Wednesday, July 14, 2021

Searching for that perfect metaphor?

https://news.softpedia.com/news/cyberattacks-should-be-treated-as-a-national-disaster-in-the-u-s-533505.shtml

Cyberattacks Should be Treated as a National Disaster in the U.S.

Law enforcement officials have announced that a more widespread reaction will be forthcoming following the Kaseya ransomware attack that impacted over a thousand companies across the globe last week. Shortly thereafter, the FBI initiated actions to recover the Bitcoin payments, including the successful recovery of a portion of the ransom paid by Colonial Pipeline.

US authorities said they will treat ransomware attacks with similar priority to terrorism after noticing the huge scale of recent cyberattacks. Another powerful organization, the military alliance NATO, warned in late June that cyberattacks on its members could trigger a military response.





Be careful what you wish for? Perhaps they thought that the cops were closing in? Perhaps Putin simply took over their work?

https://www.csoonline.com/article/3625250/revil-gang-suddenly-goes-silent-leaving-victims-unable-to-recover-systems.html#tk.rss_all

REvil gang suddenly goes silent leaving victims unable to recover systems

All REvil websites went offline on Tuesday, leaving security experts and victims to speculate on the reason why.

The dark web sites operated by the notorious REvil ransomware group suddenly went offline on Tuesday, prompting speculation that the US or Russian governments stepped in. Meanwhile, victims and the security companies working for them to recover data have been put in a more difficult situation.

"Victims have been left without the ability to recover the decryption software necessary to restore encrypted networks, our clients being among them," Mike Fowler, vice president of intelligence services at GroupSense, a company that provides ransom negotiation services, tells CSO. "It is our hope that the organization responsible for the takedowns was able to gather the necessary software needed to provide the decryption keys when supplied with the victim-specific encryption keys. If not, we consider it computationally infeasible that the victims will be able to recover their data via other means."



(Related) That which does not kill us, makes us sneaker?

https://www.thedailybeast.com/the-pentagon-tried-to-take-down-these-hackers-theyre-back?scrolla=5eb6d68b7fedc32c19ef33b4

The Pentagon Tried to Take Down These Hackers. They’re Back.

Last fall, on the eve of the elections, the U.S. Department of Defense tried to throttle a transnational cybercrime group. But the hackers have rebuilt much of their operations. It’s become clear in recent months that the gang is very much alive and well.

The Russian-speaking hacking group, sometimes referred to by the name of the malware it uses, Trickbot, has gone after millions of victims around the globe, stealing victims’ banking credentials and facilitating ransomware attacks that have left businesses scrambling to pay hefty extortion demands for years.

And now, even though the Pentagon’s U.S. Cyber Command tried to put a dent in the gang’s operations last year, there are signs the hacking gang is working behind the scenes, quietly updating its malware to monitor victims and gather intelligence. That’s according to the latest intelligence from Romania-based cybersecurity firm Bitdefender, which shared its findings exclusively with The Daily Beast.





For my Computer Security students.

https://www.csoonline.com/article/3625271/nist-s-eo-mandated-software-security-guidelines-could-be-a-game-changer.html#tk.rss_all

NIST’s EO-mandated software security guidelines could be a game-changer

Following a string of high-profile supply chain hacks, President Biden's wide-ranging executive order on cybersecurity (EO) issued on May 12 directed the National Institute of Standards and Technology (NIST) to produce guidance on a series of software security matters. First, the EO asked NIST to produce a definition of critical software, which it released at the end of June. Second, the EO directed NIST to publish guidance on security measures for EO-critical software use, which NIST released last Friday.

Like so many other NIST guidance and framework documents, NIST presents each measure along with its corresponding federal government informative references, mostly technical specifications and industry standards, so that practitioners can rely on more detailed guidance. In addition, all software security measures count both the NIST Cybersecurity Framework (CSF) and NIST Special Publication (SP) 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations as informative references. NIST released a white paper that lays out the new software security schema in detail.

The EO further directed NIST to publish guidelines on vendors' source code testing.





Will this be as influential as the GDPR? If so, we better get it right!

https://www.bespacific.com/machines-learning-the-rule-of-law/

Machines Learning the Rule of Law

Sümeyye Elif Biber – Verfassungsblog: EU Proposes the World’s first Artificial Intelligence Act. “On 21 April 2021, the European Commission (EC) proposed the world’s first Artificial Intelligence Act (AIA). The proposal has received a warm welcome across the EU as well as from the US, as it includes substantial legal provisions on ethical standards. After its release, the media’s main focus laid on the proposal’s “Brussels Effect, which refers to the EU’s global regulatory influence: EU laws exceed their “local” influence and become global standards. With the AIA, the EU has the potential to become the world’s “super-regulator on AI. More than the Brussels Effect, however, the emphasis should lie on the EU’s intention to explicitly protect the rule of law against the “rule of technology. Despite this expressed goal, the normative power of the regulation to ensure the protection of the rule of law seems inadequate and raises serious concerns from the perspective of fundamental rights protection. This shortcoming becomes most evident across three main aspects of the AIA, namely in the regulation’s definition of AI systems, the AI practices it prohibits, and the preeminence of a risk-based approach…”





Not the first time I’ve run across this idea.

https://hbr.org/2021/07/to-spur-growth-in-ai-we-need-a-new-approach-to-legal-liability

To Spur Growth in AI, We Need a New Approach to Legal Liability

The existing liability system in the United States and other countries can’t handle the risks relation to AI. That’s a problem because it will slow AI innovation and adoption. The answer is to revamp the system, which involves revising standards of care, changing who compensates parties when inevitable accidents occur via insurance and indemnity; changing default liability options; creating new adjudicators; and revamping regulations to prevent mistakes and exempt certain kinds of liability.





An excellent resource for students planning to actually use statistics.

https://news.columbia.edu/news/top-10-ideas-statistics-ai

Top 10 Ideas in Statistics That Have Powered the AI Revolution

Though deep learning and AI have become household terms, the breakthroughs in statistics that have fueled this revolution are less known. In a recent paper, Andrew Gelman, a statistics professor at Columbia, and Aki Vehtari, a computer science professor at Finland’s Aalto University, published a list of the most important statistical ideas in the last 50 years.

The 10 articles and books below all were published in the last 50 years and are listed in chronological order.





More resources.

https://www.makeuseof.com/learn-how-to-code-for-free/

The 7 Best Ways to Learn How to Code for Free



No comments: