Category Archives: Internet Security
Joint Statement on the Strategic Third Neighbor Partnership … – The White House
August2, 2023
Vice President Kamala Harris welcomed Prime MinisterOyun-ErdeneLuvsannamsraito Washington, D.C.,on August 2ndto celebrate the strategic Third Neighbor partnership between the United States and Mongolia. The two sides acknowledged the advancement ofU.S.-Mongolia relations since the 2019 declaration of the two countries Strategic Partnership, which has provided a firm foundation to promote and strengthen bilateral relations. Ties between our two countries are at their strongest point yet and have developed on the basis of shared principles, respect for good governance, sovereignty, the rule of law, and human rights,as well as Mongolias Third Neighbor policy.
The United States applauded Mongolias efforts to expand relations in the region and around the world, thus contributing to international stability. In this context, our two countries shared respective views on ensuring a prosperous, peaceful,and inclusive Indo-Pacific region. Together, the United States and Mongolia are expanding our strategic partnership with a focus on building economic resilience, promoting democratic principles and institutions, and strengthening our security cooperation. As strategic Third Neighbors, we will sustain our close partnership and forge ties between our citizens to ensure their continued prosperity and security.
Deepening Economic Cooperation
The United Statesand Mongoliaare partnering on joint responses to the 21stcenturys most difficult economic challenges, exploring opportunities to increase trade and investment through bilateral cooperation and regional trade mechanisms. Our countries share a desire to deepen the bilateral economic relationship in areas of mutual interest and to pursue opportunities for cooperation in the mineral resources sector, clean energy, food security,and the digital economy through existing and new mechanisms, includingforcapacity building and trade promotion.
Mongolia introduced the priorities of Mongolias New Recovery policy and related project implementation through public-private partnerships and Mongolias Vision-2050 long-term development policy.Both Governments welcomed the signing of an updated Economic Cooperation Roadmap that will serve as the foundation for increased commercial and economic ties between our countries in the coming years. They welcomed the visit of a Mongolian trade mission to the United States and a U.S. Certified Trade Mission to Mongolia in 2023.
The United States expressed continued support for the strengthening of Mongolias democracy through diversifying its economy, bolstering energy security,enhancingfood security,and supporting the transition to renewables. The two sidesare launchingnew partnerships in the areas of minerals and energy.In particular,the United StatesandMongoliarecognize the importance of critical minerals to the global supply chain and are deepening cooperation in this sector. Wewelcome the June 27 signing of a bilateral Memorandum of Understanding concerning cooperation on mineral resource sector development and governance, as well as the June trilateral dialoguebetween the United States, Mongolia, and Republic of Korea in Ulaanbaatar to support the development of Mongolias mining sector.
The United States and Mongolia are both committed to combating the climate crisis and to our respective 2030 Nationally DeterminedContributions underthe Paris Agreement. The United States is committed to working with Mongolia to improve capacity to develop and implement ambitious climate change mitigation and adaptation policies in sectors such as agriculture and clean energy by welcoming Mongolias commitment to work on climate and conservation issues, including through Mongolias endorsement of the Global Methane Pledge, hosting of the UN High-Level Forum on Clean Air, and PresidentKhurelsukhUkhnaasOne Billion Trees initiative. Mongolia noted its support for the sustainable use of Mongolian water resources via the jointU.S.-Mongolia Millennium Challenge Water Compact. The United States and Mongolia are also exploring additional areas of collaboration on renewable energy and energy security, including via discussions in the next bilateral Energy Security Dialogue.
Both Governments hailed the new Open Skies Agreement as a clear indicator of the strong Third Neighbor partnership between the United States and Mongolia. The Agreement will facilitate air services between Mongolia and the United States as well as expanding our strong economic and commercial partnership, promoting people-to-people ties, and creating new opportunities for trade and tourism. Both sides expressed their commitment to high standards of aviation safety and security. At the request of the Civil Aviation Authority of Mongolia, the U.S. Federal Aviation Administration plans to provide technical assistance to the Civil Aviation Authority of Mongolia in support of civil aviation safety later this year.
