U.S., Britain and 16 Nations Aim to Make AI Secure by Design

The United States, Britain and 16 other countries have signed a 20-page agreement on working together to keep artificial intelligence safe from bad actors, mandating collaborative efforts for creating AI systems that are “secure by design.” The 18 countries said they will aim to ensure companies that design and utilize AI develop and deploy it in a way that protects their customers and the public from abuse. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) jointly released the Guidelines for Secure AI System Development. Continue reading U.S., Britain and 16 Nations Aim to Make AI Secure by Design

White House Launches $20 Million AI Cybersecurity Challenge

The White House has unveiled plans for a two-year competition with $18.5 million in prizes for artificial intelligence coders who can come up with ways to identify and fix software vulnerabilities in critical infrastructure code, such as that which runs the Internet. Styled AIxCC, the AI Cyber Challenge is being led by the Defense Advanced Research Projects Agency (DARPA) with support from companies including Anthropic, Google, Microsoft and OpenAI, who have committed to lending expertise and technology. Up to seven small businesses will potentially receive $1 million each to participate. Continue reading White House Launches $20 Million AI Cybersecurity Challenge

U.S. Impacted by Significant Increase in Ransomware Attacks

Ransomware attacks have surged in the 12 months ending in June 2023, with the United States accounting for 43 percent of the 1,900 attacks reported — 7x greater than that of the second most popular target, the United Kingdom, at 196. The period marked a 75 percent increase in U.S. ransomware attacks, which were perpetrated by 48 different groups including CL0P, a gang believed to have ties to Russia. U.S. companies, governmental organizations and individual consumers were targeted during the period, with healthcare and educational institutions disproportionately impacted, according to a study by cybersecurity firm Malwarebytes. Continue reading U.S. Impacted by Significant Increase in Ransomware Attacks

U.S. Senate Aims to Add Cyber Amendments to Defense Bill

Hundreds of amendments are queued up for possible addition to the vast annual defense policy bill. Among those that senators are considering include regulations that address artificial intelligence, cybersecurity and proposals to test election systems for vulnerabilities. Adding cyber measures to the National Defense Authorization Act (NDAA) has become a tradition in recent years because it is “must-pass” legislation and renewed annually. Senate Majority Leader Chuck Schumer (D-New York) hopes to have the Senate’s version of the bill prior to the August recess that commences at the end of this week. Continue reading U.S. Senate Aims to Add Cyber Amendments to Defense Bill

White House Announces Smart Device Cybersecurity Labeling

The Biden administration has unveiled a new labeling system for smart devices. The U.S. Cyber Trust Mark identifies consumer electronics and appliances that meet security standards and are less vulnerable to cyberattacks. Companies including Amazon, Google, LG, Qualcomm, Samsung and retailer Best Buy participated in announcing the voluntary program. The Connectivity Standards Alliance (CSA), purveyor of the Matter smart home standard, has also pledged support. The program is scheduled to roll out in 2024. Devices bearing the U.S. Cyber Trust Mark will have met security standards established by the National Institute of Standards and Technology (NIST). Continue reading White House Announces Smart Device Cybersecurity Labeling

White House Releases Plan for Cybersecurity Implementation

The Biden administration has issued an implementation framework for its National Cybersecurity Strategy, detailing how the federal government plans to regulate digital security issues. The highly anticipated document lists more than 65 initiatives for executing the “five pillars” of the March 2023 U.S. National Cybersecurity Strategy, described as a “bold, affirmative vision for cyberspace.” The implementation takes a two-pronged approach: empowering capable actors who can bear more of the security responsibility, and the need for incentives that facilitate investment in long-term resilience. Continue reading White House Releases Plan for Cybersecurity Implementation

U.S. Agencies Join Global Coalition in Secure Software Push

The U.S. and a coalition of international government agencies have issued joint guidance that aims to get software companies to heighten security for their products. “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” takes the position that today’s software is insecure by default and it is the customer’s burden to take steps to make it safe. Manufacturers should make their products safe before they ship by taking steps including deprecating the “default password,” writing their programs using only secure coding languages, providing free patches and setting up vulnerability reporting programs. Continue reading U.S. Agencies Join Global Coalition in Secure Software Push

CES: As Risks Rise, Experts Reimagine Path to Cyber Safety

At a CES panel, CISA director Jen Easterly sounded the alarm on the current state of cybersecurity in the U.S. “We cannot accept that ten years from now it will be the same or worse than it is now,” she said. “All the critical infrastructure we rely on is underpinned by a technology base that was created in an insecure way.” As head of the Cybersecurity and Infrastructure Security Agency, Easterly is in a position to assess the coming damage, projected to be $8 trillion this year. Moderator Rajeev Chand, Wing Venture Capital partner led Easterly and CrowdStrike chief executive George Kurtz in a discussion on how to halt the increase of cyber-insecurity. Continue reading CES: As Risks Rise, Experts Reimagine Path to Cyber Safety

Senate Group Wants CISA to Protect Open-Source Software

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

Password Era Coming to End as Providers Support Passkeys

Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys

Agencies Warn That Hackers Are Targeting Control Systems

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

CISA and FBI Warn of Possible Attacks on Satellite Networks

The U.S. government has issued a cybersecurity alert warning of “possible threats” to satellite communication networks and the country’s critical infrastructure. Concerned that recent attacks on European satellite networks could spread to the United States, a joint advisory published last week by the FBI and the Cybersecurity and Infrastructure Security Agency cited CISA’s “Shield’s Up” initiative, which warns that Russia’s invasion of Ukraine could trigger homeland attacks. The alert requests “all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity.” Continue reading CISA and FBI Warn of Possible Attacks on Satellite Networks

CES: Members of Congress Discuss Cybersecurity Concerns

Congresswoman Nanette Diaz Barragán (D-California), who serves on the House Committee on Homeland Security and the House Committee on Energy and Commerce, is concerned about the potential harm of cyberattacks in her 44th district, which includes of the Port of Los Angeles. Congressman Jay Obernolte (R-California), among his other assignments, is a member of the Committee of Science, Space and Technology and two caucuses, one on 5G and another on AI.  What they both have in common are concerns about cybersecurity, topics that were addressed during a panel at CES 2022. Continue reading CES: Members of Congress Discuss Cybersecurity Concerns

Major Security Vulnerability Triggers Worldwide Internet Crisis

The Log4j code vulnerability has the media declaring the Internet in a state of crisis. Log4j is a Java-based logging framework developers use to track user activity within applications on the popular Apache web server. Security experts are rushing to patch the bug, which is being exploited to remotely assume control of vulnerable systems, stealing credentials, installing malware and launching other attacks that permeate consumer devices. Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued a Log4j alert, as did Australia’s CERT emergency response team. Continue reading Major Security Vulnerability Triggers Worldwide Internet Crisis

Biden Administration Orders Agencies to Repair Cyber Flaws

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws