The United States, Britain and 16 other countries have signed a 20-page agreement on working together to keep artificial intelligence safe from bad actors, mandating collaborative efforts for creating AI systems that are “secure by design.” The 18 countries said they will aim to ensure companies that design and utilize AI develop and deploy it in a way that protects their customers and the public from abuse. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) jointly released the Guidelines for Secure AI System Development. Continue reading U.S., Britain and 16 Nations Aim to Make AI Secure by Design

The U.S. and a coalition of international government agencies have issued joint guidance that aims to get software companies to heighten security for their products. “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” takes the position that today’s software is insecure by default and it is the customer’s burden to take steps to make it safe. Manufacturers should make their products safe before they ship by taking steps including deprecating the “default password,” writing their programs using only secure coding languages, providing free patches and setting up vulnerability reporting programs. Continue reading U.S. Agencies Join Global Coalition in Secure Software Push

At a CES panel, CISA director Jen Easterly sounded the alarm on the current state of cybersecurity in the U.S. “We cannot accept that ten years from now it will be the same or worse than it is now,” she said. “All the critical infrastructure we rely on is underpinned by a technology base that was created in an insecure way.” As head of the Cybersecurity and Infrastructure Security Agency, Easterly is in a position to assess the coming damage, projected to be $8 trillion this year. Moderator Rajeev Chand, Wing Venture Capital partner led Easterly and CrowdStrike chief executive George Kurtz in a discussion on how to halt the increase of cyber-insecurity. Continue reading CES: As Risks Rise, Experts Reimagine Path to Cyber Safety

Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft