Implementing AI security solutions: A crawl-before-you-run strategy

 

source: seciritymagazine.com | image: pixabay.com

 

In navigating the shift from burglar alarms to digital security systems, many organizations are adopting artificial intelligence (AI) to bolster their security postures. In fact, a large majority of security operation centers (SOCs) employ AI and machine learning tools to detect advanced threats. However, not all AI is created equal and reaching too high too quickly with technological solutions can leave security teams with unclear or inefficient workflows. To get the most out of new technologies, security practitioners should focus on starting small with foundational AI technologies in order to lay the groundwork for a more reliable and mature security system.

It’s important to keep in mind that AI technology is still maturing every day. New AI tools for security, often related to computer vision and surveillance camera analytics, are continually surfacing on the market. Often many organizations feel pressured to try the “latest and greatest” and end up testing expensive solutions that don’t deliver what they promise, which turns them off to using AI entirely.

In some cases, too-advanced systems can provide a lower ROI 

In most fields these promises are easy to see through and organizations quickly become savvy to vendors that overpromise and underdeliver. For example, there is no AI that comes close to being able to flag “suspicious people,” and this also opens the doors for privacy and ethical issues.

Continue reading “Implementing AI security solutions: A crawl-before-you-run strategy”

The CIA’s Least Covert Mission

source: politico.com

contributed by Artemus FAN, Stephen L. Page

Image by David Mark from Pixabay 

 

 

In the bowels of its Langley headquarters, a fluorescent-lit, mundane office space houses a team of about a dozen people engaged in what is perhaps the Central Intelligence Agency’s least covert mission: to make American citizens “like” the agency on social media.

An edict is posted to the wall: “Every time you make a typo….the errorists win.”

The United State’s premier intelligence agency has slowly ramped up its social media presence since joining Facebook and Twitter in 2014, creating one of the federal government’s quirkiest, creative, and controversial PR campaigns.

Continue reading “The CIA’s Least Covert Mission”

 

The Argument for a National US Data Privacy Framework

source: eweek.com

Photo by ThisIsEngineering from Pexels

 

Against the backdrop of escalating cybercrime and data breaches throughout 2020 and 2021, state legislators in over 29 US states have thrown the spotlight on data privacy this year, putting it high on the agenda in legislative sessions.

Among other things, the rights of consumers to opt out of data collection on websites, providing watertight protection and privacy for children online, and the monitoring of employee emails have all been closely scrutinized.

Perhaps most crucially, legislators have taken a closer look at the role and responsibility of commercial and governmental entities in ensuring data protection, as well as the need for companies to make clear what data is collected, what will be done with it, and for how long it will be kept.

Continue reading “The Argument for a National US Data Privacy Framework”

Battelle to Supply the Department of State with Armored Vehicles

source: battelle.org

contributed by Artemus FAN, Steve Jones

 

Battelle will begin transforming Toyota’s Land Cruiser 200 series standard SUVs into specialized armored vehicles for the U.S. Department of State’s Diplomatic Security Service (DSS) under a new contract award.

Over the past decade, Battelle has steadily built its specialty automotive manufacturing capabilities at facilities on the west side of Columbus, Ohio, building hundreds of armored vehicles for select Department of Defense customers.

Under a Blanket Purchase Agreement (BPA) awarded last year by the Department of State, Battelle recently won a BPA call to build 229 armored Land Cruisers. Delivery of the vehicles is scheduled to begin in March 2022 and be completed in June 2023.

Continue reading “Battelle to Supply the Department of State with Armored Vehicles”

DOJ: Former NSA Operatives Worked as Cyber-Mercenaries, Helping Hack U.S. Systems

source: gizmodo.com

Members of the U.S. intelligence community and military have reached a deferred prosecution agreement over their role in an overseas cyber-mercenary business.

 

Former U.S. intelligence operatives are facing federal charges after allegedly having worked as cyber-mercenaries for the United Arab Emirates. The men, all of whom are ex-employees of the National Security Agency, are accused of helping the UAE government to break into computer systems all over the world, including some in the U.S., newly unsealed court documents claim.

Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, are all charged with having broken federal laws related to computer fraud and export regulations, the Department of Justice announced Tuesday.

Between 2016 and 2019, the trio worked as senior managers at Dark Matter, an Emirati cybersecurity company. Working out of a converted mansion in Abu Dhabi, the team was part of an operation dubbed “Project Raven,” the likes of which was staffed almost wholly by former U.S. intelligence officials. Their services helped the Middle Eastern monarchy to carry out hacking operations against its perceived enemies, including activists, political rivals and journalists, Reuters previously reported.

Continue reading “DOJ: Former NSA Operatives Worked as Cyber-Mercenaries, Helping Hack U.S. Systems”

source: cnet.com

 

The Department of Homeland Security enlists Amazon, Microsoft, Google and others to help combat cyberthreats.

US taps tech giants to help fight ransomware, cyberattacks

 

 

The US government is turning to tech giants including Amazon, Microsoft and Google to help bolster cybersecurity, after a string of high-profile attacks involving critical infrastructure. 

The initiative, called the Joint Cyber Defense Collaborative, was unveiled Thursday by Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, which falls under the Department of Homeland Security. The effort, reported earlier by The Wall Street Journal, will initially focus on combating ransomware and developing a framework to deal with cyberattacks that affect providers of cloud services. It also aims to improve information sharing between the government and the private sector, with the goal of reducing the risk of attacks and ensuring a coordinated response. 

“The JCDC presents an exciting and important opportunity for this agency and our partners — the creation of a unique planning capability to be proactive vice reactive in our collective approach to dealing with the most serious cyber threats to our nation,” said Easterly. “The industry partners that have agreed to work side-by-side with CISA and our interagency teammates share the same commitment to defending our country’s national critical functions from cyber intrusions, and the imagination to spark new solutions.” 

The team-up follows several high-profile ransomware and cyberattack episodes in the US. So far this year, ransomware attacks have shut down a gas pipeline and a major meat producer, spurring fears of shortages and concerns that other critical infrastructure is at risk. A number of federal agencies also fell victim to the SolarWinds hack that was uncovered last year, including high-level officials at the DHS

Earlier this year, the Biden administration unveiled several efforts to shore up cybersecurity practices across federal agencies, including a $20 billion plan to secure the country’s infrastructure against cyberattacks. 

Other companies participating with multiple government agencies in the JCDC include AT&T, CrowdStrike, FireEye, Lumen, Palo Alto Networks and Verizon.

“In order to bolster our nation’s cyber defenses, it’s essential that the public and private sectors work together to defend against evolving threats and shore up modern IT capabilities that will protect our federal, state and local governments,” said Phil Venables, chief information security officer at Google Cloud, in an emailed statement. “We look forward to working with CISA under the Joint Cyber Defense Collaborative and offering our security resources to build a stronger and more resilient cyber defense posture.”

Amazon and Microsoft didn’t respond to requests for comment. 

 

 

 

 

source: dhs.gov (contributed by FAN Steve Jones)

We’ve all walked through a metal detector at the airport, hoping we didn’t forget anything in our pockets that will set off the alarm. When security personnel can’t immediately identify what is triggering the alarm, the process is halted for a pat down. Though this slows the screening process significantly for people waiting in line and can be an uncomfortable experience for the individual being screened, it is an essential element of keeping all travelers safe.

xTo improve airport security, both for screeners and for those being screened, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) continually invests in research and development (R&D) to build solutions for the future. S&T’s Screening at Speed Program partners with government, academia, and industry to increase security effectiveness at the airport from curb to gate, while dramatically reducing screening wait times and improving the passenger experience

image - china tech

 

China’s AI Deployment in Africa Poses Risks to Security and Sovereignty

source: aspistrategist.com

The competition to dominate Africa’s artificial intelligence and critical infrastructure markets is geopolitical and Beijing is racing for the lead. During the past 20 years, China has been rapidly building its communications infrastructure and advancing data-surveillance capabilities globally, and has taken a strong interest in spearheading development of Africa’s technology markets. President Xi Jinping’s Belt and Road Initiative has been the primary conduit for China’s expansion on the continent.

When the BRI was first introduced in 2013, many African leaders shared Xi’s view that inadequate infrastructure was the greatest barrier to economic development. So far, 40 out of 54 African countries have signed BRI agreements.

Continue reading “China’s AI Deployment in Africa Poses Risks to Security and Sovereignty”

source: securityweek.com

Researchers Abuse Apple’s Find My Network for Data Upload

Security researchers have discovered a way to leverage Apple’s Find My’s Offline Finding network to upload data from devices, even those that do not have a Wi-Fi or mobile network connection.

Using Bluetooth Low Energy, the data is being sent to nearby Apple devices that do connect to the Internet, and then sent to Apple’s servers, from where it can be retrieved at a later date.

The technique could be used to avoid the costs and power usage associated with mobile Internet, or to exfiltrate data from Faraday-shielded sites visited by iPhone users, researchers with Positive Security, a Berlin-based security consulting firm.

Continue reading “Researchers Abuse Apple’s Find My Network for Data Upload”

 

source:  nytimes.com

A Guantánamo detainee is seeking information from two former government contractors in connection with a Polish criminal inquiry into a facility there.

The Supreme Court on Monday agreed to decide whether the government can block a detainee at Guantánamo Bay from obtaining information from two former C.I.A. contractors involved in torturing him on the ground that it would expose state secrets.

The detainee, known as Abu Zubaydah, sought to subpoena the contractors, James E. Mitchell and Bruce Jessen, in connection with a Polish criminal investigation. The inquiry was prompted by a determination by the European Court of Human Rights that Mr. Zubaydah had been tortured in 2002 and 2003 at so-called black sites operated by the C.I.A., including one in Poland.

Continue reading “Supreme Court to Rule on Whether C.I.A…”