 When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company. Despite the angst among policymakers, security experts, and competitors, Microsoft faced no consequences for its latest embarrassing failure. The United States government kept buying and using Microsoft products, and senior officials refused to publicly rebuke the tech giant. It was another reminder of how insulated Microsoft has become from virtually any government accountability, even as the Biden administration vows to make powerful tech firms take more responsibility for America’s cyber defense. That state of affairs is unlikely to change even in the wake of a new report by the Cyber Safety Review Board (CSRB), a group of government and industry experts, which lambasts Microsoft for failing to prevent one of the worst hacking incidents in the company’s recent history. The report says Microsoft’s “security culture was inadequate and requires an overhaul.” Microsoft’s almost untouchable position is the result of several intermingling factors. It is by far the US government’s most important technology supplier, powering computers, document drafting, and email conversations everywhere from the Pentagon to the State Department to the FBI. It is a critical partner in the government’s cyber defense initiatives, with almost unparalleled insights about hackers’ activities and sweeping capabilities to disrupt their operations. And its executives and lobbyists have relentlessly marketed the company as a leading force for a digitally safer world. These enviable advantages help explain why senior government officials have refused to criticize Microsoft even as Russian and Chinese government-linked hackers have repeatedly breached the company’s computer systems, according to cybersecurity experts, lawmakers, former government officials, and employees of Microsoft’s competitors. These people—some of whom requested anonymity to candidly discuss the US government and their industry’s undisputed behemoth—argue that the government’s relationship with Microsoft is crippling Washington’s ability to fend off major cyberattacks that jeopardize sensitive data and threaten vital services. To hear them tell it, Microsoft is overdue for oversight. Microsoft has a long track record of security breaches, but the past few years have been particularly bad for the company. In 2021, Chinese government hackers discovered and used flaws in Microsoft’s email servers to hack the company’s customers, later releasing the flaws publicly to spark a feeding frenzy of attacks. In 2023, China broke into the email accounts of 22 federal agencies, spying on senior State Department officials and Commerce Secretary Gina Raimondo ahead of multiple US delegation trips to Beijing. Three months ago, Microsoft revealed that Russian government hackers had used a simple trick to access the emails of some Microsoft senior executives, cyber experts, and lawyers. Last month, the company said the attack also compromised some of its source code and “secrets” shared between employees and customers. On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that those customers included federal agencies, and issued an emergency directive warning agencies whose emails were exposed to look for signs that the Russian hackers were attempting to use login credentials contained in those emails. These incidents occurred as security experts were increasingly criticizing Microsoft for failing to promptly and adequately fix flaws in its products. As by far the biggest technology provider for the US government, Microsoft vulnerabilities account for the lion’s share of both newly discovered and most widely used software flaws. Many experts say Microsoft is refusing to make the necessary cybersecurity improvements to keep up with evolving challenges. Microsoft hasn’t “adapted their level of security investment and their mindset to fit the threat,” says one prominent cyber policy expert. “It’s a huge fuckup by somebody that has the resources and the internal engineering capacity that Microsoft does.” The Department of Homeland Security’s CSRB endorsed this view in its new report on the 2023 Chinese intrusion, saying Microsoft exhibited “a corporate culture that deprioritized both enterprise security investments and rigorous risk management.” The report also criticized Microsoft for publishing inaccurate information about the possible causes of the latest Chinese intrusion. The recent breaches reveal Microsoft’s failure to implement basic security defenses, according to multiple experts. Adam Meyers, senior vice president of intelligence at the security firm CrowdStrike, points to the Russians’ ability to jump from a testing environment to a production environment. “That should never happen,” he says. Another cyber expert who works at a Microsoft competitor highlighted China’s ability to snoop on multiple agencies’ communications through one intrusion, echoing the CSRB report, which criticized Microsoft’s authentication system for allowing broad access with a single sign-in key. Complete details are posted on OUR FORUM.  Huawei's default settings look like melodrama for the bad times and humility for the good. When first struck by US sanctions, the Chinese equipment maker compared itself to a fighter plane hit by flak whose sole mission was to remain airborne. After gaining significant altitude last year for the first time since 2019, it showed restraint rather than jubilation. "We've been through a lot over the past few years. But through one challenge after another, we've managed to grow," said Hu Houkun, the rotating chairman currently sitting in the pilot's seat, in its latest annual report. If US sanctions were intended to put Huawei in a fatal tailspin, they have missed their target. Yes, the company's sales last year were 21% down on the high point of 2020. But that is due entirely to a collapse in Huawei's smartphone business and not to any engine problems in networks, the unit that supposedly had US authorities in such a panic. Their justification for cutting Huawei off from vital US technologies (not, seemingly, as vital as everyone thought) was that dastardly Chinese forces might slip something nasty into Huawei's network products, then popular among US allies. Strikingly, this networks unit – today called the "ICT infrastructure" business – last year outperformed both Ericsson and Nokia, Nordic rivals allowed to cruise freely through the airspace in Europe and other countries that Huawei had previously occupied. Its headline revenues were up 2.3%, to about 362 billion Chinese yuan (US$50 billion). On a constant-currency basis, Nokia's (generated almost entirely from network sales) fell 