Herbert Lin is the Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution.

In this Q&A, Lin discusses his recently released book Cyber Threats and Nuclear Weapons. He explains that until this publication, the literature about cyber technology’s impact on the nuclear enterprise has been relatively sparse.

Lin asserts that although policy makers have made incredible achievements in the reduction of nuclear weapons around the world, these inventions nevertheless still represent an existential threat to humanity today. This threat is further compounded by the reality that computers are intimately involved in every step of the operation of weapons systems. As computing technology has advanced, nuclear weapons systems have become more complex and thus more vulnerable to cyberattacks from America’s adversaries, who can disrupt the decision-making process on the use of nuclear weapons. Ultimately, Lin ponders how to best manage the trade-off between technologically advanced systems with numerous capabilities and simplified systems that can provide a higher level of security in the nuclear enterprise.

Read the rest at The Hoover Institution 

On Dec. 2, Twitter announced the removal of two Chinese state-linked influence operations: 2,048 accounts that boosted Chinese Communist Party (CCP) narratives about the Xinjiang region and Uyghur population there, and 112 accounts attributed to Changyu Culture, a private company acting on behalf of the Xinjiang regional government.

Our team at the Stanford Internet Observatory analyzed these two networks. We found that both networks amplified pro-CCP narratives about the treatment of Uyghurs in Xinjiang, often posting content from Chinese state media or sharing first-person Uyghur testimonial videos about how great their life is in the province.

Read the rest at Foreign Policy

As the United States modernizes its nuclear forces in coming decades, it will upgrade the computer and communications technology associated with them. Much of such technology now controlling US nuclear weapons was produced before the rise of the Internet. Newer technology will improve aspects of command, control, and communications related to the US nuclear arsenal. But if not carefully planned, the updating of nuclear technology could also increase risk in distinct ways that cyber policy expert and Bulletin Science and Security board member Herbert Lin explains in the following interview.

Read the rest at the Bulletin of the Atomic Scientists

I have struggled to find something with which I disagree in Michael Fischerkeller’s response to my thought experiment adopting the 2018 U.S. Cyber Command (USCC) Command Vision. A couple of such points are addressed below, but for the most part I agree with him. He does make one claim that I find surprising. He writes: 

Read the rest at Lawfare Blog

ON 8 NOVEMBER 2021, the US Justice Department announced the arrest of several members of the Russian-speaking REvil ransomware group, in a large-scale operation involving US allies in Europe and around the globe. The REvil group, who have since been charged, have been deploying ransomware attacks against American targets including the software provider Kaseya in July 2021. Furthermore, the State Department added REvil to a bounty programme that offers up to US$10 million for information on the REvil leaders.

These efforts followed the two-day virtual international summit on ransomware hosted by the Biden administration on 13-14 October. This summit included 30 countries and was a decisive step towards building a coalition against ransomware attacks. It was acknowledged by all countries that ransomware posed a global and national security threat. Russia ─ as well as China, Iran, and North Korea ─ was not invited.

Read the rest at RSIS

The nation spends billions of dollars on cybersecurity measures, and yet we seem unable to get ahead of this problem. Why are our computers so hard to protect? An experience with a house cat provided insights. I am allergic to cats. My daughter came home, cat in hand, and I had to find a way of confining Pounce to a limited area. Everything I tried to confine Pounce worked for a little while but eventually failed as he found a way past my newest security barrier — just as hackers eventually find their way through the cybersecurity barriers erected to stop them.

Read the rest at Los Angeles Times

Herbert Lin, a senior research scholar for cyber policy and security at Stanford University, told RFE/RL that conference participants need to focus on how to interfere with cryptocurrency payments.

Ransomware will become less attractive if cybercriminals can't turn the cryptocurrency payments into cash, he said.

Read the rest at RadioFreeEurope