Monthly Archives: November 2021

Scientists have used artificial intelligence to “predict” formulas for new designer drugs, with the stated goal of helping to improve their regulation. The AI generated formulas for nearly nine million potential new drugs.

Researchers with the University of British Columbia (UBC) used a deep neural net for the job, teaching it to make up chemical structures of potential new drugs. According to their study, released this week, the computer intelligence fared better at the task than the scientists had expected.

The research team used a database of known designer drugs – synthetic psychoactive substances – to train the AI on their structures. The market for designer drugs is ever-changing, since their manufacturers are constantly tweaking their formulas to circumvent restrictions and produce new “legal” substances, while cracking their structure takes months for law enforcement agencies, the researchers said.

Read more

FILE PHOTO: A man living on the streets displays what he says is the synthetic drug fentanyl, in the Tenderloin section of San Francisco, California, February 27, 2020 © Reuters / Shannon Stapleton
Drug overdose deaths in US hit all-time record

“The vast majority of these designer drugs have never been tested in humans and are completely unregulated. They are a major public-health concern to emergency departments across the world,” one of the researchers, UBC medical student Dr. Michael Skinnider has said.

After its training, the AI was able to generate some 8.9 million potential designer drugs. Afterwards, researchers ran a data sheet of some 196 new drugs, which had emerged in real life after the model was trained, and found that more than 90% of these have been already predicted by the computer.

“The fact that we can predict what designer drugs are likely to emerge on the market before they actually appear is a bit like the 2002 sci-fi movie, Minority Report, where foreknowledge about criminal activities about to take place helped significantly reduce crime in a future world,” senior author Dr. David Wishart, a professor of computing science at the University of Alberta, has said.

Identifying completely unknown substances remains an issue for the AI, the research team has noted, but they hope it might potentially help with that task, since the computer was also able to predict which formulas of designer drugs were more likely to be created and hit the market. The model “ranked the correct chemical structure of an unidentified designer drug among the top 10 candidates 72 percent of the time,” while throwing in spectrometry analysis, which is an easily obtained measurement, bumped the accuracy to some 86%.

“It was shocking to us that the model performed this well, because elucidating entire chemical structures from just an accurate mass measurement is generally thought to be an unsolvable problem,” Skinnider stated.

Think your friends would be interested? Share this story!

find more fun & mates at SoShow now !

A Roadmap for AI in the Intelligence Community

(Editor’s Note: This article was first published by our friends at Just Security and is the fourth in a series that is diving into the foundational barriers to the broad integration of AI in the IC – culture, budget, acquisition, risk, and oversight.  This article considers a new IC approach to risk management.)

OPINION — I have written previously that the Intelligence Community (IC) must rapidly advance its artificial intelligence (AI) capabilities to keep pace with our nation’s adversaries and continue to provide policymakers with accurate, timely, and exquisite insights. The good news is that there is strong bipartisan support for doing so. The not-so-good news is that the IC is not well-postured to move quickly and take the risks required to continue to outpace China and other strategic competitors over the next decade.

In addition to the practical budget and acquisition hurdles facing the IC, there is a strong cultural resistance to taking risks when not absolutely necessary. This is understandable given the life-and-death nature of intelligence work and the U.S. government’s imperative to wisely execute national security funds and activities. However, some risks related to innovative and cutting-edge technologies like AI are in fact necessary, and the risk of inaction – the costs of not pursuing AI capabilities – is greater than the risk of action.

The Need for a Risk Framework

For each incredible new invention, there are hundreds of brilliant ideas that have failed. To entrepreneurs and innovators, “failure” is not a bad word. Rather, failed ideas are often critical steps in the learning process that ultimately lead to a successful product; without those prior failed attempts, that final product might never be created. As former President of India A.P.J. Abdul Kalam once said, “FAIL” should really stand for “First Attempt In Learning.”

The U.S. government, however, is not Silicon Valley; it does not consider failure a useful part of any process, especially when it comes to national security activities and taxpayer dollars. Indeed, no one in the U.S. government wants to incur additional costs or delay or lose taxpayer dollars. But there is rarely a distinction made within the government between big failures, which may have a lasting, devastating, and even life-threatening impact, and small failures, which may be mere stumbling blocks with acceptable levels of impact that result in helpful course corrections.

The Cipher Brief hosts private briefings with the world’s most experienced national and global security experts.  Become a member today.

As a subcommittee report of the House Permanent Select Committee on Intelligence (HPSCI) notes “[p]rogram failures are often met with harsh penalties and very public rebukes from Congress which often fails to appreciate that not all failures are the same. Especially with cutting-edge research in technologies … early failures are a near certainty …. In fact, failing fast and adapting quickly is a critical part of innovation.” There is a vital difference between an innovative project that fails and a failure to innovate. The former teaches us something we did not know before, while the latter is a national security risk.

Faced with congressional hearings, inspector general reports, performance evaluation downgrades, negative reputational effects, and even personal liability, IC officers are understandably risk-averse and prefer not to introduce any new risk. That is, of course, neither realistic nor the standard the IC meets today. The IC is constantly managing a multitude of operational risks – that its officers, sources, or methods will be exposed, that it will miss (or misinterpret) indications of an attack, or that it will otherwise fail to produce the intelligence policymakers need at the right time and place. Yet in the face of such serious risks, the IC proactively and aggressively pursues its mission. It recognizes that it must find effective ways to understand, mitigate, and make decisions around risk, and therefore it takes action to make sure potential ramifications are clear, appropriate, and accepted before any failure occurs. In short, the IC has long known that its operations cannot be paralyzed by a zero-risk tolerance that is neither desirable nor attainable. This recognition must also be applied to the ways in which the IC acquires, develops, and uses new technology.

This is particularly important in the context of AI. While AI has made amazing progress in recent years, the underlying technology, the algorithms and their application, are still evolving and the resulting capabilities, by design, will continue to learn and adapt. AI holds enormous promise to transform a variety of IC missions and tasks, but how and when these changes may occur is difficult to forecast and AI’s constant innovation will introduce uncertainty and mistakes. There will be unexpected breakthroughs, as well as failures in areas that initially seemed promising.

The IC must rethink its willingness to take risks in a field where change and failure is embraced as part of the key to future success. The IC must experiment and iterate its progress over time and shift from a culture that punishes even reasonable risk to one that embraces, mitigates, and owns it. This can only be done with a systematic, repeatable, and consistent approach to making risk-conscious decisions.

Today there is no cross-IC mechanism for thinking about risk, let alone for taking it. When considering new activities or approaches, each IC element manages risk through its own lens and mechanisms, if at all. Several individual IC elements have created internal risk assessment frameworks to help officers understand the risks of both action and inaction, and to navigate the decisions they are empowered to make depending upon the circumstances. These frameworks increase confidence that if an activity goes wrong, supervisors all the way up the chain will provide backing as long as the risk was reasonable, well-considered and understood, and the right leaders approved it. And while risk assessments are often not precise instruments of measurement – they reflect the quality of the data, the varied expertise of those conducting the assessments, and the subjective interpretation of the results – regularized and systematic risk assessments are nevertheless a key part of effective risk management and facilitate decision-making at all levels.

Go beyond the headlines with expert perspectives on today’s news with The Cipher Brief’s Daily Open-Source Podcast.  Listen here or wherever you listen to podcasts.

Creating these individual frameworks is commendable and leading-edge for government agencies, but more must be done holistically across the IC. Irregular and inconsistent risk assessments among IC elements will not provide the comfort and certainty needed to drive an IC-wide cultural shift to taking risk. At the same time, the unique nature of the IC, comprised of 18 different elements, each with similar and overlapping, but not identical, missions, roles, authorities, threats and vulnerabilities, does not lend itself to a one-size-fits-all approach.

For this reason, the IC needs a flexible but common strategic framework for considering risk that can apply across the community, with each element having the ability to tailor that framework to its own mission space. Such an approach is not unlike how the community is managed in many areas today – with overarching IC-wide policy that is locally interpreted and implemented to fit the specific needs of each IC element. When it comes to risk, creating an umbrella IC-wide framework will significantly improve the workforce’s ability to understand acceptable risks and tradeoffs, produce comprehensible and comparable risk determinations across the IC, and provide policymakers the ability to anticipate and mitigate failure and unintended escalation.

Critical Elements of a Risk Framework

A common IC AI risk framework should inform and help prioritize decisions from acquisition or development, to deployment, to performance in a consistent way across the IC. To start, the IC should create common AI risk management principles, like its existing principles of transparency and AI ethics, that include clear and consistent definitions, thresholds, and standards. These principles should drive a repeatable risk assessment process that each IC element can tailor to its individual needs, and should promote policy, governance, and technological approaches that are aligned to risk management.

The successful implementation of this risk framework requires a multi-disciplinary approach involving leaders from across the organization, experts from all relevant functional areas, and managers who can ensure vigilance in implementation. A whole-of-activity methodology that includes technologists, collectors, analysts, innovators, security officers, acquisition officers, lawyers and more, is critical to ensuring a full 360-degree understanding of the opportunities, issues, risks, and potential consequences associated with a particular action, and to enabling the best-informed decision.

Given the many players involved, each IC element must strengthen internal processes to manage the potential disconnects that can lead to unintended risks and to create a culture that instills in every officer a responsibility to proactively consider risk at each stage of the activity. Internal governance should include an interdisciplinary Risk Management Council (RMC) made up of senior leaders from across the organization. The RMC should establish clear and consistent thresholds for when a risk assessment is required, recommended, or not needed given that resource constraints likely will not allow all of the broad and diverse AI activities within organizations to be assessed. These thresholds should be consistent with the IC risk management principles so that as IC elements work together on projects across the community, officers have similar understandings and expectations.

The risk framework itself should provide a common taxonomy and process to:

  • Understand and identify potential failures, including the source, timeline, and range of effects.
  • Analyze failures and risks by identifying internal vulnerabilities or predisposing conditions that could increase the likelihood of adverse impact.
  • Evaluate the likelihood of failure, taking into consideration risks and vulnerabilities.
  • Assess the severity of the potential impact, to include potential harm to organizational operations, assets, individuals, other organizations, or the nation.
  • Consider whether the ultimate risk may be sufficiently mitigated or whether it should be transferred, avoided, or accepted.

AI-related risks may include, among other things, technology failure, biased data, adversarial attacks, supply chain compromises, human error, cost overruns, legal compliance challenges, or oversight issues.

An initial risk level is determined by considering the likelihood of a failure against the severity of the potential impact. For example, is there is a low, moderate, or high likelihood of supply chain compromise? Would such a compromise affect only one discrete system or are there system-wide implications? These calculations will result in an initial risk level. Then potential mitigation measures, such as additional policies, training, or security measures, are applied to lower the initial risk level to an adjusted risk level. For example, physically or logically segmenting an organization’s systems so that a compromise only touches one system would significantly decrease the risk level associated with that particular technology. The higher the likelihood of supply chain compromise, the lower the severity of its impact must be to offset the risk, and vice versa. Organizations should apply the Swiss Cheese Model of more than one preventative or mitigative action for a more effective layered defense. Organizations then must consider the adjusted risk level in relation to their tolerance for risk; how much risk (and potential consequence) is acceptable in pursuit of value? This requires defining the IC’s risk tolerance levels, within which IC elements may again define their own levels based upon their unique missions.

Understanding and considering the risk of action is an important step forward for the IC, but it is not the last step. Sometimes overlooked in risk assessment practices is the consideration of the risk of inaction. To fully evaluate potential options, decision-makers must consider whether the overall risk of doing something is outweighed by the risks of not doing it. If the IC does not pursue particular AI capabilities, what is the opportunity cost of that inaction? Any final determination about whether to take action must consider whether declining to act would cause greater risk of significant harm. While the answer will not always be yes, in the case of AI and emerging technology, it is a very realistic possibility.

