AJ Grotto

What are South Korea's AI ambitions? | The Capital Cable #107 🔵 @VictorDCha 🟢 @GrottoAndrew 🔴 @Gregory_C_Allen 🟡 @mwlippert Watch here: youtube.com/watch?v=7RRQjH…

@VivekGRamaswamy This lock-in dynamic is bad for cybersecurity too: lawfaremedia.org/article/what-m…

The federal government is the world’s largest IT customer, spending ~$2TN since 1994. In theory, this *should* give us great buying power to negotiate good deals for taxpayers, but of course that’s not what happens: in 2021, the US Department of Agriculture agreed to pay $170 million for one enterprise software, instead of $58 million for a competing one, due to perceived switching costs. In other cases, vendors have required agencies to repurchase licenses in order to migrate to the cloud. If the federal government were serious about reducing costs, it would procure government-wide licenses, just like many state governments do, which would save $750mm+ per year (likely much more). The to-do list for @DOGE continues to grow.

@Microsoft @satyanadella According to @CISAgov, @Microsoft was responsible for 35 known exploited vulnerabilities in the year since announcing SFI, compared to 29 the year prior. Worse, not better... cisa.gov/known-exploite…

@Microsoft promised to tie executive pay to cybersecurity performance. Months later @satyanadella’s salary is up 63%, Brad Smith’s 29%, while exploited vulns are already higher now than in 2023, a year after launching its “Secure Future Initiative.” bloomberg.com/news/articles/…

@BradSmi testified that @MSFT would “treat security as the most important attribute of product quality.” Yet its security business - which involves upselling security features to customers - surpasses $20 billion annually. What will become of this revenue cash cow?

Bill Gates in 2002: when @MSFT “face[s] a choice between adding features and resolving security issues, we need to choose security.” @BradSmi at @HomelandGOP just made the same pledge in 2024. Why should we believe this time will be different?

@BradSmi’s written testimony talks about “empowering and rewarding every employee to find security issues, report them, help fix them, and encourage broader learning from the process and the results.” So…this wasn’t happening before? @Microsoft

Had the privilege yesterday of moderating a book talk @StanfordLibs with @pahlkadot. Loved this line from her: "Requirements accumulate because laws and policies accumulate." Check out her spicy @washingtonpost oped: washingtonpost.com/opinions/2023/…

Lots to like in Charlie Ball's memo microsoft.com/en-us/security… about security by default, but if you're still upselling security, by definition, security is not the default.

@CyberStatecraft @FSIStanford @BlackHatEvents @WestPoint_USMA @HQAirUniversity Go Stanford CSG!!!

We have a winner! Congratulations to the Cyber Super Girls of @FSIStanford! CSG won the passes to @BlackHatEvents, with the Golden Mules of @WestPoint_USMA and KCCO of @HQAirUniversity taking 2nd and 3rd. We'll see you all again for Geneva on April 13!

Our founding director Ralf started his Global Digital Governance fellowship @Stanford! He plans to use Stanford’s #academic knowledge & networks to expand #smartcity research and Centre’s activities 🗺️ 📝 more about his #research topic 👉🏼 bit.ly/3ls5abD

NEW: "Keep the champagne corked," argues @ChorzempaMartin @PIIE in our ongoing Forum on China's tech rectification. One official's remark that work was "basically complete" actually means increased supervision has become the norm. digichina.stanford.edu/work/is-chinas… More to come...

The Cyberspace Administration of China today published a draft decision to amend the Cybersecurity Law five years after it took effect in 2017. We are working on a simple comparison now. cac.gov.cn/2022-09/14/c_1…

@CSISKoreaChair @StanfordCyber @CSIS @mwlippert @VictorDCha @SueMiTerry Interested in learning more about how the Silicon Allies (US; ROK; Japan; Taiwan; EU) can work together on semiconductor resilience? Recent report from @ChaeriPark2 and me: fsi-live.s3.us-west-1.amazonaws.com/s3fs-public/si… Key takeaway: focus on building trust.

Join us now with @StanfordCyber @GrottoAndrew to talk about the geopolitics of economic security and tech cooperation between the U.S. and Korea, along with our @CSIS #CapitalCable crew of @mwlippert, @VictorDCha & @SueMiTerry 📺live now: csis.org/events/capital…

@VictorDCha @CSISKoreaChair @mwlippert I almost complained about the hour (630am Pacific) till I realized it’d just cue a concerto of violins from @VictorDCha and @SueMiTerry (joining from Seoul) :-) :-) :-)

Great @CSISKoreaChair episode on supply chain security and “silicon allies” with @GrottoAndrew @mwlippert #newfrontiers even if it was 3am HDT!

@CSISKoreaChair @StanfordCyber @mwlippert @VictorDCha @SueMiTerry @CSIS Mark, Sue, and Victor, enjoyed our convo! Thanks for having me.

In case you just missed our tour de force episode with @StanfordCyber @GrottoAndrew, @mwlippert, @VictorDCha & @SueMiTerry on all things economic security & tech cooperation related in the US-ROK alliance, rewatch the @CSIS #CapitalCable below ⬇️ youtube.com/watch?v=nCRNdU…

The Cloudcast - CyberSecurity, Economics and Policy in 2022 bit.ly/cloudcast-eps6… Andy Grotto (@grottoandrew, Researcher @StanfordCyber) & Steve Weber (Prof. Cal Berkeley I-School) talk about the big picture intersection of Cybersecurity, Global Economy and Government policy.

Now out, from @ChaeriPark2 and me: "The Silicon Allies: Achieving Allied Resiliency Against Threats to the Semiconductor Supply Chain." We lay out a vision and strategy for how the U.S., Korea, Japan, Taiwan and Europe can work together. fsi-live.s3.us-west-1.amazonaws.com/s3fs-public/si…

🚨Just released: HAI policy white paper outlining a roadmap for a multilateral AI research institute (MAIRI) bringing international stakeholders together to promote AI R&D collaboration, multidisciplinary AI research, and democracy-affirming AI with human-centric norms & values.

Join us tomorrow at noon, as @GrottoAndrew moderates a discussion on recent developments in cybersecurity law, including pragmatic advice on compliance and litigation strategy & big picture insights on the direction of U.S. cybersecurity policy. Register: stanford.io/3NS0zce