The United States commended Mongolias work to promote good governance, a favorable business environment, and private sector-driven economic growth and supported the development of Mongolias legal and regulatory framework and institutional capacity based on international best practices. The United States and Mongolia highlighted the importance of strengthening Mongolias business climate, including through continued implementation of the U.S.-Mongolia Agreement on Transparency in Matters Related to International Trade and Investment which further recognizes that increasing the transparency and predictability of the business environment will catalyze private sector trade and investment, and they noted that the two sides plan to hold a meeting of the U.S.-Mongolia Trade and Investment Framework Agreement Council in Mongolia later this year. Theyalsosupport the development of transparent market mechanisms for the trade of export commodities.
The United States and Mongolia support private-sector initiatives to develop the digital economy and information and communication technologies, and we see cooperation in this space as essential for promoting digital trade and cyber security. Both sides highlighted the importance of U.S.-Mongolia collaboration to harness the benefits of the digital transformation, e-trade, and e-commerce. Our combined efforts will facilitate improved payment solutions, skills development, access to financing, and prevention of digital and Internet crime. The two sides reiterated their willingness to explore cooperation in cyber technologyandwelcomedthe announcement ofprivateupskilling programs forinformation and communications technologyteachersin high-demand tech skills ranging from cybersecurity to data analytics.
The United States and Mongolia also discussed ways to increase U.S.-Mongoliaspace and technology cooperation, including through the development of a bilateral space dialogue.Both countries are working towards advancing space situational awareness cooperation and ensuring apeaceful,safe, secure, and sustainable space environment.
The United States and Mongolia recognize that people-to-people ties between our two countries are an indispensable pillar of our partnership, manifested in their immense economic and commercial contributions to both the United States and Mongolia. These ties have been nourished byEnglish officially becoming the primary foreign language insecondary schools ofMongolia, and by English education and community development training programs provided by the United States. To this end, the United States and Mongolia are pleased to announce an intention to open a new American Space in Erdenet with programming that will expand access to English language education and increase knowledge of study and exchange opportunities in the United States. The United States is also working to expand its English Teaching Assistants program in Mongolia by adding fifty percent more positions. The United States and Mongolia reaffirmed their shared commitment to expand education cooperation, building on the more than $2 million annually the United States already dedicates to education and exchange in Mongolia, especially increased opportunities for Mongolians to pursue higher level education in the United States by offering more government-funded scholarships, growing our longstanding Fulbright binational partnership, and helping train even more English language teachers. The leaders welcomed 32 years of efforts by the U.S. Peace Corps, as well as the efforts of the U.S. Department of State, the U.S. Defense Language Institute, and other institutions to expand English language training programs and deepen Mongolias Third Neighbor connections with the United States.
Promoting Democratic Principles
The United States and Mongolia underscore the importance of strong democratic institutions, rule of law, media freedom, and respect for human rights, includingthepromotion of gender equality and womens empowerment.The United States and Mongolia are committed to fortifying our societies by empowering civil society organizationsparticularly those focused on youth and gender equalityto ensure the continued effectiveness of our democratic institutions. The United States and Mongolia also promoted increased social accountability to reinforce government responsiveness and noted the vital importance of increasing public participation in the democratic process and announced the signing of a new USAIDMinistry of Finance Development Objective GrantAgreement, valued at up to $25 million, to strengthen democratic governance, promote clean energy, and advance a resilient, diversified, and inclusive economy. Working with Congress, USAID plans to invest an initial $12 million into the agreement this year to support core lines of effort in partnership with Mongolia. USAID is also providing $600,000 in additional support for disaster preparedness programs to build communities resilience todzudsand other hazards.
The United States commended Mongolia for its rigorous agenda to combat corruption through its five key measures. Mongoliaexpressed appreciation for U.S. assistance that has contributed to Mongolias development of effective judicial and law enforcement practices. Both sides noted that since 2018, the United States and Mongolia have effectively cooperated through substantive technical assistances, such as equipment, training, and exchanges for Mongolian criminal justice agencies to improve transparency and combat corruption. The United States and Mongolia are alsoworking to increase cooperation and information sharing between our respective law enforcement agencies to improve border security and address transnational crime, including the trafficking of drugs, humans, cultural property, and wildlife, as well as financial crimes such as money laundering.
