TOP OF THE DAY

 

The National Security Memorandum on Artificial Intelligence — CSET Experts React

 

(Center for Security and Emerging Technology) On October 24, the White House issued the first-ever National Security Memorandum on Artificial Intelligence. CSET’s experts answer pressing questions and what it means for U.S. national security and AI development. – The National Security Memorandum on Artificial Intelligence — CSET Experts React | Center for Security and Emerging Technology

Clear guardrails mean faster progress on AI: Biden signs sweeping guidance for DoD & IC

(Sydney J. Freedberg Jr. – Breaking Defense – 24 October 2024) President Joe Biden has just signed a sweeping National Security Memorandum (NSM) to guide military and intelligence use of artificial intelligence, National Security Advisor Jake Sullivan said this morning. The new plan’s guiding principle is a big bet that adhering to American values — like accountability, legality and individual rights — won’t slow the US down in the AI arms race with China, but help move it faster. The memorandum will also boost cybersecurity defenses against Chinese theft of American AI secrets and strengthen government collaboration with the private sector and foreign allies, Sullivan and other officials said. And it will be accompanied by an extensive “Risk Management Framework” to help officials distinguish proper from improper use of AI. – Clear guardrails mean faster progress on AI: Biden signs sweeping guidance for DoD & IC – Breaking Defense

The AI Power List 2024. The most powerful people in artificial intelligence

(Business Insider – 24 October 2024) Since ChatGPT broke out in late 2022, artificial intelligence has cemented its place in mainstream consciousness. Hundreds of companies are now vying for leadership, mindshare, and billions of dollars in new funding. Data centers and electric grids are being reimagined on a scale never seen before. Look underneath all this frenetic activity, and you find humans powering a new technology era. Some are researchers and academics. Others are engineers, entrepreneurs, and founders. Who really knows AI and who doesn’t? Business Insider set out to cut through the noise and distill who you should be paying attention to in this fast-growing sector. In 2023, BI launched its inaugural list of the 100 most important people in AI, which introduced the world to this crucial tech community. A year on, BI’s 2024 AI Power List maps out who really knows what they’re talking about and who wields real power in the field. These people are working on a host of challenges and opportunities across AI, including making computing infrastructure more efficient, overcoming energy constraints, and guiding how this technology will change the world. – Business Insider’s 2024 AI Power List

2023 LinkedIn data on OECD.AI:  Definitions for AI occupations are more specific, women in more AI jobs as career transitions to AI grow

(Rosie Hood, Bénédicte Rispal, Lucia Russo, Luis Aranda – OECD.AI Policy Observatory – 24 October 2024) As the use of AI increases everywhere, its influence reshapes the labour market for workers and employers alike. LinkedIn’s 2024 Work Trend Index Annual Report shows a rising demand from both sides to leverage AI in the workplace. A staggering 75% of global knowledge workers now incorporate AI into their daily routines. Employees see AI as a tool that helps them save time, focus on high-priority tasks, boost creativity, and enjoy their work. On the other hand, employers increasingly seek talent with AI expertise, and AI-related hiring has surged by 323% over the past eight years. Furthermore, there has been a notable increase in job applications for AI-related roles: LinkedIn posts that mention AI have seen 17% greater application growth in the last two years compared to job posts that don’t mention AI. The integration of AI into the workforce does not just transform job roles. It also creates a new landscape of skills and opportunities. With the rise of generative AI, new diverse AI competencies, including non-technical abilities like using tools such as ChatGPT and Copilot, are becoming highly sought after in today’s job market. – 2023 LinkedIn data on OECD.AI:  Definitions for AI occupations are more specific, women in more AI jobs as career transitions to AI grow  – OECD.AI

 

Beijing’s Latest Data Security Regulations Create Framework for Broad Domestic and Extraterritorial Supervision

 

(Matthew Johnson – The Jamestown Foundation – 24 Ottobre 2024) The State Council-approved “Network Data Security Management Regulations” impose stringent compliance requirements on data processors and platform service providers to safeguard personal information, important data, and cross-border data. The “Regulations” signal continued efforts by the People’s Republic of China (PRC) to assert control over data management and security both within and beyond its borders. The “Regulations” place a heavy emphasis on adherence to the Chinese Communist Party’s (CCP) leadership in data security management, reflecting the PRC’s “comprehensive national security concept.” Overseen by the Cyberspace Administration of China and the Party’s multi-faceted security apparatus, they emphasize national security, mandate strict reporting and risk assessments, and extend their reach to foreign entities processing PRC citizens’ data. The “Regulations” mandate the creation of a National Data Security Coordination Mechanism to supervise protection measures and data catalogues at both national and local levels. Cross-border data transfers of important data and personal information must comply with the PRC’s broadly defined security and individual data rights norms, and companies face potential legal consequences if they process data in a way that harms the PRC’s national security or state interests. – Beijing’s Latest Data Security Regulations Create Framework for Broad Domestic and Extraterritorial Supervision – Jamestown

