IT pros are grappling with the ways ChatGPT can be worked into the enterprise stack. The generative artificial intelligence from OpenAI has demonstrated the ability to compile reports, craft marketing pitches and write software code, which makes it seem convenient for business use. Yet concerns remain, including potential security risks and sometimes erratic or inappropriate data feedback. In the past week, one third-party tester had ChatGPT pledge love for its interlocutor, while another received a detailed lecture on why cow eggs are bigger than chicken eggs. Continue reading Business World Asks if Generative AI is Ready for Enterprise

Quantum computing promises future benefits, but also poses present-day cybersecurity risks that the federal government is urging commercial businesses to prepare for now. In fact, a law passed in December, the Quantum Computing Cybersecurity Preparedness Act, requires federal agencies to develop security plans addressing the vulnerability posed by the so-called “Y2Q” moment. Quantum computers are so quick and efficient as to be able to crack virtually any encryption. Although quantum computing is still in the development stage, the machines are expected to reach practical operability by 2030. Continue reading Feds Say Time to Prep for Y2Q Quantum Computer Hacking

Senator Jacky Rosen (D-Nevada), a former computer programmer, brought Senator Mark Warner (D-Virginia) and Ben Ray Luján (D-New Mexico) to the CES stage to talk about their top technology interests in the new year. All of them serve on committees with core interests in the future of technology. In addition to serving on six committees, Rosen is on the subcommittee on cybersecurity; Warner is chair of the Senate Select Committee on Intelligence among other committee assignments; and Luján is a member of the Committee on Commerce, Science and Transportation among others. Continue reading CES: Federal Tech and Innovation Priorities for the New Year

Cybersecurity was a major topic at CES 2023, and one panel described strategies around one of the important and often ignored components: people. Moderated by Strategic Cyber Ventures chief executive Hank Thomas, panelists examined people’s personal relationship with cybersecurity, how they fall victim to cybercrime and how they could be incentivized to take more responsibility for their online activities. Terranet Ventures executive in residence Carole House, who was recently director of cybersecurity at the National Security Council in The White House, said that seeing individuals badly impacted “elevates cybercrime as a national imperative.” Continue reading CES: Focus on People Component for Strong Cyber Strategy

At a CES panel, CISA director Jen Easterly sounded the alarm on the current state of cybersecurity in the U.S. “We cannot accept that ten years from now it will be the same or worse than it is now,” she said. “All the critical infrastructure we rely on is underpinned by a technology base that was created in an insecure way.” As head of the Cybersecurity and Infrastructure Security Agency, Easterly is in a position to assess the coming damage, projected to be $8 trillion this year. Moderator Rajeev Chand, Wing Venture Capital partner led Easterly and CrowdStrike chief executive George Kurtz in a discussion on how to halt the increase of cyber-insecurity. Continue reading CES: As Risks Rise, Experts Reimagine Path to Cyber Safety

The Biden administration is implementing a cybersecurity labeling program designed to protect consumers using Internet of Things devices from “significant national security risks.” Beginning in the spring of 2023, IoT smart hardware will begin carrying a “label for products that meet U.S. government standards and are tested by vetted and approved entities,” according to the White House. The program will start with high-risk devices like routers and cameras. To jump-start the initiative, the White House hosted an IoT Cybersecurity Summit attended by national security officials, hardware manufacturers and representatives from consumer product associations. Continue reading Cybersecurity Labeling System Coming to IoT Devices in 2023

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

The European Union has released additional details of its Cyber Resilience Act (CRA), proposed cybersecurity rules initially introduced last year aimed at the growing number of smart devices and the Internet of Things. The goal is to introduce effective regulations that would help curb surging cyberattacks. Major tech companies from Apple to Amazon and LG would need to meet strict new standards in the connected electronics space or face significant fines that could run as high as the greater of $15 million or 2.5 percent of a company’s worldwide revenue. Continue reading EU’s Cyber Resilience Act Plans to Augment Security for IoT

The EU’s draft AI Act is causing quite a stir, particular as it pertains to regulating general-purpose artificial intelligence, including guidelines for open source developers that specify procedures for accuracy, risk management, transparency, technical documentation and data governance, well as cybersecurity. The first law on AI by a major regulator anywhere, the proposed AI Act seeks to promote “trustworthy AI,” but some are critical that as written the legislation could hurt open efforts to develop AI systems. The EU is seeking industry input as the proposal heads for a vote this fall. Continue reading EU’s AI Act Could Present Dangers for Open-Source Coders

Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys

As various states undergo primary elections and the nation gears up for midterm elections in the fall, the social network misinformation machines are becoming more active, too. Connecticut is actively addressing the problem with a marketing budget of nearly $2 million to counter unfounded rumors. The state is also creating a new position to monitor the disinformation mill. Salaried at $150,000 per year, the job involves combing fringe sites like Gettr, Rumble and 4chan as well as mainstream social media sites to weed-out falsehoods before they go viral, alerting platforms to remove or flag such posts. Continue reading States Fight Misinformation on Social Media Before Midterms

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

The U.S. government has issued a cybersecurity alert warning of “possible threats” to satellite communication networks and the country’s critical infrastructure. Concerned that recent attacks on European satellite networks could spread to the United States, a joint advisory published last week by the FBI and the Cybersecurity and Infrastructure Security Agency cited CISA’s “Shield’s Up” initiative, which warns that Russia’s invasion of Ukraine could trigger homeland attacks. The alert requests “all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity.” Continue reading CISA and FBI Warn of Possible Attacks on Satellite Networks

Alphabet has agreed to purchase cybersecurity firm Mandiant in a deal valued at nearly $5.4 billion. Mandiant — which services global enterprises, governments and law enforcement agencies — brings expertise that will fortify Alphabet’s Google Cloud with increased security at a time when businesses worldwide are focused on preventing cyberattacks. The deal, which is subject to regulatory approval, is expected to close later this year. The fact that Mandiant complements, rather than expands, Google’s sphere of influence should prove beneficial as Alphabet faces antitrust lawsuits from the Justice Department and U.S. states. Continue reading Google to Spend $5.4 Billion for Cybersecurity Firm Mandiant

On the heels of its first Congressional hearing for product safety, TikTok has announced policy changes aimed at making the short-form video social platform safer and more secure, particularly for minors, LGBTQ and minority users. In October, TikTok vice president and head of public policy Michael Beckerman testified along with executives from Snapchat and YouTube, addressing questions from U.S. senators as to the social media site’s impact on teen eating disorders and fallout from dangerous hoaxes. The policy updates address those concerns and institute new cybersecurity measures intended to protect user data from unauthorized access. Continue reading TikTok Updates Safety for Minors, Expands Security Features