The United States and Mongolia noted the importance of fair, equitable, and transparent policies that are representative of our respect for individual freedoms, and reaffirmed their commitment to the freedoms of expression, peaceful assembly,and religion or belief. In line with these commitments,the United States and Mongolia are both members of the Freedom Online Coalition and are working together to globally advance a vision of a free and openInternet.
Maintaining free and open access to information is key to ensuring that democratic principles and institutions endure. As such,both sides welcomed the launch of USAIDs Media and Civil Society Strengthening program, which will build on Mongolias leadership as a democracy in the Indo-Pacific region.The United States and Mongolia are committed to enhancing social accountability mechanisms and improvements in public access to information. The United States emphasized that Mongolias principles supporting the free flow of information promote the countrys independence, sovereignty, and security.
Both sidesalsoreviewed the success of the first-ever Strategic Dialogue betweenthe United States andMongolia in 2022, the continuation ofU.S.-Mongolia-Japan trilateral talks in 2022, and the first-everU.S.-Mongolia-Republic of Korea(ROK)trilateral talks in 2023.These diplomatic engagements are an expression of shared values and our commitment to further strengthen our democratic institutions.
Strengthening Security Cooperation
The United States andMongolia had an open exchange of views on the regional and multilateral issues of mutual interest,and bothcommittedto engage further in strategic security cooperation.The United States and Mongolia are strengthening their Third Neighbor defense cooperation, based on a shared desire for a stable and peaceful Indo-Pacific region, including by working to address non-traditional defense and security challenges.The United States is committed to working with Mongolia to develop and strengthen regional security partnerships and to enhance Mongolias international interoperability, including through the annual, multinational Khaan Quest exercise hosted by theMongolian Armed Forces (MAF).
The United States supports Mongolias long-standing commitment to international Peacekeeping Operations (PKO) and safeguarding human rights and democracy around the world. The United States noted that the MAF has international recognition as a highly qualified, reliable security provider and thankedMongoliafor the MAFs contributions to coalition security efforts in Iraq and Afghanistan that directly benefited the Afghan people, the United States,and U.S. partners and allies.Mongoliahighlighted that the MAF managesaUN-certified, professionally runregionaltraining center capable of conducting pre-deployment training, supporting key UN PKO courses, and executing a multinational peacekeeping exercise.Both sides welcomed enhanced MAF participation in U.S. military education and training opportunities to facilitate MAF development and establish long-term rapport between ourmilitariesleaders.The United States also noted the20 Joint Light Tactical Vehicles that Mongolia will be receiving from the United States in support of Mongolias UN peacekeeping missions.
Both sides recognized the importance of engaging constructively on regional and global security issues of concern. They noted with deep concern the humanitarian consequences of thewarinUkraineandsupport any effort to foster a restoration of a sustainable peace based on international law.Both sides also reiterated their commitment to diplomacy with the Democratic Peoples Republic of Korea (DPRK) as the only viable means of achieving lasting peace on the Korean Peninsula and call on the DPRK to refrain from further violations of UN Security Council Resolutions and return to negotiations.
***
Vice President Harris and Prime Minister Oyun-Erdene share the highest level of confidence that the increasing ties between our two nations will grow even stronger as our people forge ever closer friendships. Together, we will show the world that our strategic Third Neighbor partnership will lead to our nations continued prosperity, peace, and security.
###
Read this article:
Joint Statement on the Strategic Third Neighbor Partnership ... - The White House
10% of expired certificates on the internet pose a security threat – Security Magazine
10% of expired certificates on the internet pose a security threat | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses CookiesBy closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Continued here:
10% of expired certificates on the internet pose a security threat - Security Magazine
The Quantum Leap: Exploring the Potential of Global Quantum … – Fagen wasanni
The Quantum Leap: Exploring the Potential of Global Quantum Cryptography in Internet Security
The Quantum Leap: Exploring the Potential of Global Quantum Cryptography in Internet Security
In the digital age, the security of information has become a paramount concern. With the rise of cyber threats, the need for robust and unbreakable security systems is more pressing than ever. Enter quantum cryptography, a revolutionary technology that promises to redefine the landscape of internet security.
