Toward
a secure architecture. An alternative to a national Guard Cyber
Unit, or perhaps a complement?
North
Dakota Expands Cyberdefense with New Funding, Workforce
… With
a recent funding boost for the 2019-21 biennium, the North Dakota
Information Technology Department will use $15.4 million to expand
its Cyber Operations Center (CyOC), adding a host of new toolsets,
employing increased contractor support and analysis, and hiring eight
new staff members.
…
Currently,
the CyOC is responsible for a focused effort to conduct a statewide
cybermaturity
assessment
to measure the level of cyber-readiness of 400+ public entities in
the state. That effort is part of a larger initiative, launched by a
bill passed earlier this year,
to strategically align state government behind a unified
cyberposture.
They
apparently didn’t monitor their resources. Why so long to agree to
minimal security?
Company
discovered it was hacked after a server ran out of free space
Hacker
was detected after creating a giant archive file that took up all the
free disk space. Had been inside the company's network for almost
two years, undetected.
… In 2016,
the company announced a security breach during which a hacker stole
the personal details of around one million users. Following tips
that the company had failed to secure its servers, the Federal Trade
Commission (FTC) started an investigation into the hack.
According
to an FTC
complaint at
the time, the hacker exploited a vulnerability in InfoTrax's websites
to upload a malicious code that enabled remote control of the
company's website and adjacent server infrastructure.
… The
theft was aided by the fact that InfoTrax was storing
customer data in cleartext.
Stolen information included Social Security numbers, payment card
information, bank account information, and user names and passwords.
This
week, the FTC and InfoTrax agreed
to a settlement according
to which the Utah-based company would implement the security measures
that led to the 2016 security breach. The settlement obliges
InfoTrax to:
inventory and delete personal information it no longer needs;
conduct code review of its software and testing of its network;
detect malicious file uploads;
adequately segment its network; and
implement cybersecurity safeguards to detect unusual activity on
its network.
For my
Security students.
New
Study Shows Financial Loss from Multi-Party Cyber Incidents Is 13X
Larger than Single-Party Incidents
Today
the Cyentia Institute published “Ripples Across the Risk Surface,”
an in-depth study sponsored by RiskRecon
that
analyzes more than 800 cyber incidents and their impact on multiple
downstream organizations. According to the study, multi-party loss
events that impact thousands of downstream organizations, otherwise
known as “ripple events,” result in 13X larger financial loss
than traditional single-party incidents. The
objective of this first-of-its-kind study is to raise market
awareness on the hyper interdependencies organizations have on other
organizations,
and the ripple effect that grows by an order of magnitude beyond that
singular data loss event.
Worth
checking?
Brave
1.0 launches, bringing the privacy-first browser out of beta
Brave
promises to prioritize security by blocking third-party ads,
trackers, and autoplay videos automatically. So you don’t need to
go into your settings to ensure greater privacy, though you can
adjust those settings if you want to.
Those
who grant-ith monopoly can take-ith it away. (As I have suggested
for years.)
Victory
over telecom industry gives Connecticut towns a way to provide their
own faster, cheaper internet service
The
telecommunications industry lost and consumers won in a Connecticut
Superior Court decision that gives cities and towns the right to use
existing utility infrastructure within their borders to create
municipal networks that deliver cheap, fast internet service to homes
and business.
Gartner trends are based on what senior IT
executives are thinking.
10 Data and
Analytics Trends for 2020
Data and analytics have gained traction in
organizations, driven by the promise of big data a few years ago and
the potential of machine learning and other types of artificial
intelligence more recently. Even as many enterprises seemed to be
stalled in their production AI plans, they are still making those
plans, and know they are crucial for success in the years to come.
That's because data and analytics are serving an
expanded role in digital business, according to Gartner analyst and
VP Rita Sallam. Data and analytics have become key parts of how you
serve customers, hire people, optimize supply chains, optimize
finance, and perform so many other key functions in the organization.
If you build (gather and store)
it, they will come. Field of Law Enforcement’s Dreams
Zack
Whittaker reports:
The
social media giant said the
number of government demands for
user data increased by 16% to 128,617 demands during the first half
of this year compared to the second half of last year.
That’s the highest number of government
demands it has received in any reporting period since it published
its first transparency report in 2013.
Legal is not always seen as ethical. Google
should have known better just based on the size of the database.
Rob
Copeland and Sarah E. Needleman report:
Google’s
project with the country’s second-largest health
system to collect detailed health information on
50 million American patients sparked a federal inquiry and criticism
from patients and lawmakers.
The data on patients of St. Louis-based
Ascension were until recently scattered across 40 data centers in
more than a dozen states. Google and the Catholic nonprofit are
moving that data into Google’s cloud-computing system—with
potentially big changes on tap for doctors and patients.
