, Morocco 15th, and Kenya 25th in terms of being targeted and attacked. South Africa follows, ranking 55th globally.

Big Tech

As OpenAI chaos mounts, talks to bring back Sam Altman continue
The Washington Post
Pranshu Verma, Nitasha Tiku, Gerrit De Vynck and Rachel Lerman
Talks were ongoing Tuesday about the future of OpenAI and the potential return of Sam Altman, the ousted CEO, people familiar with the discussions said, a day after nearly all of the artificial intelligence company’s employees threatened to quit.Investors and executives were scrambling to figure out a plan to bring back Altman after it was revealed late Sunday night that he would be leading Microsoft’s new AI lab. According to a person familiar with the matter, the negotiations around Altman’s return are less about getting specific board members ousted and more about getting to a board that is “relatively stable and well-intentioned.”

• OpenAI investors considering suing the board after CEO's abrupt firing
  Reuters
  Anna Tong, Krystal Hu and Jody Godoy
  Some investors in OpenAI, makers of ChatGPT, are exploring legal recourse against the company's board, sources familiar with the matter told Reuters on Monday, after the directors ousted CEO Sam Altman and sparked a potential mass exodus of employees. Sources said investors are working with legal advisers to study their options. It was not immediately clear if these investors will sue OpenAI.

• OpenAI’s board had safety concerns. Big Tech obliterated them in 48 hours
  Los Angeles Times
  Brian Merchant
  It’s not every day that the most talked-about company in the world sets itself on fire. Yet that seems to be what happened Friday, when OpenAI’s board announced that it had terminated its chief executive, Sam Altman, because he had not been “consistently candid in his communications with the board.” In corporate-speak, those are fighting words about as barbed as they come: They insinuated that Altman had been lying.

• OpenAI CEO's ouster brings EU regulatory debate into focus
  Reuters
  Martin Coulter and Supantha Mukherjee
  As the European Union edges closer to passing a wide-ranging set of laws governing artificial intelligence, lawmakers and experts say the surprise ousting of OpenAI CEO Sam Altman underscores the need for strict rules. Altman, cofounder of the startup that last year kicked off the generative AI boom, was abruptly fired by OpenAI’s board last week, sending shockwaves through the tech world and prompting employees to make threats of a mass resignation at the company.

X sues Media Matters over report about ads appearing next to Nazi posts
NBC News
David Ingram
Elon Musk’s social media company, X, sued Media Matters for America and one of its staff members Monday over an investigative report the progressive watchdog published saying that Nazi content ran on the X app alongside advertisements from major corporations. News of the lawsuit coincided with Texas Attorney General Ken Paxton’s announcement of an investigation into Media Matters for possible fraudulent activity.

U.S. lawmakers accuse X chief Musk of profiting from anti-Israel propaganda
Reuters
Diane Bartz
A group of 27 U.S. lawmakers, all Democrats, wrote to X owner Elon Musk on Tuesday to express concern the platform seemed to be profiting from premium accounts that glorified violence against Israelis. In the letter to Musk and X chief executive Linda Yaccarino, the lawmakers noted reports from nonprofit organizations that showed people with X Premium accounts "glorifying barbaric acts of violence against Israelis."

Far-right conspiracy theorists accused a 22-year-old Jewish man of being a neo-Nazi. Then Elon Musk got involved
CNN
Donie O'Sullivan and Audrey Ash
Ben Brody says his life was going fine. He had just finished college, stayed out of trouble, and was prepping for law school. Then, seemingly out of nowhere, Elon Musk used his considerable social media clout to amplify an online mob’s misguided rants accusing the 22-year-old from California of being an undercover agent in a neo-Nazi group. The claim, Brody told CNN, was as bizarre as it was baseless.

Research

Chinese censorship following the death of Li Keqiang
The Citizen Lab
Jeffrey Knockel and Emile Dirks
This report documents our discovery of Li Keqiang-related censorship rules on multiple Chinese platforms introduced in light of Li’s death. We found censorship rules relating to speculation over Li’s cause of death, aspirations wishing Xi had alternatively died, memorials of Li’s death, recognition of Li’s already diminished status in the party, and commentary on how Li’s death cements Xi’s political status.

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.