Quantum cryptography leverages the principles of quantum mechanics to secure data transmission, making it virtually impossible for hackers to intercept or tamper with the information. Unlike traditional encryption methods, which rely on complex mathematical algorithms, quantum cryptography uses quantum bits or qubits. These qubits can exist in multiple states at once, thanks to a quantum phenomenon known as superposition. This feature exponentially increases the complexity of the encryption, making it incredibly difficult for unauthorized parties to decode the information.
Moreover, quantum cryptography employs another quantum principle known as entanglement. This means that any change to one qubit will instantaneously affect its entangled pair, regardless of the distance between them. This property allows for the immediate detection of any eavesdropping attempts, further enhancing the security of the data transmission.
The potential of quantum cryptography in internet security is immense. It could provide an unassailable line of defense against cyber threats, protecting sensitive data from financial transactions to national security information. Furthermore, it could safeguard our digital infrastructure, from power grids to communication networks, against potentially devastating cyber-attacks.
However, the global implementation of quantum cryptography is not without its challenges. The technology is still in its nascent stages and requires significant investment in research and development. Additionally, the creation of a global quantum network would necessitate the establishment of quantum repeaters at regular intervals to maintain the strength of the quantum signal over long distances.
There are also concerns about the potential misuse of quantum cryptography. If fallen into the wrong hands, this technology could be used to create unbreakable encryption for illicit activities, making it impossible for law enforcement agencies to intercept and decode criminal communications.
Despite these challenges, the potential benefits of quantum cryptography are too significant to ignore. Several countries, including China and the United States, are already investing heavily in this technology. In 2016, China launched the worlds first quantum satellite, Micius, which successfully demonstrated the feasibility of quantum communication over long distances. Meanwhile, the United States is focusing on the development of quantum computers, which are essential for processing and transmitting quantum information.
In conclusion, quantum cryptography represents a quantum leap in the field of internet security. While there are hurdles to overcome, the potential of this technology to create a secure digital world is undeniable. As we continue to explore and harness the power of quantum mechanics, we may soon witness a new era of internet security, where data breaches and cyber threats become a thing of the past. The journey towards global quantum cryptography is undoubtedly complex, but the destination promises a future of unprecedented digital security.
Visit link:
The Quantum Leap: Exploring the Potential of Global Quantum ... - Fagen wasanni
Internet of Things (IoT) Meets Hand-Held Chemical and Metal … – Fagen wasanni
The Internet of Things (IoT) is revolutionizing various sectors, and the security industry is no exception. The integration of IoT with hand-held chemical and metal detectors is emerging as the next frontier in smart security solutions. This innovative convergence is set to redefine the way we approach safety and security, offering unprecedented levels of efficiency, accuracy, and convenience.
Hand-held chemical and metal detectors have long been a staple in security protocols across various industries. From airports and schools to industrial facilities and public events, these devices play a crucial role in detecting harmful substances and potential threats. However, the advent of IoT technology is taking their functionality to new heights.
IoT, a network of interconnected devices that communicate and exchange data, is transforming these traditional hand-held detectors into smart, connected devices. By integrating IoT technology, these detectors can now transmit real-time data to a centralized system, enabling immediate response to potential threats. This not only enhances the efficiency of security operations but also significantly reduces the risk of human error.
Moreover, the incorporation of IoT into these detectors allows for remote monitoring and control. Security personnel can now manage and operate these devices from a distance, making it possible to cover larger areas and access hard-to-reach places. This feature is particularly beneficial in hazardous environments where human presence might pose a risk.
The fusion of IoT and hand-held detectors also paves the way for predictive analytics. By collecting and analyzing data over time, these smart detectors can identify patterns and predict potential security breaches. This proactive approach to security can help prevent incidents before they occur, ensuring a safer environment.
Furthermore, the integration of IoT technology enhances the versatility of these detectors. They can now be programmed to detect a wider range of substances, from explosives and narcotics to hazardous chemicals. This broadened scope of detection makes these devices an invaluable tool in various sectors, including law enforcement, industrial safety, and environmental monitoring.
However, as with any technological advancement, the integration of IoT into hand-held detectors also presents certain challenges. Data security is a primary concern, as these devices transmit sensitive information over the network. Ensuring the integrity and confidentiality of this data is paramount. Additionally, the complexity of IoT technology might require specialized training for security personnel, adding to the operational costs.
Despite these challenges, the intersection of IoT and hand-held chemical and metal detectors is a promising development in the realm of smart security solutions. It represents a significant leap forward in our ability to detect and respond to potential threats, offering a more proactive, efficient, and comprehensive approach to security.
In conclusion, the fusion of IoT technology with hand-held chemical and metal detectors is pioneering a new era in security solutions. As we continue to explore this intersection, we can expect to see further advancements that will redefine our approach to safety and security. The future of smart security solutions lies in harnessing the power of IoT, transforming traditional security devices into connected, intelligent systems that offer unprecedented levels of protection.
See the rest here:
Internet of Things (IoT) Meets Hand-Held Chemical and Metal ... - Fagen wasanni
How Global IPMI is Shaping the Future of Internet and Technology – Fagen wasanni
Exploring the Impact: How Global IPMI is Shaping the Future of Internet and Technology
The global Internet Protocol Managed Implementations (IPMI) is rapidly transforming the landscape of the internet and technology, heralding a new era of digital innovation. This powerful tool is not only revolutionizing the way we interact with technology but also shaping the future of the internet, making it more efficient, secure, and user-friendly.
IPMI is a set of computer interface specifications that allows for the management and monitoring of computer systems independently of the operating system. This technology is particularly beneficial in data centers and large enterprises where it enables administrators to manage servers and networks remotely, thereby reducing operational costs and improving efficiency.
The global IPMI is playing a pivotal role in the evolution of the internet. It is facilitating the transition from traditional, hardware-based networks to software-defined networks (SDNs), a shift that is expected to redefine the internets architecture. SDNs offer numerous advantages over traditional networks, including greater flexibility, scalability, and cost-effectiveness. They allow network administrators to manage network services through abstraction of lower-level functionality, which simplifies network design and operation.
Moreover, the global IPMI is also contributing to the advancement of cloud computing. By providing remote management capabilities, IPMI allows for the seamless operation of cloud-based services. This is particularly crucial in todays digital age, where businesses are increasingly relying on cloud computing for data storage and processing. With IPMI, businesses can ensure the continuous operation of their cloud services, thereby enhancing their productivity and competitiveness.
In addition to transforming the internets architecture and facilitating cloud computing, the global IPMI is also enhancing internet security. By allowing for remote monitoring and management of computer systems, IPMI enables the early detection and mitigation of cyber threats. This is particularly important in an era where cyber-attacks are becoming increasingly sophisticated and widespread. With IPMI, businesses can protect their digital assets and ensure the integrity of their data.
Furthermore, the global IPMI is also driving the development of the Internet of Things (IoT). By providing a platform for the remote management of devices, IPMI is facilitating the integration of various devices into the internet, thereby enabling the creation of smart homes, smart cities, and smart industries. This is expected to revolutionize our daily lives, making them more convenient and efficient.
In conclusion, the global IPMI is shaping the future of the internet and technology in profound ways. By facilitating the transition to software-defined networks, enhancing internet security, driving the development of the Internet of Things, and enabling the seamless operation of cloud-based services, IPMI is heralding a new era of digital innovation. As this technology continues to evolve, we can expect to see even more transformative changes in the way we interact with the internet and technology. The future of the internet and technology is indeed bright, thanks to the global IPMI.