And, finally, a risk framework only works if people know about it. Broad communication – about the existence of the framework, how to apply it, and expectations for doing so – is vital. We cannot hold people accountable for appropriately managing risk if we do not clearly and consistently communicate and help people use the structure and mechanisms for doing so.

Buy-in To Enhance Confidence

An IC-wide AI risk framework will help IC officers understand risks and determine when and how to take advantage of innovative emerging technologies like AI, increasing comfort with uncertainty and risk-taking in the pursuit of new capabilities. Such a risk framework will have even greater impact if it is accepted – explicitly or implicitly – by the IC’s congressional overseers. The final article in this series will delve more deeply into needed changes to further improve the crucial relationship between the IC and its congressional overseers. It will also provide a link to a full report that provides more detail on each aspect of the series, including a draft IC AI Risk Framework.

Although Congress is not formally bound by such a framework, given the significant accountability measures that often flow from these overseers, a meeting of the minds between the IC and its congressional overseers is critical. Indeed, these overseers should have awareness of and an informal ability to provide feedback into the framework as it is being developed. This level of transparency and partnership would lead to at least two important benefits: first, increased confidence in the framework by all; and second, better insight into IC decision-making for IC overseers.

Ultimately, such a mutual understanding would encourage exactly what the IC needs to truly take advantage of next-generation technology like AI: a culture of experimentation, innovation, and creativity that sees reasonable risk and failure as necessary steps to game-changing outcomes.

Read also AI and the IC: The Tangled Web of Budget and Acquisition

Read also Artificial Intelligence in the IC: Culture is Critical

Read also AI and the IC: The Challenges Ahead

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The post A Roadmap for AI in the IC appeared first on The Cipher Brief.

find more fun & mates at SoShow now !

A cleaner for Israel’s defense minister has been accused of espionage after allegedly offering to place malware on his boss’ household computer for an Iran-linked hacking group.

In a statement on Thursday, the Shin Bet security service said that Omri Goren, a housekeeper for Defense Minister Benny Gantz, and a former bank robber according to Israeli media, corresponded with an unnamed person over social media shortly before his arrest. 

Read more

American Businessman Bill Gates (FILE PHOTO) © Jeff J Mitchell/Pool via REUTERS
Bill Gates predicts Covid-19 mortality rate

Goren reached out earlier this month to “a figure affiliated with Iran and offered to help him in different ways, in light of his access to the minister’s home,” the statement read, according to the Times of Israel.

It is understood that Goren offered to spy and place malware on Gantz’s computer on behalf of a hacking group, reportedly called ‘Black Shadow’ and associated with Iran, Tel Aviv’s perennial enemy. It is also said that he provided photos of Gantz’s residence to prove he had access. 

A Central District prosecutor filed espionage charges against Goren on Thursday. If convicted, the accused could face a sentence of between 10 and 15 years, according to the Times of Israel.

The 37-year-old Lod resident has previously served four prison sentences, the most recent of which was for four years. Goren was found guilty of five crimes between 2002 to 2013, two of the convictions were for bank robbery.

The Shin Bet said they would review their processes for staff background checks “with the goal of limiting the possibility of cases like this repeating themselves in the future.”

Speaking on Kan public radio, Gal Wolf, the attorney representing Goren, suggested his client had intended to extract money from the Iranians without carrying out any spying.

If you like this story, share it with a friend!

find more fun & mates at SoShow now !

The EU Commission has released draft legislation aimed at tackling the destruction of woodland by introducing import restrictions on products not certified as ‘deforestation-free’.

The draft proposal, which the commission hopes will become binding rules for all member states, seeks to limit the import of beef, cocoa, coffee, palm, soy, and wood if it is not proven “deforestation-free.”

Outlining the legislation, the EU commissioner for climate action policy, Virginijus Sinkevicius, called it a “ground-breaking” proposal that will help fight “illegal deforestation” and “deforestation driven by agricultural expansion.”

The bill comes after nations at the COP26 summit agreed to work to end deforestation by 2030. It would impose two criteria on imports, requiring items to have been produced in accordance with the origin country’s laws, and not on land that has been deforested or degraded since the start of 2021.

It is not clear when the rules would come into effect; legislative proposals by the commission have to be debated and considered by both the EU Parliament and the Council of the EU before they are passed. The implementation of measures could potentially impact the EU’s trade relations with countries like Brazil, where clearing of the Amazon rainforest hit a new record in October.

During the recent COP26 climate summit, 110 world leaders – whose countries contain around 85% of the world’s woodland – committed to ending and reversing deforestation by 2030, pledging around £14 billion ($18.84 billion) of public and private funds towards the goal.

Like this story? Share it with a friend!

find more fun & mates at SoShow now !

Reuters has apologized for its poor choice of photo to illustrate a story about a monkey brain study that was deemed offensive and racist in China.

On Thursday, Reuters published a story titled “Monkey-brain study with link to China’s military roils top European university.” The report was about a Chinese professor studying how a monkey’s brain functions at extreme altitude.

The study was done with the help of Beijing’s People’s Liberation Army (PLA) with the aim of developing new drugs to prevent brain damage, Reuters said.

The news agency promoted the story on Twitter with a photo of smiling Chinese soldiers in an oxygen chamber.

The tweet prompted outrage in China, with people calling it racist on social media. Reuters responded on Friday night by deleting the original tweet because the photo of Chinese soldiers was unrelated to the story and “could have been read as offensive.”

“As soon as we became aware of our mistake, the tweet was deleted and corrected, and we apologize for the offense it caused,” Reuters said in a statement to the Global Times, China’s state-run newspaper.

It was not the first time the leading Western news agency had run into trouble in China. In July, the Chinese Embassy in Sri Lanka criticized Reuters for using a photo of Chinese weightlifter and Tokyo 2020 Olympics gold medalist Hou Zhihui that the country’s state media described as “ugly” and “disrespectful to the athlete.”

Think your friends would be interested? Share this story!

find more fun & mates at SoShow now !

Clinics in the Austrian region of Salzburg have set up a special assessment team tasked with identifying Covid patients who have a higher chance of survival; the rest may soon have to take a back seat.

Amid a dramatic spike in Covid cases, medical personnel warn they may soon have to make the heart-wrenching choice of which patients get life-saving treatment and which ones will have to wait, Austrian media report. Intensive care units in the Salzburg region are packed, with the number of patients treated there setting a new grim record on Tuesday, reaching 33. The region ranks amid Austria’s hardest-hit, logging more than 1,500 new infections per 100,000 residents in a week. In an emotional plea for help to the local government, the head of Salzburg’s hospitals warned that soon clinics would likely not be able to guarantee the existing level of standards in terms of medical treatment. A representative for the city clinics likened the situation to “running into a wall.

The region’s governor, Wilfried Haslauer, announced on Tuesday that some of the Covid patients whose condition was no longer life-threatening would be transferred from hospitals to rehabilitation centers to make room for more serious cases.

Read more

FILE PHOTO.GRAZ, AUSTRIA. © AFP /CREDITERWIN SCHERIAU
Austria imposes compulsory vaccination from February 1 & nationwide lockdown starting Monday

In neighboring Upper Austria, the situation is no better, with the number of deaths in intensive care units surpassing figures seen in all the previous Covid waves. Speaking to Austria’s Der Standard paper on condition of anonymity, healthcare workers there said they had free beds “because the infected are dying.

For the time being, the creation of a so-called ‘triage team’ in Salzburg hospitals is being described as a “precautionary measure.” The panel is made up of six people: one legal expert and five providers from various medical disciplines. If push comes to shove, they will be deciding which patients stand a chance and which treatments have little prospect of success.

Like this story? Share it with a friend!

find more fun & mates at SoShow now !

Chris Inglis’ new White House office has a startup feel to it. There are desks, a few chairs, a coffee maker and a poster hanging on the wall.  But as the head of the newly established Office of the National Cyber Director, Inglis has to make due with what he has while still advising President Joe Biden on the smartest ways for the US to prevent and respond to cyberattacks.

Inglis has already had numerous conversations with the president, who has made clear that the government has a role to play in the defense of the private sector and in assisting the private sector in defending critical infrastructure.  And the president knows, says Inglis, that means the government needs to get its own cyber house in order. 

But like any real startup, Inglis’ resources are scarce.  More than three months after being confirmed by the Senate, he still doesn’t have the full staff he needs to take on his timely and critical mission.  That’s because the funding for his office – some $21 million, part of the $1 trillion infrastructure bill making its way through Congress – is still stuck in the political spin cycle.  Why does it matter?

“The threat is greater than I can ever remember,” Inglis told me during last month’s AFCEA and INSA Intelligence & National Security Summit in National Harbor, Maryland. “The audacity, the brazenness, the thresholds that have been crossed at every turn; we’re in a difficult place.”

While he’s waiting for Congress to act, he says he’s spending about fifty percent of his time defining his role, being careful not to duplicate the work already being done by other agencies and departments, while spending another fifty percent building relationships that will be important later.  Eventually, he’s expected to have a staff of some 75 people who will be expected to work hand in glove with CISA, the National Security Council’s cyber staff, the OMB and others.  The remaining fifty percent of his time, Inglis jokes, is spent figuring out how to attract the country’s best talent.   

“People are starting to flow into the organization. I’m confident that we’re coming up to a breakout moment, not for the National Cyber Director, but the contribution that we can and should make. I’m sobered by the nature of the challenge, I’m optimistic we can make a difference.”

Optimistic he is.  And he’s not even complaining about being given a critical task for US national security and then having to wait for politics to play out before being able to act on it.

“It has been a semi-silver lining in that we would not have had time to think about how we want to apply the resources coming our way.”

While Inglis has been waiting, he and his small team have had time to think about the four things they’d like to focus on right away. 

First, is streamlining the roles and responsibilities in government of who handles what when it comes to protecting the public and private sectors from cyberattacks.  He also spoke during his confirmation hearing about the importance of allocation of resources and while the Office of the National Cyber Director doesn’t have the authority to move money, it does have what Inglis calls the responsibility to account for cyber money.

“One of the most critical gaps in cyber is that the physical digital infrastructure is not built to a common standard. The executive order related to this requires that within a certain amount of time we have to install basic procedures like multifactor authentication and encryption of stored material. That is a challenge and a potential vulnerability for us. We need to make sure that we make these investments necessary to buy down the lack of investment for years.

The second gap is in talent related to number of people required to occupy these jobs. It’s not simply the folks with IT or cyber in their name, but general cyber awareness. There is some expenditure of resources of time, attention, and money to get awareness right on the part of the truly accountable parties like agency and department heads. We have to make sure they don’t see cyber as a cost center, but an enabler on the part of all the users as they understand what their roles are and what the accountability is.

He admits there is still a level of education needed within government to get there.

That is usually the case in both the government and the private sector,” he said.  “We need to think this way about cyber and invest in cyber so that we can enable the mission, not hold it back. I think that education is the most important and effective way to handle this. Then, it is to make sure that the accountability is aligned and harmonized. We tend to take risk in one place and expect someone in another place to be the mitigator of a risk they don’t understand was taken in the first place. We need to operate in a collaborative fashion and get away from divisions of effort which are an agreement not to collaborate and allow adversaries to pick us off one at a time.”

Inglis says that unity of effort must start at home.  “The executive order issued in May has begun to lay out common expectations about the hardware, software, and practices that we need to begin in those spaces,” he said.  “Externally, if we have sector risk management agencies who engage the private sector for the purposes of supporting and engaging the critical components of that infrastructure, we need to make sure you don’t need a Ph.D. in government to know who to deal with and what you’re going to get from them.”

He is arguing for the government to also put ‘valuable material’ on the table.  “That could be our convening power,” said Inglis. “We could perhaps address and reduce liability or give companies a clue as to what might be around the corner because the government has access to exquisite intelligence. If that setup is possible, we also need a venue where collaboration takes place. Information doesn’t collaborate, people do.”

Inglis likes to point to the example of CISA and the Joint Cyber Collaborative.  “They put people from the private sector and the public sector side by side to co-discover threats that hold us at common risk. That project sets up the possibility of implicit collaboration in what we then do with that common operational picture. The government could take ideas that private sector companies turn into proprietary systems and enrich and classify them to deal with it in their system.”

Using what he calls “all the tools in the toolkit,” Inglis also notes the importance of international relationships, which fits nicely into the White House’s International Summit on Ransomware last week in Washington, which zeroed in on tighter cryptocurrency standards, among other things. “Beyond the Five Eyes, what do other like-minded nations think about what is expected behavior in this? What are governmental actions that are appropriate,” he asked.  

Inglis has been an active participant in the president’s recent actions in cyber.  He took part in a White House meeting with tech leaders in August that was hosted by President Biden, who Inglis says, spent the first hour sharing his vision about how the country should focus on collaborative integration.  “The companies represented weren’t only companies like Microsoft and Apple, but people who operate in the critical infrastructure space,” said Inglis.  “The people component, educators, were represented reflecting the president’s view that cyberspace is not just technology, it is also the people component. They are a major link in the chain, and we need to get the roles and responsibilities right.”

While he’s waiting for the funding he needs to get his office fully staffed, Inglis said he’s also putting thought into reconciling resources with aspirations.  Managing expectations is going to be important.  Frustration has been growing for years over what some see as a lack of government response to some of the largest hacks in history.  The phrase ‘time and place of our choosing’ as a definition of response has grown old and some Americans are weary of a government that isn’t responding in a more public way to the beating it sees the US taking in cyberspace.

So, I asked Inglis whether there should be red lines in cyber.

“Red lines are both good and bad,” he answered.  “They are clear and crisp, and everybody knows what they are. The downside is that because of that, an adversary knows exactly how far they can go. It means that you set up a somewhat permissive environment. Red lines also don’t have context; sometimes there is a reason that a defender would make the ransomware payment. As a matter of policy, the U.S. government does not pay ransomware, but I imagine there will be a situation at some point where a hospital is against the Russian state and actual life and safety is at risk. If there is no other way to get the material back, in order to get back in the business of saving lives, they would want to rethink if a red line is a red line in that particular situation. I think the right thing to do here is not to establish hard thresholds of things with scripted responses, but outline what we are prepared to defend and what principles we will exercise in defense of those things. We commit to defending the private sector when it is held at risk by a nation state in cyberspace as much as in the kinetic space and make that clear to adversaries. I think that would be more helpful in changing decision calculus and creating a useful ambiguity about when and where we will come in.”

Inglis said he’s also thinking a lot about present and future resilience.  It’s a worthwhile focus, given that the White House estimates that nearly half a million public and private sector cybersecurity jobs are currently unfilled. 

“That is a massive problem,” said Inglis. “However, the more insidious problem is that the 320 million people in the United States who use the internet who have no idea how to properly take their place on the front lines of this issue. There is an awareness issue that requires us not to make Python programmers out of them but to make sure they understand the nature of this space.”

Everyone has heard the old saying that time is money, but in Inglis’ case, time is security so I asked him point blank whether he thought government was moving has quickly as it should on the cyber problem.

“Government is moving at speed; the question is if it is at the necessary speed. I don’t think anyone is moving at the necessary speed. Some are moving at light speed, but at the end of the day, we need an integrated, collaborative approach. While we won’t have unity of command, I think there needs to be a universally felt sense of urgency so that we will all get our heads in the game.”

Congress, are you listening?  Oh, and by the way, that poster in Inglis’ office? It reads, ‘Hours Since the Last Surprise.”

As a startup with maybe too few resources at the start and who often didn’t understand how all the wickets are run, we have our occasional surprise,” said Inglis.  “When we encounter those surprises and go to someone with the deep and sharp expertise to help us navigate that, we get what we need. However, we are not a full functioning, full featured, fully capable organization yet. We’re trying to build somebody else’s airplane while we’re free falling from our own. We have a parachute, and we can land safely, but it is a bit of a challenge at times.”

Find out more about why experts like former NSA Director General Keith Alexander (Ret.), Mandiant CEO Kevin Mandia and others have joined The Cyber Initiatives Group, powered by The Cipher Brief

Read more expert national security insights, perspective and analysis in The Cipher Brief

The post Chris Inglis and the Gathering Cyber Storm appeared first on The Cipher Brief.

find more fun & mates at SoShow now !

Scientists in Sweden claim that a single protein in the blood could predict the onset of Type 2 diabetes nearly 20 years in advance. The breakthrough potentially affects hundreds of millions of people worldwide.

Diabetes is the world’s ninth-leading cause of death, and affects nearly half a billion people worldwide, according to the World Health Organisation (WHO). The vast majority of diabetes patients suffer from Type 2 diabetes, a condition that can lead to blindness, kidney failure, heart attacks, strokes, and lower limb amputation. Cases of diabetes quadrupled worldwide between 1980 and 2014, with unhealthy diets and lack of exercise blamed for the rise.

Read more

© Getty Images / Peter Dazeley
NHS setting up fat camps for children

However, researchers at Lund University in Malmo, Sweden claim that elevated levels of a certain protein – follistatin – in the blood can predict the onset of Type 2 diabetes regardless of a person’s age, weight, diet or activity level. In a study published last week, the scientists wrote that high levels of follistatin can predict the condition up to 19 years before symptoms appear.

To discover the link between follistatin and diabetes, the researchers tracked 5,300 people from Sweden, Italy, and the UK for between four and 19 years. Follistatin helps break down body fat, while simultaneously leading to an increase in fat in the liver. This buildup can cause fatty liver disease and Type 2 diabetes.

“This study shows that follistatin has the potential to become an important biomarker to predict future Type 2 diabetes, and it also brings us one step closer to the understanding of the mechanisms behind the disease,” Dr. Yang De Marinis, associate professor at Lund University and lead author of the study, told a university newsletter. De Marinis added that the next step for her team would be to help develop an AI-based diagnostic tool that could analyze a patient’s blood sample and use their follistatin levels – and other biomarkers – to calculate their “risk score” for Type 2 diabetes.

As follistatin levels rise in response to food intake and activity levels, the same advice for prevention of diabetes still applies. “Balanced meals, eat[ing] healthy and regular exercise are important to decrease the risk of developing Type 2 diabetes,” De Marinis told StudyFinds.

Think your friends would be interested? Share this story!

find more fun & mates at SoShow now !

Rotterdam Mayor Ahmed Aboutaleb has described an anti-lockdown protest in his city as an “orgy of violence.” The Dutch demonstration devolved into a violent riot that saw police open fire on protesters.

Aboutaleb described the events of Friday night as an “orgy of violence,” after protesters packed Rotterdam’s central Coolsingel shopping street to voice their opposition to an ongoing partial lockdown, a ban on New Year’s Eve fireworks displays, and the possibility of a two-tiered system of freedom in the Netherlands, one of liberty for the vaccinated and restrictions for those without the jab.

Read more

A police squad car is seen engulfed in flames during a protest in Rotterdam, Netherlands, November 19, 2021.
2 wounded after shots fired at Covid protest in Netherlands

The protest soon got out of hand, and police said on Saturday that 57 people were arrested. Protesters were seen torching police vehicles and launching fireworks at police, who shot at them in response.

Aboutaleb said that the cops had been “forced” to use their weapons. “On a number of occasions the police felt it necessary to draw their weapons to defend themselves,” he told reporters. “They shot at protesters, people were injured.”

Police say at least seven people were injured. Two of these injuries were caused by police bullets, and the victims are still in hospital. One officer was hospitalized, while several others were treated at the scene for minor injuries.

Like this story? Share it with a friend!

find more fun & mates at SoShow now !

Colder weather is settling in around much of the globe and after a year and a half of managing a global pandemic, energy markets are more complicated than ever.  The U.S. petroleum inventory is at its lowest level since 2015, the UK is experiencing a severe energy crisis, Russia continues to push Germany on the Nordstream II pipeline and winter has already come to China, which has experienced weeks of rolling blackouts. What does all of this mean as both state and non-state cyber actors continue to take aim at energy infrastructure?

The Cipher Brief spoke with energy expert Norm Roule, a top adviser on energy issues, to get a sense of where we’re headed.

Norman T. Roule served for 34-years in the Central Intelligence Agency, managing numerous programs relating to Iran and the Middle East.  He served as the National Intelligence Manager for Iran (NIM-I) at the Office of the Director of National Intelligence from November 2008 until September 2017.  As NIM-I, he was the principal Intelligence Community (IC) official responsible for overseeing all aspects of national intelligence policy and activities related to Iran, to include IC engagement on Iran issues with senior policy makers in the National Security Council and the Department of State.

The Cipher Brief: Give us a brief snapshot of the global energy market today and what you think we will see in the coming months.

Roule: The energy market is working through what will hopefully be the final phase of a perfect storm of market distortions ignited by the pandemic and influenced by shifts in capital markets and climate change initiatives. I say the final phase because most countries are returning to growth and pre-pandemic energy consumption. Most of the drivers of this final phase will likely push prices upward in the near term. A few involve long-known issues that are now coming into play. A few remain unpredictable. Ancillary industries that rely on oil, gas, or distillates as significant feedstocks will either raise prices or shift production to areas with less exposure to hydrocarbons. In short, in the coming weeks, consumers should expend to not only pay more at the gas pump but at the supermarket and mall.  We are likely to see relief in the Spring as the pandemic and supply chain distortions wane, seasonal demands on oil and gas pass, and energy producers ramp up operations to exploit high prices. China’s economy also shows signs of slowing, and financial packages meant to jump-start global economies will run their course.

The Cipher Brief: Energy markets seem more complicated than ever. What are the primary variables at play?

Roule: Global oil consumption is now back to 100 million barrels per day, a statistic last seen when the pandemic hit. Production is up, but the most crucial trend in recent months has been the deep draw on the glut of oil stocks during the pandemic. Producers – especially OPEC – have constrained production to reflect their cautious approach to market stability and their desire to reduce the stockpiles accumulated during the pandemic. As a result, stocks are now lower than before the pandemic. If you exclude the strategic petroleum reserve, the U.S. petroleum inventory is at a level not seen since 2014-2015. Stockpiles at Cushing are at a similar level. U.S. gasoline stocks are around five million barrels below pre-pandemic seasonal averages.

U.S. producers have consolidated, and the industry prioritizes return on equity over expansion, particularly in a political environment that is increasingly hostile to hydrocarbon production. As a result, U.S. oil production is still about 1.7 million barrels a day below pre-pandemic levels. Add to this the push to reduce carbon emissions, gas supply cuts, and some supply chain distortions, and you get a surge in gas prices and a need for oil (and coal) to replace gas in electricity production, as we see in China.

The Cipher Brief: The administration seems to be blaming OPEC plus for high oil prices. What’s happening within the cartel?  How does the cartel see the current energy market?

Roule: OPEC’s role in oil markets remains deeply significant. The cartel produces 40 percent of the world’s oil, but 60 percent of the world’s total traded exports. That inevitably gives it an important voice. It is also clear that OPEC+ leaders remain confident in their strategy to maintain market stability and benefit from prices that are not so high that they ignite demand destruction. OPEC discipline during this turbulent period has been quite good, especially given that it is far from a monolith of views and capabilities. For example, the UAE would likely support additional production. Moscow makes positive noises about its willingness to increase production, but it follows Riyadh’s lead for the revenue and political advantage it derives from the current market.  

Riyadh remains the architect of OPEC’s approach. Kuwait and Baghdad seem comfortable with this strategy. Production restraint is made easier because about half of OPEC’s members reportedly are unable to meet production quotas due to technical problems, mismanagement, or a lack of capital investment. This list includes Angola, Gabon, Equatorial Guinea, Nigeria, Libya, and Venezuela.  

OPEC decision-making likely rests on a handful of variables, some predictable, others not. The cartel has done well in its assessments of global recovery and pandemic impact. But questions remain on aviation recovery. Likewise, even their best analysts have a tough time predicting the impact of speculators, weather trends, and the future of sanctions on Iran and Venezuela. Riyadh and Abu Dhabi will do what they can to avoid the financial and political consequences of inflation and any energy-instigated recession.

The strains in US-Saudi relations appear to have undermined Riyadh’s sympathy for Washington’s challenges. The Saudis are tired of being a political target within the U.S. They also seem to believe that while the U.S. touts itself as being interested in only renewable energy sources, it has no problem criticizing the Kingdom when high gas prices become a political issue. Last, we should recall that it was only in May 2020 that a group of Republican Senators publicly called on Saudi Arabia, demanding that it stabilize the energy market. From Riyadh’s perspective, it has done precisely that.

The Cipher Brief: Are the Gulf oil producers serious about renewable energy? 

Roule: Absolutely. Regional leaders certainly understand the consequences of climate change for their people. In recent years, the region has experienced some of the highest temperatures on record, causing concern that, if unchecked, the trend could make portions of the Middle East unlivable.

But their approach is different from ours and as we all know, Gulf economies rely heavily on revenues from hydrocarbons. To varying degrees, all the Gulf states are trying to diversify their economies. But they also want to avoid a situation in which they are stuck with stranded strategic assets. In the West, our climate narrative tends to focus on ending the use of hydrocarbons. As with Norway, Gulf producers claim that they will use the resources from their oil revenues to fund the transition to a new energy economy.

Join The Cipher Brief for Members Only expert conversations on issues related to economic and global security.  Become a member for just $10 a month and then join us for a Members Only Brief with Norm Roule on Thursday, November 18 at 1:30p.  Members receive invitations via email.

Their focus tends to be a balance between a reduction of emissions and reduction of hydrocarbon use. Recent weeks have seen multiple significant events in the Gulf in which they tried to highlight their decision to expend resources and political bandwidth on green technologies, hydrogen production, and carbon capture solutions. We will also see increasing efforts to plant trees and to rely on natural gas instead of oil for power generation. They also claim they will try to end gas flaring and reduce methane emissions. I don’t think these efforts will satisfy Western environmental activists who demand an end to oil use, but the trend is undeniable.

The Cipher Brief: What is happening with U.S. oil and gas producers?  How are they responding to changing conditions?

Roule: Much has changed in the last two years. First, the sector underwent significant consolidation. The larger publicly-held companies must satisfy investors and financial institutions with a steady return on equity over the growth. Washington has cooled on its support for the industry. The decision to kill the Keystone Pipeline and limit drilling on federal property has contributed to industry reluctance on expansion. Last, some investors are pushing for companies to devote more attention to renewable energy sources.  During the pandemic, this reduced capital investment to about half of average expenditure, thus producing our current limited production capacity. U.S. rig count has significantly improved over the past year, but not on a scale that would return U.S. production to pre-pandemic levels. In the near term, smaller privately-held firms are likely to spend the resources to expand production with public firms following once they get a sense of what 2022 will bring.

The results speak for themselves. At the beginning of the pandemic, the U.S. produced around 12.8 million barrels of oil per day (BPD). By May 2020, production declined to 9.7 million BPD, and with recovery is now approximately 11.3 million BPD.  We are once again a net importer, bringing in about 1.3 million BPD in October.

We have seen a broader recovery in gas production, particularly in Texas. But a lack of production, low stockpiles, and unprecedented demand from abroad means consumers will face high bills if winter is severe or the risk of short supplies. Beyond heating, gas-fired power plants produce more than 50% of New England’s electricity, for example, so that any price spike will play out elsewhere in the economy.

The Cipher Brief: Is there a policy response to this situation?

Roule: I think policymakers globally are praying for a mild winter. But beyond this, policy options are few in the near term. A release from the strategic petroleum reserve (SPR) is conceivable. Still, we should remember the SPR was established for national emergencies and not a piggy bank to manage gas prices in an election year. Domestic producers will take a while to ramp up production, but policymakers will find this tough to seek in the current political environment. The administration could ban oil and gas exports or allow Congress to pass legislation enabling the federal government to sue OPEC for its cartel activities. Either step would invite predictable and unwelcome diplomatic consequences. 

Although the American public demands cheap energy, it isn’t enthusiastic about supporting the infrastructure needed to achieve this, even if the power is produced elsewhere.  Let me cite a couple of recent examples:

• Maine voters just rejected the construction of a billion-dollar electric line that would have delivered Canadian hydro-power electricity to New England.

• The administration is wrestling with a decision as to whether it should shut a pipeline that carries crude oil from Canada to refineries across Wisconsin, Michigan, and the Great Lakes region. 

If the administration hopes to convince OPEC members to increase production, it will improve relations with Gulf Arabs. It might be possible to convince Saudi Arabia, Kuwait, and the UAE to lift production to cover the exports of OPEC members unable to meet their production quotas. In an extreme situation, the administration might consider a temporary oil export waiver to Iran as a sign of goodwill. I think the political blowback on the latter rules it out, but the possibility is there. 

The Cipher Brief: The United Kingdom seems to be working its way through a severe energy crisis. How did this happen, and what are its policymakers doing in response?

Roule: The United Kingdom’s energy challenge is significant. As with other countries, it faces consequences of production limitation and the need to turn to more climate-friendly energy sources.

A few basics.  Gas produces about 40% of the country’s electricity and heats many of its homes. Once London could rely on the North Sea for its gas; it now imports about half of its gas requirements.  Norway is its primary gas source, but it also depends on gas producers in the U.S., Russia, Qatar, Belgium, and the Netherlands. To add to its woes, the U.K.’s storage capacity would survive only a short period of peak consumption. In 2017, London closed a massive Rough, which accounted for 70% of the country’s entire gas storage system. At the time, London believed it could rely on the global LNG market for reliable and cheap gas. Unfortunately, most LNG tankers head to Asia, a trend that can only increase as power-hungry Asian countries wean themselves from coal and oil.

The exploitation of new energy sources in the U.K. is no less contentious than in the U.S. A good illustration of this would be the tussle over the development of the Cambo oil and gas field in the waters near Scotland. Opposed by environmentalists who cite the inevitable carbon emissions the project and its oil would produce, the project offers to ease London’s energy woes and provide around a thousand jobs. The Johnson government has yet to indicate whether it will approve the project.

London’s options are few and leaving the country reliant on market conditions means risking shortages. For this reason, it has reportedly asked Qatar to agree to become the “supplier of last resort” in case global suppliers are unavailable. 

Go beyond the headlines with expert perspectives on today’s news with The Cipher Brief’s Daily Open-Source Podcast.  Listen here or wherever you listen to podcasts.

The Cipher Brief: What’s the Russian angle to the energy story?

Roule: Upfront, I think we should worry whether Russia will perceive the energy crisis as offering an opportunity for aggression. What if Moscow decides its gas hold over Europe allows it to invade Ukraine without penalty? Or as a means of pushing German regulators to accelerate their approval of the Nordstream II pipeline?

Moscow insists that it is meeting contractual obligations and that its exports have increased in the past year. At the same time, there are routine reports that Russia’s gas supplies to Europe have not only not met requirements, but that gas flow reversed in the Yamal-Europe pipeline. Russia also maintains eight gas storage sites in Europe to help manage supply during high-demand periods. Gas levels at these sites are currently low. Critics claim Gazprom diverted production to Russian domestic storage and that exports in October fell to the lowest level since 2014. When pressed, Moscow explains shortages saying that it must fill its winter supply stocks and expects to send Europe additional gas this week. 

But if the current energy dynamic seems to be in Russia’s interest, Moscow’s long-term prospects are dim. A global shift to renewable energy sources forces Moscow to reckon with the prospect of holding a massive oil infrastructure of little commercial value. If so, future historians may look at the recent Glasgow climate summit as a significant step in accelerating Russia’s decline, possibly a new era of aggression as it seeks to accumulate power ahead of this decline or a more competitive race for market share against OPEC members.

The Cipher Brief: What about China?

Roule: No major country has endured such energy problems in recent months as China. After weeks of rolling blackouts, China looks well on its way to solving its coal problems that partially contributed to this situation. That won’t delight environmentalists, but it should ease China’s electricity problems and ensure its citizens stay warm this winter. Winter arrived early, and Beijing is about to see its first snow of the season. China’s efforts will be put to the test in a winter that many expect to be colder than 2020.

Longer-term, China still must work through the causes of this crisis. If the global economy continues to surge demand for Chinese products, its energy requirements will grow. Weather problems cut wind production; floods shut mines. We shouldn’t be surprised if such problems continue. Inevitably, China can only meet its climate goals by shifting from coal to natural gas, raising prices for other consumers.

The Cipher Brief: Let’s shift to North Africa.  Algeria recently closed a long-established pipeline that transited Morocco to deliver gas to Spain.  Will this impact Europe’s already tight gas situation? What’s the story here? 

Roule: Over the past year, Algerian relations with Morocco have steadily deteriorated.  In addition to their traditional disagreement over the status of Western Sahara and the Polisario, Algiers criticized Morocco’s renewed ties with Israel and accused Rabat of supporting an opposition group that Algeria claims ignited forest fires. Algiers closed its airspace to Moroccan flights and accused Morocco of killing several Algerian citizens in the Sahara region.

Here’s how it touches the energy picture. On 31 October, Algiers closed an 800-mile pipeline that carried Algerian gas to Spain via Morocco and the Strait of Gibraltar.  The closure cost Morocco a portion of the gas it used from the pipeline. Morocco used this gas to produce about a tenth of its electricity. Rabat claims it can use other energy sources for this purpose. However, Spain has little gas and derives a significant portion of its electricity from that which it must import. Algiers claims it will make up the loss through a secondary pipeline, but the loss of gas will compound the energy problems of Spain and Europe in general.

The Cipher Brief: Any other issues on the horizon we should consider?

Roule: A growing number of aging refineries in the West will be closed in the coming years.  However, Asia is the new center for refinery construction. This expansion will draw even more crude to the region for processing with the inherent impact on local economies and global consumers.

The Cipher Brief: Last, let’s touch on wild cards. What are the grey swans that might impact markets in 2022?

Roule: With low stockpiles and supplies, the energy topography is ill-prepared to sudden shocks to its production or distribution architecture. Yet, it faces three threats that have grown in the last decade.

First, we have climate change issues.  Increasingly harsh weather events have shut down large portions of the production and refinery sectors in the United States and Mexico, sometimes taking weeks to restore normal production. Second, we have the universe of cyber threats.  State and non-state cyber actors routinely probe or attack every aspect of the energy industry. Last, we have new geopolitical pressures.  Tensions are rising with China as well as Iran and its proxies. Three of the world’s six most significant shipping channels are in the Middle East and a fourth in Asia.

Join us for a Members Only Brief with Norm Roule on Thursday, November 18 at 1:30p.  Cipher Brief Members receive invitations via email.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The post Winter is Coming: Global Energy Markets and the Impact on National Security appeared first on The Cipher Brief.

find more fun & mates at SoShow now !