Cyber ​​Week Recap: September 16, 2022

Gavin Newsom signs social media transparency bill

California Gov. Gavin Newsom signed a Social Media Transparency Act, AB 587, earlier this week. The bill requires companies to submit semi-annual reports that publicly disclose their policies on moderation of content promoting extremism, hate speech and discrimination on their platforms disclose. Some social media companies have already begun producing reports on their content moderation policies, although critics have noted that these reports are often confusing and contradictory, making long-term analysis or comparisons between companies difficult. Social media companies and other analysts said the bill violates the first amendment, while other officials raised concerns the bill could make it easier to circumvent content moderation policies.

US sanctions Iranian officials over Albanian cyberattacks

The US Treasury announced new sanctions against the Iranian Ministry of Intelligence (MOIS) and Esmail Khatib, the head of that department, over a series of cyberattacks that struck Albania in July 2022. The attacks took place ahead of a conference organized in Albania by an anti-Iranian regime group, affecting several government websites and services. The attack, along with other considerations, led Albanian officials to sever diplomatic ties with Iran. That move doesn’t appear to have deterred Iran, however, as Albanian officials said two days after the severing ties that they were hit by another major Iranian cyberattack.

CISA establishes Joint Ransomware Task Force

The US Cybersecurity and Infrastructure Security Agency (CISA) called the first meeting of its new Joint Ransomware Task Force earlier this week. First announced in May 2022, the task force aims to increase collaboration between multiple government agencies. Co-chaired by the FBI and CISA, the task force will perform a number of important responsibilities, including prioritizing operations to disrupt specific ransomware actors and promoting coordination between federal agencies and private companies and identifying the ransomware groups with the highest threat. The US government has begun taking more visible action against ransomware groups over the past two years, including charging ten Iranian and two organizations for their role in ransomware attacks on the United States.

The NSA publishes new requirements for quantum computing-resistant algorithms

The US National Security Agency published its new requirements for quantum computing-resistant algorithms this week. The new requirements provide federal agencies and contractors with a path to transition to the new algorithms, which can be cracked by both classical and quantum computers. The NSA expects agencies and contractors to have fully switched to the algorithms by 2035. The National Institute of Standards and Technology (NIST) recently unveiled four of its quantum-safe algorithms in July this year and is expected to unveil more in the coming months. Quantum computing has long been heralded as a new age of cryptography, largely because of quantum computers’ ability to break traditional algorithms much faster than classical computers, and there is growing competition with China for quantum information science.

Whistleblower tells Congress that Twitter has employed Chinese and Indian intelligence agents

On Tuesday, former Twitter security chief Peiter Zatko testified before the Senate Judiciary Committee on security vulnerabilities at the social media company. Zatko said that Twitter “misled the public, legislators, regulators and even its own board of directors” by failing to protect the platform from cyberattacks and exploitation. Zatko suggested the company was vulnerable to foreign surveillance and told Congress he heard the company employed “at least one”. [Chinese intelligence] Agent” and knowingly hired Indian intelligence agents. Twitter dismissed Zatko’s claims as “riddled with inconsistencies and inaccuracies,” claiming that its hiring process is “free from any outside influence” and that user data is kept secure through a number of internal mechanisms.