See the article here:
How Global IPMI is Shaping the Future of Internet and Technology - Fagen wasanni
2023: The Year of Edge Computing – Revolutionizing Internet … – Fagen wasanni
Exploring 2023: The Year of Edge Computing Revolutionizing Internet Performance and Security
As we venture into 2023, the world of technology is set to witness a significant shift with the rise of edge computing. This innovative approach to data processing is poised to revolutionize internet performance and security, marking 2023 as the year of edge computing.
Edge computing, in essence, is a distributed computing paradigm that brings computation and data storage closer to the sources of data. This is done to improve response times and save bandwidth, thereby enhancing the overall performance of the internet. The concept is not entirely new, but its potential has been largely untapped until now. As we move into 2023, the technology industry is gearing up to harness the full power of edge computing.
The primary driver behind this shift is the exponential growth of data. With the proliferation of Internet of Things (IoT) devices, the volume of data generated is increasing at an unprecedented rate. Traditional cloud computing models, where data is sent to a central server for processing, are struggling to keep up. Edge computing offers a solution by processing data at the edge of the network, closer to the source. This reduces latency, improves speed, and enhances the user experience.
Moreover, edge computing is set to revolutionize internet security. In traditional models, data is vulnerable during transmission to the central server. Edge computing mitigates this risk by processing data locally, reducing the amount of data that needs to be transmitted and therefore the potential for interception. This is particularly crucial in an era where data breaches and cyber threats are increasingly common.
The benefits of edge computing are not limited to performance and security. It also has the potential to drive significant cost savings. By reducing the amount of data that needs to be transmitted and stored in the cloud, businesses can save on bandwidth and storage costs. Furthermore, by processing data locally, businesses can make real-time decisions, improving efficiency and productivity.
The rise of edge computing in 2023 is also expected to fuel innovation. By enabling real-time data processing, it opens up new possibilities for applications in areas such as autonomous vehicles, smart cities, and healthcare. For instance, in healthcare, edge computing could enable real-time monitoring and analysis of patient data, leading to faster diagnosis and treatment.
However, the transition to edge computing is not without challenges. It requires significant investment in infrastructure and a shift in mindset from centralized to distributed computing. There are also concerns about data privacy and regulation, as data is processed closer to the user.
Despite these challenges, the momentum behind edge computing is undeniable. Major tech companies are already investing heavily in this area, and a growing number of businesses are recognizing the benefits. As we move into 2023, we can expect to see edge computing move from the periphery to the mainstream, revolutionizing internet performance and security.
In conclusion, 2023 is set to be a pivotal year for edge computing. With its potential to enhance internet performance, bolster security, drive cost savings, and fuel innovation, edge computing is poised to transform the technology landscape. As we navigate this exciting new frontier, one thing is clear: the future of computing lies at the edge.
Excerpt from:
2023: The Year of Edge Computing - Revolutionizing Internet ... - Fagen wasanni
Menlo turns up the HEAT on web browser attacks with new threat prevention suite – CSO Online
Menlo Security has announced the release of HEAT Shield and HEAT Visibility, a new suite of threat prevention products designed to tackle web browser attacks. Generally available now across Menlo Security's global network, HEAT Shield and HEAT Visibility prevent attacks from infiltrating enterprise networks and provide actionable intelligence to help mitigate threats, according to the vendor. Both use AI/machine learning (ML) technology and are built upon Menlo Security's cloud-based Isolation Core, which monitors and analyzes over 400 billion web sessions annually, the firm said.
Evasive threats are growing as threat actors evolve how they deploy phishing and malware attacks, targeting users via web browsers. The traditional approach for web security has focused on the server side of the equation, deploying things such as web application firewalls (WAFs) for the purpose. Commonly deployed security infrastructure can be blind to actions occurring inside the browser and fall short in combating web-based attacks. Attackers have spotted that while the front door has been bolted, there's a window round the back that's been left open, and so are finding ways of exploiting that weakness. Hybrid work models and the shift to SaaS/web-based applications have made browsers a prime target for attackers who use malicious websites and file downloads to breach organizations.