 

Cybersecurity Teams Largely Ignored in AI Policy Development

 

(Beth Maundrill – Infosecurity Magazine – 24 October 2024) Cybersecurity teams are being left out of the development of policies governing the use of AI in their enterprises, new research published by ISACA during its 2024 Europe Conference has found. Just 35% of 1800 cybersecurity professionals surveyed said they are involved in development of such policies. Meanwhile, 45% reported no involvement in the development, onboarding or implementation of AI solutions. – Cybersecurity Teams Largely Ignored in AI Policy Development – Infosecurity Magazine

 

SECURITY

Securing open source software is a team sport

(Ann Schlemmer – NextGov – 25 October 2024) Two years ago, the joint government-private sector response to the Log4j vulnerability that spawned 800,000 attacks worldwide led to the Enduring Security Framework for federal agencies adopting open source software. During that time of crisis, the potential benefits of true public-private partnerships and cooperation were on full display. Representatives from several technology trade associations and interest groups, private enterprises, and federal government agencies convened an effort to establish standards and norms around the secure development and use of information technologies — including, of course, OSS and components. And in the short term the combined efforts of these groups — including agencies like the Cybersecurity and Infrastructure Security Agency, NGOs and advocacy groups like the Linux Foundation and private sector participants such as Amazon, Akamai and Google — were nominally successful, leading to a set of guidelines for OSS security that federal agencies must follow when procuring or producing new software. – Securing open source software is a team sport – Nextgov/FCW

North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft

(Ionut Arghire – SecurityWeek – 24 October 2024) The North Korean advanced persistent threat (APT) actor Lazarus was caught exploiting a zero-day vulnerability in Chrome to steal cryptocurrency from the visitors of a fake game website, Kaspersky reports. Also referred to as Hidden Cobra and active since at least 2009, Lazarus is believed to be backed by the North Korean government and to have orchestrated numerous high-profile heists to generate funds for the Pyongyang regime. – North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft – SecurityWeek

‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives

(Eduard Kovacs – SecurityWeek – 24 October 2024) Palo Alto Networks has detailed a new AI jailbreak method that can be used to trick gen-AI by embedding unsafe or restricted topics in benign narratives. The method, named Deceptive Delight, has been tested against eight unnamed large language models (LLMs), with researchers achieving an average attack success rate of 65% within three interactions with the chatbot. – ‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives – SecurityWeek

Penn State Settles for $1.25M Over Cybersecurity Violations

(Alessandro Mascellino – Infosecurity Magazine – 24 October 2024) Pennsylvania State University (Penn State) has agreed to pay $1.25m to resolve allegations of failing to meet federal cybersecurity requirements tied to contracts with the Department of Defense (DoD) and NASA. The settlement follows claims that the university did not implement necessary cybersecurity controls across 15 contracts or subcontracts between 2018 and 2023. – Penn State Settles for $1.25M Over Cybersecurity Violations – Infosecurity Magazine

UK Government Urges Organizations to Get Cyber Essentials Certified

(James Coker – Infosecurity Magazine – 24 October 2024) The UK government has urged more organizations to become Cyber Essentials Certified, highlighting the significant impact the scheme has had on preventing damaging attacks. On the 10th anniversary since Cyber Essentials was introduced, the government published the results of an evaluation of the scheme’s effectiveness that was carried out in 2023. – UK Government Urges Organizations to Get Cyber Essentials Certified – Infosecurity Magazine

LEGISLATION

UK Government Introduces New Data Governance Legislation

(James Coker – Infosecurity Magazine – 24 October 2024) The UK government has introduced new legislation to govern personal data use and sharing through digital technologies. The Data (Use and Access) Bill provides a framework for digital verification services, enabling companies who provide tools for verifying identities to gain a government certified “trust mark.”. The trust mark will be a new logo to show digital verification services are approved by the newly created Office for Digital Identities and Attributes (OfDIA) within the Department for Science, Innovation and Technology (DSIT). – UK Government Introduces New Data Governance Legislation – Infosecurity Magazine

DEFENSE, INTELLIGENCE, AND WAR

Airborne Electromagnetic Warfare is Critical for NATO’s Airpower Edge

(Justin Bronk – RUSI – 24 October 2024) Long overlooked in mainstream defence circles as a ‘niche’ capability reserved for deep specialists, airborne electronic warfare capabilities are an increasingly essential component in NATO’s ability to deter and defeat Russian aggression in Europe. – Airborne Electromagnetic Warfare is Critical for NATO’s Airpower Edge | Royal United Services Institute