CS Jul-Aug 2023

More documents

Recommendations

Info

AI David Trossell, Bridgeworks: AI should continue to be embraced by enterprises and startups developing technologies in the future. Boris Cipot, Synopsys Software Integrity Group: legally, who is the owner or author of what is provided by AI and what are the flaws AI may have generated? these apps exist and always be sure to read the fine print whenever hitting 'Subscribe'. Users can also report apps to Apple and Google, if they think the developers are using unethical means to profit." KEEPING CONTROL People are often suspicious of new technologies, with Sci-Fi movies, such as 'The Terminator', playing on this fear, says David Trossell, CEO and CTO of Bridgeworks. "Sure, cyber-criminals could use AI against us, but equally we can use AI to protect ourselves; or to do more with fewer resources. Machine learning doesn't mean that autonomous machines will eventually control us. We can use AI and ML to maintain control. For example, new technologies that incorporate AI to ensure that voluminous amounts of encrypted data can travel securely at unrivalled speeds over a Wide Area Network." He points to the innovation called WAN Acceleration, which uses AI, ML and data parallelisation to mitigate latency and packet loss. "It permits the secure transport and ingression of encrypted data. Organisations can increase their bandwidth utilisation, without investing in new pipes. Without AI and ML, data would neither be as secure, nor as fast, over large distances. Rather than making IT redundant, it enables CIOs to focus on strategic tasks," advises Trossell. "Given the benefits of AI and ML, the question is: 'Why are they trying to stop the inevitable?' The genie is out of the bottle. Rodney Brooks [the Australian roboticist] argues that you have to be aware that, with any new technology, 50% of the answers are incorrect. Don't confuse performance with competence. It's a bit like the cloud. Everyone rushed to the cloud to avoid missing out, only to regret it. In 2017, The Global and Mail wrote: 'The public cloud provider Nirvanix, in San Diego, California, went under in 2013, forcing clients to scramble to retrieve their data before it was forever lost.' People should reflect, plan, and re-evaluate AI and ML, Trossell says. "The big VCs are piling in with money to get on the bandwagon and AI isn't new. As for ethics, they've never prevented the making of a dollar. You can see this with Meta and Twitter. Generative AI ChatGPT is going to be the same - just another tool. Will it cause mass unemployment? Possibly, but growing global trade and investment impact these changes as well. Organisations and consumers adapt, so AI should continue to be embraced by enterprises and startups developing technologies in the future." LEGAL IMPLICATIONS Ultimately, there is no denying the importance AI will have in the future, says Boris Cipot, senior security engineer at the Synopsys Software Integrity Group. "AI will change the way information is generated, processed and used. However, the primary question at this point is: who will control the usage of this AI? It is understandable that some companies have established policies that their employees do not use AI-based technology for workrelated tasks, as there are still many unanswered questions from a legal or security standpoint. "For instance, legally, who is the owner or author of what is provided by AI and what are the flaws AI may have generated? Here the flaws can be interpreted as vulnerabilities in source code created by AI or misinformation that it is susceptible to, based on materials used to train the AI. As learned from the past, technology can be used for good, but also for bad. AI, still in its infancy, is no different. "We cannot predict every possible decision for every scenario around which AI may be used," points out Cipot. "But AI systems need to be trained with reliable and accurate information, tested to ensure they're not spreading vulnerable or inaccurate output, and maintained to ensure they're leveraged in a productive and constructive way." 30 computing security July/August 2023 @CSMagAndAwards www.computingsecurity.co.uk
cyber strategy SECURITY BY DESIGN NEW CYBERSECURITY MEASURES BEING IMPOSED IN THE US WILL HIT SOFTWARE COMPANIES HARD. WHAT MIGHT THIS MEAN FOR THE UK? The US recently published its national cybersecurity strategy. Released by the Biden administration, it seeks to impose minimum security standards for critical infrastructure onto larger software makers. Equally, it means to shift responsibility for maintaining the security of computer systems away from consumers and small businesses. What impact is this likely to have on the security industry - and what implications, in particular, might this have for the UK? Does it have any other option but to follow the same path? Phil Tonkin, senior director of strategy at Dragos, says that the US National Cybersecurity Strategy aiming to move from a voluntary approach to cybersecurity in many industries to more aggressive, and mandatory, regulatory standards - a 'fundamental shift' to rebalance the responsibility to defend cyberspace - did not come as a surprise. "For months, administration officials telegraphed the intent to use regulatory and market drivers to shift the burden of mitigating cyber risks away from end users and to those best positioned to have earliest and broadest impact. This includes not just critical infrastructure owners and operators, but also technology companies, software makers and service providers," he says. However, this is not a shift that will not happen overnight. "While the US National Cybersecurity Strategy signals a stronger regulatory environment in the US, many different standards bodies and regulatory agencies oversee a patchwork of regulatory frameworks and requirements for different industries. Even as the administration has rolled out new requirements for certain industries, including railways and pipelines, others will require new authorities from Congress." REGULATORY ESSENTIALS What this means is that the US government and experts from industry have time to work together toward building regulatory requirements that achieve the best possible outcomes for securing infrastructure and the digital ecosystem, with a focus on real security and not just simple compliance advises Tonkin, who also points out how the strategy highlights the importance of international coalitions and partnerships to counter cyber threats, devoting an entire pillar to those shared goals. "The consequences of cybercrime are not geographically restricted, requiring a global approach to countering threats and managing vulnerabilities. Economies are interconnected globally as well, with many companies operating across countries and regions. So, any time a new security standard or regulation is adopted, industry has to react and this often has a ripple effect globally." He adds that the 2016 UK National Cyber Strategy has focused on developing capability with a particular focus on critical infrastructure across all areas. "In 2022, it began to consider this in the context of increasing digitisation, sustainability and reducing international dependence. This continues to mature, in particular as the UK begins to find its own direction in setting future Network Security legislation outside of the European Union. "Both the UK and EU have begun to move legislation to cover more entities, closer to the consumer," Tonkin concludes. "However, there is a growing global recognition that the responsibility to secure digital products cannot be the responsibility of individuals. The eyes of the world will be on the US to learn how security by design is enforced." Phil Tonkin, Dragos. www.computingsecurity.co.uk @CSMagAndAwards July/August 2023 computing security 31
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6: news Gary Barlet, Illumio. IBM EXPA
Page 9 and 10: DON’T SaaSSS GET YOUR KICKED! ! T
Page 11 and 12: ansomware WHY BEING AGILE MATTERS W
Page 13 and 14: privacy crisis an inconsistent pict
Page 15 and 16: Infosecurity Europe Matthew Syed's
Page 17 and 18: Computing Security Secure systems,
Page 19 and 20: workplace welfare within the cybers
Page 21 and 22: identity & access may cause operati
Page 23 and 24: managed services Unfortunately, man
Page 25 and 26: GDPR that bridges the gap between t
Page 27 and 28: GDPR legislation in other parts of
Page 29: AI enhance SOAR with a generative A
Page 33 and 34: ansomware attacks While laws could
Page 35: Computing Security Secure systems,

CS Jul-Aug 2023

Create successful ePaper yourself

Delete template?

Save as template?