8% while revenues at Ericson's mobile networks unit dropped 15%. Both European companies were badly hurt by spending cuts in the US, from which Huawei has been largely excluded for years. And while Huawei has lost a few deals in Europe and other pro-US countries, American lawmakers can do little about its position in China, home to about 1.4 billion people and gazillions of mobile sites. Indeed, that position looks even stronger. An unwelcome consequence of the European backlash against Chinese vendors seemed to be the loss by Ericsson and Nokia of market share in a retaliatory China. At Ericsson, which breaks out the figure, China sales dropped from 15.9 billion Swedish kronor ($1.5 billion) in 2019 to SEK10.7 billion ($1 billion) last year. Operators still buying network products from Huawei do not appear to have seen the drop-off in performance that someone buying a Huawei smartphone amid sanctions would have experienced. This is partly because Huawei has always designed its network software, while its smartphones previously used the Android operating system that originated with Google. On the network side, it also looks more self-sufficient in hardware. What it currently lacks is access to Samsung and TSMC, the world's most advanced chip foundries, both furnished with US tools. Networks, however, are typically a couple of generations behind smartphones on the size of transistors. Forthcoming iPhones will reportedly feature chips based on the 2-nanometer (billionths of a meter) process. The Nokia base stations that include 5-nanometer chips are considered cutting-edge. However its products measure up against those of Ericsson and Nokia, Chinese operators source a bigger share of their equipment from Huawei and local rival ZTE than they ever have. As 5G matures, and questions surround the telco investment case for a future splurge on even more advanced equipment, Huawei faces many of the same business-model challenges as its Western rivals. But unlike those companies, it has several growth stories to tell. These include a consumer unit in apparent recovery. Huawei seems to have obtained 7-nanometer chips from SMIC, a Chinese foundry and used these along with in-house 5G designs and operating-system software to produce a smartphone branded the Mate 60 Pro, confounding critics who assumed US sanctions had put such technologies beyond reach. Demand for that gadget helped to boost consumer revenues by 17%, to about RMB251 billion ($34.7 billion). Interested, Want More, please visit OUR FOURM.  If the World Economic Forum in Davos was any indication, AI safety and security will be this year’s top priority for AI developers and enterprises alike. But first, we must overcome hype-driven distractions that siphon attention, research, and investment away from today’s most pressing AI challenges. In Davos, leaders from across the technology industry gathered, previewing innovations, and prophesying what’s to come. The excitement was impossible to ignore, and whether it is deserved or not, the annual meeting has built a reputation for exacerbating technology hype cycles and serving as an echo chamber for technology optimists. But from my perspective, there was a lot more to it. Amidst all the Davos buzz, many conversations took on the challenge of assessing critical AI challenges across development and security, and outlining a path forward. Sam Altman and Satya Nadella took on the real and present threats of LLM-generated misinformation and deep fakes -- both serious threats as nearly half of the world’s population braces for an election this year. I paneled a session alongside Yann Lecun, Max Tegmark, and Seraphina Goldfarb-Tarrant, where we discussed the need to overcome durable adoption challenges like cost and accessibility, the path to artificial general intelligence (AGI), and how we understand the utility and security of today’s AI systems. With talk of AGI and AI-powered economies continuing beyond Davos, it’s easy to lose sight of the challenges looming ahead. But to bring these long-promised AI systems and their impact to life, we first must solve the challenges of the Large Language Models (LLMs) of today and the autonomous AI systems of tomorrow. LLMs have drastically changed the makeup of enterprise technology across industries. There is no shortage of excitement. However, some have begun to feel disillusioned, questioning what AI prospects are real and which are merely hype. After all, the benefits of LLMs are matched equally by new and familiar safety and security challenges. The threat of bias and toxicity come to mind. Misinformation and security breaches threaten to disrupt elections and compromise privacy. Deep fakes are set to run rampant this year, claiming victims like Taylor Swift and President Biden with explicit content and impersonations. This is just the tip of a very large iceberg that’s yet to surface. As we forge ahead towards AGI, more challenges will be uncovered. And the solutions to today’s challenges will undoubtedly translate to future AI systems. Solutions to combat LLM-generated misinformation today might become the underpinnings of the controls used on AGI systems. Preventative measures to thwart prompt injection and data poisoning will extend far beyond LLMs, too. Putting off the questions and challenges of today ignores the reality that these AI systems are the foundations of future intelligence AI and AGI systems. Between now and an AGI future, a lot of development remains. In the quest for greater AI-driven productivity, humans remain the limiting factor. That will change in the next evolution of AI. Today’s human-to-AI systems will be phased out in favor of AI-to-AI systems as LLMs are refined and become more capable and accurate. Human-in-the-loop approaches will be replaced by light human supervision that merely ensures AI agents are operating as expected. The Internet of Agents (IoA), an interconnected system of intelligent agents with specific assignments, is the natural next step for AI. Imagine a scenario where an AI agent can detect a bug within an enterprise application’s code, assign a patch to a coding agent powered by an LLM, and push it live through an agent tasked with managing enterprise production environments. This could take several minutes. Whereas human intervention could stretch that timeline to hours or even days. Whether we like it or not, the “invisible hand” of the market will push this vision forward. As trust in AI systems builds, enterprise executives and development teams will cede control over these systems in the name of efficiency, productivity, and profitability. More in-depth details are posted on OUR FORUM. |
Latest Articles
|