The White House has announced the issuance of an executive order that establishes a new national security program focused on regulating tech investments in “countries of concern.” The executive order, signed by President Joe Biden, specifically identifies the People’s Republic of China as one of these countries. The program will oversee investments in three key tech sectors: semiconductors and microelectronics, quantum information technologies, and artificial intelligence. It aims to prevent foreign countries from exploiting US investments in critical technologies that could pose a risk to national security.
Under the program, the Department of the Treasury will regulate how citizens notify the department of financial transactions and will prohibit citizens from engaging in financial activity in the identified areas of emerging tech. A senior administration official stated that the program will complement existing export control and investment screening tools in order to address the national security threat posed by countries of concern.
China responded to the executive order by expressing “serious concern” and reserving the right to take measures. The Chinese Ministry of Commerce accused the US of using the cover of “risk reduction” to carry out decoupling and chain-breaking. Tensions between the two countries have been escalating, with the US imposing restrictions on exports of advanced computer chips and maintaining increased tariffs established during the previous administration.
In conjunction with the executive order, the Treasury Department has issued an advance notice of proposed rulemaking to increase transparency and gather feedback from stakeholders. The notice provides an overview of the proposed framework, including specific categories of covered transactions, possible exceptions, and initial details on the subset of technologies and products that will be included. The Biden-Harris administration has engaged with industry stakeholders to gather input and will continue to accept public comments for the next forty-five days.
In other news, the state of New York has unveiled its first-ever cybersecurity coordination plan. Governor Kathy Hochul’s office explained that the plan provides a roadmap for cyber risk mitigation and outlines measures to protect critical infrastructure, networks, data, and technology systems. The state is allocating $600 million to address threats to state and local governments, the private sector, and individuals. The plan emphasizes the unification of the state’s cybersecurity strategies and aims to boost cybersecurity information, tools, and services across the state.
Governor Hochul highlighted the importance of preventing cybercrimes rather than solving them after they occur. Last year, her administration established the Joint Security Operations Centers, which enhance coordination between local cybersecurity offices and provide real-time advice during attacks.
Experts have praised New York’s cybersecurity strategy but have urged lawmakers to focus on consistent usage of existing cybersecurity guidance rather than enacting new laws or proposing regulations. Consistent usage of known and proven best practices is crucial to avoid vulnerabilities and protect against business risks.
Meanwhile, Ukraine’s State Service of Special Communication and Information Protection (SSSCIP) discussed the possibility of prosecuting Russian operators for cyber war crimes. The concept of cyber war crimes is not fully developed, but it is reasonable to apply the same criteria used for kinetic activity to cyber operations. These criteria include military necessity, discrimination, and proportionality. Ukraine is collecting information about possible cyber war crimes committed by Russian occupants, aiming to classify these incidents and attacks as cyber war crimes.
Lastly, the Defense Advanced Research Projects Agency (DARPA) has announced a new AI cybersecurity challenge. The goal of the challenge is to leverage advances in AI to invent the next generation of cybersecurity defenses. DARPA will be working with various organizations, including Anthropic, Google, Microsoft, OpenAI, and Black Hat USA, to run the challenge. The White House has expressed support for the program, recognizing the crucial role that the hacker community can play in identifying and addressing security gaps in AI and ML platforms.
Experts have lauded the challenge, highlighting the importance of the hacker community in driving the development of safe and secure AI-driven technologies. They have also emphasized the need for educational content and bug bounty programs to help address vulnerabilities in AI and ML. The AI Cyber Challenge will provide an opportunity for cybersecurity professionals to contribute to a safer future by addressing the security challenges posed by AI technologies.