Friday Brief for 19 November 2021
American AI is getting PLAed; Hackers target Apple users in Hong Kong; and Google goes on defense
Watering Hole Attack (wa·ter·ing hole at·tack) — a cyberattack targeting a particular organization, in which malware is installed on a website or websites regularly visited by the organization's members in order to infect computers used within the organization itself.
American AI is Getting PLAed
What’s New: The Chinese People’s Liberation Army (PLA) is buying a lot of artificial intelligence (AI), according to the Center for Security and Emerging Technology, and U.S. companies and investors are helping.
Why This Matters: “Supported by a burgeoning AI defense industry,” argues a report, “the Chinese military has made extraordinary progress in procuring AI systems for combat and support functions. Within the next five to 10 years, the PLA will likely continue investing in AI to disrupt U.S. military information systems and erode the U.S. advantage in undersea warfare.”
For this analysis, CSET reviewed 343 AI-related equipment contracts (a sample drawn from more than 66,000 records published by the PLA and state-owned enterprises [SOEs] in 2020).
While AI is only a fraction of overall military spending, the PLA appears to be spending roughly the same amount on the tech as is the U.S. military (both formally and perhaps in “non-official” spending).
The review suggests the PLA is most focused on applying AI to intelligence analysis, predictive maintenance, information warfare, and navigation and target recognition in autonomous systems.
“China’s military-civil fusion (军民融合) development strategy is helping the PLA acquire COTS technologies, both from private Chinese technology companies and sources outside of China.”
While most of the AI purchases are from Chinese companies and SOEs, “Lapses in due diligence and situational awareness may permit the Chinese military and defense industry to access capital and technology originating in the United States and partner nations, including advanced computer chips.”
Despite constraining mechanisms like the U.S. Entity List, the Chinese Military-Industrial Complex Companies List, and the List of Chinese Military Companies, of the 273 known Chinese AI suppliers, just 22 (8%) are limited by U.S. sanctions or other prohibitions.
Even more, some of these suppliers specialize in sourcing foreign components and data and then reselling them to the PLA or sanctioned Chinese companies.
In an effort to address this specific challenge, Senators Cotton, Wicker, Hagerty, Rubio, and Cassidy are asking Commerce Secretary Raimondo to “blacklist” any Chinese AI company supporting the PLA.
“… Our government has done little to impede the flow of U.S. exports and investment to Chinese AI companies with PLA ties … Given these troubling gaps in the United States’ strategy to protect its core technologies.”
What I’m Thinking:
The PLA’s AI spending indicates seriousness. This is about more than just building general capacity. Beijing is specifically developing capabilities and doctrine relevant to the United States. Asserting itself in undersea warfare and disrupting, jamming, or blinding American sensors and networks seem to be particular areas of emphasis. PLA leaders routinely voice their belief that AI holds the key to becoming a “world-class” military and that the American model of “network-centric warfare” is ripe for exploitation.
But, there are real constraints on the PLA’s strategy. First, economics are slowing down — but not decisively. As my colleague, Derek Scissors observes, “The era of rapid Chinese economic growth is ending” and “a turnaround is unlikely.” Even so, “At home, the Communist Party can still deliver rising individual living standards. Overseas, China will remain the world’s second most important economy.” Second, the single most important thing the West must do in order to slow Beijing’s adoption of advanced AI is continue limiting the CCP’s access to advanced, AI-tailored semiconductors. Without this critical hardware, the PLA cannot realize its AI dreams. Finally, third, by embracing the “combat cloud,” the CCP is also assuming the vulnerabilities and risks that come with AI modernization and deployment. Certainly the U.S. threat surface is huge, but the PLA will be climbing onto the same tightrope as it emulates American military strategy and power.
We’ve got to get serious about U.S. tech and outbound investment. As John Steinbeck probably didn’t say, “If you find yourself in a fair fight, your tactics suck.” I’ll add this: “If you helped your enemy make it a fair fight, you’re an idiot.” Many of our economic entanglements with China are directly facilitating its technological rise. This wouldn’t be a problem if the CCP were not evil and belligerent — but it is. The fact that only 8% of known Chinese AI suppliers have been listed or otherwise constrained is inexcusable. Even more, the flow of U.S. tech, data, and outbound investment into these companies — entities that are directly supporting the PLA’s ability to threaten American citizens and interests — must be more throughly reviewed and controlled. Just this week, Italy’s government said that a Chinese company had surreptitiously acquired one of the nation’s leading military drone companies. This is a key tactic in the CCP’s strategy of achieving AI and military strength and we need to get serious about stopping it.
🚨🚨🚨 Stay Tuned: I’ll be interviewing the report’s author in an upcoming Kitchen Sync Conversation. 🚨🚨🚨
Hackers Target Apple Devices in Hong Kong
What’s New: Google’s Threat Analysis Group (TAG) says hackers installed “backdoors” on Apple devices that visited websites associated with several Hong Kong-based pro-democracy and media websites.
Why This Matters: The initial iOS and MacOS vulnerabilities that enabled the attack have been patched, but the attackers may have created other vulnerabilities on the devices of victims.
The operation occurred in late August and leveraged a so-called “watering hole” attack — where victims are compromised by visiting a website or other location, rather than having malware delivered to them via phishing or other means.
The attack leveraged at least one zero-day exploit and, once installed on a compromised device, the malware downloaded files, exfiltrated user data, captured screen images, logged keystrokes, recorded audio, and made a “fingerprint” of each compromised device for identification.
TAG analysis says the exploit “seems to be a product of extensive software engineering” and that the attack shares many characteristics with others by Chinese state-backed hackers.
What I’m Thinking:
It was the Chinese government. I mean, we don’t know that for sure. But, we kind of do. It was China.
There is no indication that Apple’s total capitulation to Beijing enabled this attack. No evidence has been presented indicating Tim Cook’s acquiescence to the CCP’s demands for total access to the data and communications of Chinese iPhone users informed, shaped, or otherwise facilitated this unique attack on the company’s devices. There is also no conclusive proof that, by ceding physical control of Apple’s data centers in Guiyang and the Inner Mongolia region, the company is allowing CCP officials intimate knowledge of its hardware, software, and services — including the potential discovery of zero-day exploitations like the one used in Hong Kong. Again, none of this is proved by the attack outlined above. So, good job, Apple! Thanks for your principled stand for privacy and human rights.
Google is Playing Defense (But in a Good Way)
What’s New: Google executives informed employees last week that it will be competing for contracts with the U.S. military and that this does not conflict with the company’s AI principles, according to the New York Times.
Why This Matters: The announcement completes the company’s turn-around from a 2018 decision to stop supporting the American military’s Project Maven AI program and to not compete for the Pentagon’s $10 billion cloud contract, because, according to a Google statement, the company “couldn’t be assured that it would align with our AI Principles.”
Here are the AI Principles Google published in 2018.
The decision to stop its Defense work was instigated by a letter signed by more than 4,000 “googlers” protesting the company’s work with the military.
I published some criticism of the decision at the time which you can read here.
Over the last three years, however, the search giant has made several personnel moves and other adjustments to get back into the defense contracts game.
The company will be competing alongside Amazon, Microsoft, and other tech companies for the Military’s updated cloud contract that will likely exceed $10 billion.
“We understand that not every Googler will agree with this decision, but we believe Google Cloud should seek to serve the government where it is capable of doing so and where the work meets Google’s A.I. principles and our company’s values,” said Thomas Kurian, head of Google Cloud.
What I’m Thinking:
Better late than never. I’ve been liberal in my critiques of Google and its decisions about working with DoD. To their credit, they’ve heard and engaged those criticisms over the years and now appear to have landed in a very good place. I never argued that the company should be forced to work with the government, but I vehemently disagreed with the insinuation that doing so was an inherent violation of ethics or principles. The nation needs Google’s expertise and I’m very glad to have them back in the defense game.
Let’s Get Visual
That’s it for this Friday Brief. Thanks for reading, and if you think someone else would like this newsletter, please share it with your friends and followers. Have a great weekend!