Quick Hits for Nov. 14

*** The House Armed Services Committee has named tech executives to lead the National Security Commission on Artificial Intelligence. HASC Chairman Mac Thornberry (R-Texas) and Ranking Member Adam Smith (D-Wash.) appointed former Google and Alphabet chairman Eric Schmidt and Microsoft Research Labs Director Eric Horvitz as commissioners.

The AI commission was authorized by the 2019 defense spending bill to evaluate the usefulness of AI and related technologies in national security efforts, potential future applications, global use trends, data standards, ethical questions, and workplace and education incentives. 

The new commission is the latest Defense Department investment into artificial intelligence. DOD also stood up JAIC, its Joint AI Center, earlier this year under CIO Dana Deasy to evaluate AI standards, tools and processes. 

*** The IBM Center for The Business of Government and the Partnership for Public Service, meanwhile, are exploring AI's implications for government operations more broadly. GCN has details on a recent roundtable discussion the groups convened on that topic.

*** The contract that provides credit monitoring and identity theft coverage for victims of the Office of Personnel Management hack is set to expire in December, and the National Treasury Employees Union wants to ensure OPM has a plan to extend coverage. 

In a letter to OPM acting Director Margaret Weichert, NTEU President Tony Reardon requested information about the future of the contract, currently held by ID Experts. OPM is required by law to provide coverage to the millions of individuals affected by the breach through fiscal year 2026. 

The letter follows an OPM inspector general audit that found continued information security weaknesses — a finding in effect since 2007. 

NTEU is also currently pursuing a renewed lawsuit against OPM over the 2015 hack.

*** Despite “deteriorating rules of engagement between state actors” and widespread uncertainty about the normative rules that govern offensive cyber operations, a new FireEye report argues an arms race among competing nations is all but inevitable at this point. 

“There are people that claim nations should not do this, but in the halls of most governments around the world, officials are likely thinking their nation needs to consider offensive operations or they will be at a disadvantage,” wrote CEO Kevin Mandia. 

Even as the U.S. and other leading countries seek to shape and promote international agreements around behavior in cyberspace, the report notes that “no norm has yet found significant, explicit agreement among states” apart from a general desire to limit intellectual property theft. Instead, FireEye believes such norms have a better chance of being adopted through the private sector, such as the Cybersecurity Tech Accord. 

The report also notes that attempts to compromise commercial and government networks through supply chain attacks are expected to continue to rise in 2019. While the firm says it has tracked just five confirmed cases of supply chain compromises in 2018, that is “a huge increase” over what has been observed in prior years. In particular, small to mid-size suppliers that subcontract with larger are more attractive to target than larger companies that operate with more resources and higher scrutiny. 

“The ‘smalls’ are the softer targets, and they comprise the supply chains for the larger organizations,” Mandia wrote.