At issue for regulators and lawmakers who
expressed concern is whether Google and Ascension are adequately
protecting patient data in the initiative, which is code-named
“Project Nightingale” and is aimed at crunching data to produce
better health care, among other goals. Ascension,
without notifying patients or doctors, has begun sharing with Google
personally identifiable information on millions of patients,
such as names and dates of birth; lab tests; doctor diagnoses;
medication and hospitalization history; and some billing claims and
other clinical records.
And
this is exactly what happens when you have carve outs for sharing
information without explicit notice and consent. FERPA has a
carve-out that allows schools to share students’ personal
information with third-party entities that they declare as “school
officials” and now we see how an exception in HIPAA may have
allowed a massive sharing without consent.
It
is stunning to me that Ascension would have engaged in this data
sharing without anticipating how the public might feel about this.
I would feel betrayed by them and horrified.
Spain has published a few useful guidelines
already. Where are the rest of the EU members?
The Spanish
Supervisory Authority issues guidance on the use of cookies
On
November 8, 2019, the Spanish Supervisory Authority (“SA”) issued
detailed guidance
on
cookies and similar technologies in collaboration with stakeholders
in the ad industry, including Adigital, Anunciantes, AUTOCONTROL and
IAB Spain.
Interesting how lawyers are thinking about AI.
Artificial
Intelligence, Finance, and the Law
Lin,
Tom C. W., Artificial Intelligence, Finance, and the Law (November 4,
2019). 88 Fordham Law Review 531 (2019); Temple University Legal
Studies Research Paper No. 2019-31. Available at SSRN:
https://ssrn.com/abstract=3480607
“Artificial
intelligence is an existential component of modern finance. The
progress and promise realized and presented by artificial
intelligence in finance has been thus far remarkable. It has made
finance cheaper, faster, larger, more accessible, more profitable,
and more efficient in many ways. Yet for all the significant
progress and promise made possible by financial artificial
intelligence, it also presents serious risks and limitations.
This
Article offers a study of those risks and limitations—the ways
artificial intelligence and misunderstandings of it can harm and
hinder law, finance, and society. It provides a broad examination of
inherent and structural risks and limitations present in financial
artificial intelligence, explains the implications posed by such
dangers, and offers some recommendations for the road ahead.
Specifically, it highlights the perils and pitfalls of artificial
codes, data bias, virtual threats, and systemic risks relating to
financial artificial intelligence. It also raises larger issues
about the implications of financial artificial intelligence on
financial cybersecurity, competition, and society in the near future.
Ultimately, this Article aspires to share an insightful perspective
for thinking anew about the wide-ranging effects at the intersection
of artificial intelligence, finance, and the law with the hopes of
creating better financial artificial intelligence—one that is less
artificial, more intelligent, and ultimately more humane, and more
human.”
Try not to frighten the AI controlling your
pacemaker!
Fun New
Paper Says We Should Make Machines Freak Out About Their Own
Mortality
…
"In
a dynamic and unpredictable world, an intelligent agent should hold
its own meta-goal of self-preservation, like living organisms whose
survival relies on homeostasis: the regulation of body states aimed
at maintaining conditions compatible with life," write Man and
Damasio in their published
paper.
In
short, we're talking about giving robots feelings. Making them care
might make them better in just about every aspect, and it would also
give scientists a platform to investigate the very nature of feelings
and consciousness, say Man and Damasio.
What
outcome will the App suggest?
AI
app may help diagnose mental illness through speech: Study
Researchers
have developed a speech-based mobile app
that
uses artificial
intelligence to
categorize a patient's mental health status, an advance that may lead
to a tool to assist psychiatrists in diagnosing mental illnesses.
The study, published in the journal Schizophrenia Bulletin, noted
that many people in remote areas do not have access to psychiatrists
or psychologists, and others can't afford to see a clinician
frequently.
The
researchers, including those from the University of Colorado
at Boulder in the US, said therapists
base their treatment plan largely on listening to a patient talk
which they said was an old, subjective and unreliable method.
They
developed a machine
learning technology
that can detect day-to-day changes in speech which hints at mental
health decline.
Or
perhaps ignoring economic advice is politically advantageous?
Against
Economics
There
is a growing feeling, among those who have the responsibility of
managing large economies, that the discipline of economics is no
longer fit for purpose. It is beginning to look like a science
designed to solve problems that no longer exist.
I
like lists. (How many are available free?)
Explore
the list of 100 Novels That Shaped Our World
These English language novels, written over the
last 300 years, range from children’s classics to popular page
turners. Organised into themes, they reflect the ways books help
shape and influence our thinking.