Monday, March 29, 2021

Sometimes the BoD forgets all those warnings you keep repeating.

https://www.csoonline.com/article/3611771/attracted-to-disaster-secrets-of-crisis-cisos.html?upd=1617023537643

Attracted to disaster: Secrets of crisis CISOs

In the aftermath of a security incident, new CISOs are often appointed to take over and lead through the chaos. Here are the skills and traits experts say these crisis CISOs need—and how to prepare yourself to rise to the occasion.

Enterprise executives often want new security leadership in the aftermath of a significant incident, believing that their organizations will benefit from the particular skills and the fresh perspective that a new appointee will bring, say Wallenberg and other experts.

And in many cases those executives are right: They do indeed gain something by bringing on new security chiefs.

You see in history organizations where there was an incident or some significant regulatory action bringing in new CISOs, and some have made a night-and-day difference,” says Neil Daswani, a veteran cyber security leader and co-author of Big Breaches: Cybersecurity Lessons for Everyone.

But Daswani and others don’t discount incumbent CISOs, noting that they, too, can add value in crises. In fact, in a world where security breaches are considered a matter of when, not if, management advisors say all CISOs should be developing the skills and temperament it takes to lead through a crisis to ensure that, one, their organizations can successfully navigate the post-breach challenges and, two, that their own careers can weather the storm.





Closing the barn door before the horses escape? Not leaving the keys in your car? Making common sense part of the law might be a good thing.

https://www.csoonline.com/article/3613176/states-enact-safe-harbor-laws-against-cyberattacks-but-demand-adoption-of-cybersecurity-frameworks.html#tk.rss_all

States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks

Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.

While sophisticated ransomware and nation-state threat actors target US critical infrastructure, the only protection most organizations have against these attacks is tight and effective cybersecurity. These attacks have drawn government attention and sparked calls for liability protection against malicious intrusions. If organizations want this protection, however, lawmakers say they need to step up their game to implement better cybersecurity practices.

During a Senate Intelligence Committee hearing last month, Chairman Mark Warner (D-VA) said, "While I am very open to some level of liability protection, I'm not interested in a liability protection that excuses the kind of sloppy behavior, for example, that took place in Equifax, where they didn't even do the basic cyber hygiene."





Apparently still far from the Cyber War threshold.

https://www.databreaches.net/russian-hackers-stole-emails-from-trumps-cybersecurity-team-were-talking-the-crown-jewels/

Russian hackers stole emails from Trump’s cybersecurity team: ‘We’re talking the crown jewels’

Travis Gettys reports:

Suspected Russian hackers stole emails belonging to top officials in the Trump administration’s Department of Homeland Security, including members of its cybersecurity staff.
The Biden administration has tried not to reveal the scope of the breach as it considers retaliatory measures against Russia, but the Associated Press found new details about the hack of the DHS, including then-acting secretary Chad Wolf, and other agencies, including the Energy Department, where the hackers accessed top officials’ private schedules.

Read more on Raw Story.





What will we NOT be able to do without a Covid passport?

https://asia.nikkei.com/Spotlight/Coronavirus/COVID-vaccines/Japan-to-join-EU-and-China-in-issuing-digital-vaccine-passport

Japan to join EU and China in issuing digital vaccine passport

Japan will issue digital health certificates to citizens who have been inoculated against coronavirus, joining China, the European Union and other countries that have embraced vaccine passports aimed at opening up overseas travel, Nikkei has learned.

The certificate can be managed on a mobile app and will be in line with international standards, allowing the carrier to present the proof of vaccination when boarding a plane or checking in to a hotel.





Any number of error could cause some skew in AI results. How large that number must be to make the error obvious is (I think) unknown. Less than obvious error levels is the zone of mistrust for AI.

https://venturebeat.com/2021/03/28/mit-study-finds-systematic-labeling-errors-in-popular-ai-benchmark-datasets/

MIT study finds ‘systematic’ labeling errors in popular AI benchmark datasets

The field of AI and machine learning is arguably built on the shoulders of a few hundred papers, many of which draw conclusions using data from a subset of public datasets. Large, labeled corpora have been critical to the success of AI in domains ranging from image classification to audio classification. That’s because their annotations expose comprehensible patterns to machine learning algorithms, in effect telling machines what to look for in future datasets so they’re able to make predictions.

But while labeled data is usually equated with ground truth, datasets can — and do — contain errors. The processes used to construct corpora often involve some degree of automatic annotation or crowdsourcing techniques that are inherently error-prone. This becomes especially problematic when these errors reach test sets, the subsets of datasets researchers use to compare progress and validate their findings. Labeling errors here could lead scientists to draw incorrect conclusions about which models perform best in the real world, potentially undermining the framework by which the community benchmarks machine learning systems.

A new paper and website published by researchers at MIT instill little confidence that popular test sets in machine learning are immune to labeling errors. In an analysis of 10 test sets from datasets that include ImageNet, an image database used to train countless computer vision algorithms, the coauthors found an average of 3.4% errors across all of the datasets. The quantities ranged from just over 2,900 errors in the ImageNet validation set to over 5 million errors in QuickDraw, a Google-maintained collection of 50 million drawings contributed by players of the game Quick, Draw!





Could be worth a virtual visit.

https://www.govconwire.com/2021/03/potomac-officers-club-rounds-out-speakers-list-for-virtual-ai-event/

Potomac Officers Club Rounds Out Speakers List for Virtual AI Event

The Potomac Officers Club has announced the list of speakers for its third Annual Artificial Intelligence Summit, which will be held on Tuesday and will include discussions on how industry and government can jointly accelerate the pace of AI development.

This virtual event will feature Yll Bajraktari, executive director of the National Security Commission on Artificial Intelligence, as opening keynote speaker; Sue Gordon, former principal deputy director of national intelligence, as midday keynote speaker; and Lt. Gen Michael Groen, director of the Joint Artificial Intelligence Center and a 2021 Wash100 awardee, as closing keynote speaker.



No comments: