The US government is doing everything it can to manage the cybersecurity challenges of quantum computing, cloud strategies, and generative AI and trying to secure sensitive technology hardware, Secretary of State Anthony Blinken said Monday.
“We can’t tolerate technologies that the United States has developed being used against us or our friends, falling into the hands of bad actors, or helping advance the military capabilities of strategic competitors,” Blinken said in a keynote speech to the annual RSA Conference.
“That’s why we issued carefully tailored restrictions on advanced semiconductor exports,” Blinken said. “Advanced semiconductors are the backbone of frontier AI and future military capabilities. It’s a national security imperative that these technologies not aid or accelerate the military modernization of countries that seek to challenge the United States.”
Blinken said the Biden administration is working on measures to counter perceived threats inherent in quantum computing. “We may be a few years away from the next generation of quantum computing. We may not yet know which pathway takes us there. But we have to apply today’s lessons in chips and critical minerals to build markets to deepen the quantum ecosystem among trusted countries,” he said.
While the US currently leads the world in cloud computing and data storage, “providers from authoritarian states are increasingly competitive,” Blinken said.
“It is critical that we work with trusted vendors and exclude untrustworthy ones from the ecosystem. And we can only do that if we establish economies of scale with our partners and draw on our respective competitive advantage.”
Trust issues
Some cybersecurity professionals suggested the speech didn’t reflect the realities of today’s enterprise cybersecurity struggles, with no acknowledgement that there no longer exists anything that can be blindly trusted.
Mike Isbitski, a cybersecurity consultant and former Gartner analyst, said Blinken’s references to trusted vendors and governments are naive from a cybersecurity perspective.
“Who is friendly and who is authoritarian? They look the same. A trusted supplier can suddenly go rogue,” if they are the victim of an insider attack or the victim of a cyberthief or espionage agent, Isbitski said.
Isbitski noted, for example, that there is nothing to prevent a hostile foreign agent from getting a job with a major hardware manufacturer. “Recruiting processes don’t check for that. Nothing is trustworthy. It’s not acknowledging the digital supply chain risk. That vision of having a trusted supplier list is unfeasible.”
Chris Hetner, cyber risk advisor to the National Association of Corporate Directors (NACD) and a former cybersecurity advisor to the chair of the Securities and Exchange Commission, said he found Blinken’s speech trying aggressively to be comforting. “He doesn’t want to scare the community and say that we’re screwed, but we are,” Hetner said.
Hetner also questioned whether even American vendors can legitimately claim to be entirely trustworthy. “If you’re Microsoft, Amazon, or Google, your platform is absolutely being used by untrustworthy entities,” Hetner said. “Consider ransomware as a service on AWS. There is nothing to prevent that, so what is he saying? AWS has no idea who is on their cloud.”
Blinken also spoke of investment in backup communication methods to help mitigate global attacks: “We’re investing in the installation and operation of secure infrastructure to connect every region of the globe. We’ve partnered with Australia, with Japan, with New Zealand, with Taiwan on a cable that will connect up to 100,000 people across the spread-out Pacific Islands. We’re supporting similar efforts in South America, Africa, the Indo-Pacific.”
The US government has, with Japan and Australia, been funding feasibility studies into the creation of connections to island nations such as Google’s recently announced Taihei and Proa projects.
Blinken did not address how such physical infrastructure would be protected from being severed by an attacker.
Digital ambassadors
He also stressed changes in his department’s embassies, with the government aiming to place a trained digital officer in every embassy by the end of this year.
“We’re also improving how our diplomats take advantage of new tools. This year, we began piloting generative AI and other machine learning capabilities to help search, summarize, translate, and draft documents. That allows our diplomats to spend less time face to screen and more time face to face with our partners.”
Cyberattacks, Government, Threat and Vulnerability Management
Leave a Reply