CS Mar-Apr 2024

More documents

Recommendations

Info

ook review AI - WEAPON OF WAR? AI HAS BECOME A VAST TOPIC OF DEBATE: WILL IT HELP US THRIVE OR PROVE OUR NEMESIS? A NEW BOOK TACKLES THE IMPLICATIONS FOR THIS CONTROVERSIAL TECHNOLOGY HEAD ON When your subject matter is artificial intelligence - and your mission is to confront how this controversial technology has already been armed and equipped for malicious and adversarial purposes, and will be even more so in the days ahead - you know you are likely to have an audience out there that will sit up and take notice. With his book, 'The Language of Deception: Weaponizing Next Generation AI', author Justin Hutchens will undoubtedly secure such a reaction, not just because AI has arguably become the most talked about topic on the planet - yes, even more so than Taylor Swift - but because the artificial intelligence and cybersecurity veteran guides the reader expertly along the path that has spawned this technology. In his hands, there is an inevitability about all of this. We are at the crossroads we have reached, Hutchens argues, because of our past, a history he revisits with admirable exactitude and in fine detail: from artificial social intelligence to psychological exploitation; from consciousness, sentience and understanding to weaponising technical intelligence; his wide-ranging powers of observation and analysis are fully brought to bear. There is a grim irony in the fact that, with AI now commanding masses of column inches and often apocalyptic headlines in the media every day, and with every politician, entrepreneur and 'expert' seemingly having an opinion about the technology and the dark places it may take us, Hutchens recalls a time - way back in June 2022 - when he presented research at the world's largest annual hacking convention, DEF CON, which itself enjoyed a massive turnout. Not so the AI Village where he was speaking. Only a small group of doughty enthusiasts showed up. As he recalls in his book, "most people were not paying attention" - well, they certainly are now. As Hutchens states, AI "is already poised to transform every part of our lives. The world is going to radically change in the coming years, and emerging AI technology is going to be at the center of it all. It is critical that people understand the risks that come along with these new capabilities, and how we can safeguard ourselves against those risks". Certainly, there is much to cause alarm in what he imparts, but equally the book is a call to action. "Unfortunately, there is no turning back the sands of time, and there is no way to universally unlearn this knowledge that we now collectively possess. We are going to have to find a way to live with this technology. We are going to need to identify ways to come together, establish global partnerships, and address these problems on a unified front. The consequences of next generation AI will inevitably impact far more than one culture or organization. If there has ever been a time for the many factions of humanity to set aside their differences and act on behalf of the common good, that time is now." ALL THE ESSENTIALS... 'The Language of Deception: Weaponizing Next Generation AI' Author: Justin Hutchens (ISBN: 9781394222544) Published January 2024 by Wiley Paperback and ebook, priced £26.99 10 computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk
legal focus GETTING YOUR ACT TOGETHER! EDWARD MACHIN, OF ROPES & GRAY, SETS OUT THE CORE OBLIGATIONS OF THE UPCOMING DIGITAL OPERATIONAL RESILIENCE ACT The EU Digital Operational Resilience Act (DORA), which comes into effect in January next year, is designed to strengthen IT security in the financial sector. It sets requirements for the security of network and information systems, and applies to financial institutions and their third-party providers. "In practice, this means harmonising and strengthening existing obligations around ICT governance, risk management and incident reporting - with responsibility for compliance going to the board level," says Edward Machin, a counsel in the Ropes & Gray data, privacy & cybersecurity team. DORA applies to a wide range of financial and financial-adjacent institutions and entities, he adds. "Although most of these organisations are already subject to some form of cybersecurity regulation in the EU, DORA significantly expands the scope of these laws and will apply to most of an in-scope entity's business activities in the EU - including on an extra-territorial basis." DORA has four core obligations: 1. Governance and controls. "Management must approve and oversee the implementation of an IT risk management compliance programme that aligns with and reflects the entity's risk profile and tolerance," states Machin. "In other words, the board must maintain an active role in understanding and directing the company's approach to ICT risk - including through regular training to keep their knowledge up to date. Given the speed at which the cybersecurity world is developing, this won't always be an easy task." 2. ICT risk management. "In-scope entities must have in place an appropriate and documented IT risk management framework that helps them address risks quickly and comprehensively. As a minimum it will include (i) implementing policies, procedures and tools, including reporting lines, and (ii) adopting robust security systems and advanced resilience testing at least once every three years. Helpfully, these measures can be applied on a proportionate and risk-based basis…However, DORA takes a prescriptive approach to certain of its obligations, such as making in-scope entities (i) conduct business impact analyses of their exposure to severe business disruptions, and (ii) establish a crisis management function for handling internal and external communications." 3. Incident reporting. "In-scope entities must have processes in place to identify, manage and notify ICT security incidents." Reporting timelines are among the most involved in the EU, including initial and secondary notifications and a final report to competent authorities, he points out. 4 Third parties. In-scope entities must ensure that their (new and existing) contractual arrangements with third-party ICT service providers meet the prescriptive requirements set out in DORA. These requirements are similar to the EBA's guidelines on outsourcing arrangements; the GDPR mandatory provisions will also be required if the services involve personal data (which is likely…). "Although the requirements are different," says Machin, "you should leverage your GDPR compliance programme - and the experience gained through putting that in place - to inform your DORA strategy. Given the impact that DORA will have on in-scope entities, it should be treated as seriously as the GDPR." For the full text of Edwad Machin's blog on DORA and its likely significance, see here. Edward Machin, Ropes & Gray. www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security 11
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news TORSION ANNOUNCES FILING OF PA
Page 8: news Greg Wetmore, Entrust. TIME TO
Page 13 and 14: artificial intelligence stratospher
Page 15 and 16: artificial intelligence "In an intr
Page 17 and 18: Computing Security Secure systems,
Page 19 and 20: 2024 predictions ?? ? actors can so
Page 21 and 22: 2024 predictions ?? ? security is t
Page 23 and 24: iometric cybersecurity the previous
Page 25 and 26: data management NEW DATA STATS ARE
Page 27 and 28: energy industry incidents in 2020 -
Page 29 and 30: ansomware NEW THREAT ACTORS SEND RA
Page 31 and 32: penetration testing I.T. SYSTEMS RE
Page 33 and 34: endpoint protection GETTING STRAIGH

CS Mar-Apr 2024

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?