Findings from the Q1 2023 Watchguard Internet Security Report show phishers leveraging novel browser-based social engineering strategies to carry out attacks. Watchguard detected several common malicious domains using a web browser's notification features to do the same social engineering techniques that had once been done via pop-ups. The firm theorized that this is because browsers' relatively new notification capabilities don't have the same protections in place as for pop-ups.
HEAT Shield is built to detect and block phishing attacks before they can infiltrate the enterprise network, Menlo said in a press release. It uses AI-based techniques - including computer vision combined with URL risk scoring and analysis of the web page elements - to determine if a link being accessed is a phishing site designed to steal a user's credentials, according to the vendor. It also leverages Menlo's Isolation Core to power dynamic security policies which can be applied to users based on web session events and behavior to prevent attackers from gaining access to the endpoint.
In parallel, HEAT Visibility performs continual analysis of web traffic and applies AI/ML-powered classifiers that identify the presence of evasive attacks. This delivers actionable alerts that enable security teams to reduce mean time to detect (MTTD) and mean time to respond (MTTR) to threats that could be targeting enterprise users, Menlo said.
A HEAT attack dashboard then allows customers to receive detailed threat intelligence, which can be integrated into their existing SIEM or SOC platforms, while HEAT alerts sent to SOC teams provide threat visibility to enrich threat intelligence sources and enhance/accelerate incident response capabilities, it added.
Web browser attacks are a significant threat for modern organizations for a host of reasons, Poornima DeBolle, chief product officer and co-founder, Menlo, tells CSO. "With the growth of cloud apps, the browser is the new desktop, with users spending an average of 75% of their workday using the web browser."
Given the power embedded within the browser (script execution etc.), it's a tool that threat actors can exploit to maximize the success of their attack campaigns, DeBolle says. "Web content is also an advantage to threat actors as they can use tools such as obfuscation and even CAPTCHA to prevent security solutions from analyzing the content and identifying it as malicious. They unveil the real intent only once it is inside the browser on an endpoint at which time it's too late."
Read the original:
Menlo turns up the HEAT on web browser attacks with new threat prevention suite - CSO Online
Deciphering the AIGC Compliance Blueprint (Part III): Security … – Lexology
1. INTRODUCTION
Pursuant to Article 17 of the Interim Measures for the Management of Generative Artificial Intelligence Services (AIGC Measures), providers offering AI-related services with public opinion nature or capable of social mobilization shall conduct security assessment in line with applicable laws and regulations. With respect to the market entry of AIGC products, security assessment is a pivotal step in ensuring both product compliance and user security. As Part III in a series of articles intended to chart the regulatory course for AIGC and explore its potential trajectory under the current legal advancements, this article aims to dissect the complex nature of security assessment by tracing its historical development and exploring the current landscape. This article will also analyze how to formulate and execute effective security assessment strategies, offering insight into facilitating successful market entry of AIGC products.
2. THE SECURITY ASSESSMENT: VERSION 0.5
In 2017, the Cyberspace Administration of China (CAC) already introduced the regulatory approach of security assessment in the Regulations on the Security Assessment of New Technologies or New applications for Internet-based News Information Services (Double-new Measures). The Double-new Measures stipulates that internet news service providers should conduct security assessment and compile a written security assessment report when (1) applying new technologies, adjusting or adding application functions related to news rendering or bearing the public opinion nature or social mobilization capabilities, or (2) causing changes in user scale, functions, technical implementation methods, basic resource allocation and other aspects which lead to significant changes in news rendering, public opinion nature or social mobilization capabilities. Such service providers must submit the required security assessment report to the CAC or its provincial offices for review. This early form of security assessment is what the industry now refers to as the Double-new Assessment (new technology, new application).
However, under the Double-new Measures, the duty to conduct security assessment is confined to providers of internet news information services, in light of which, the security assessment requirement under the Double-new Measures does not apply to AIGC products which does not concern news information services. We refer to this early form of security assessment as Security Assessment 0.5.
3. THE SECURITY ASSESSMENT: VERSION 1.0
A year after the implementation of the Double-new Measures, the CAC issued the Provisions on the Security Assessment of Internet Information Services with Public Opinion Nature or Social Mobilization Capacity (Public Opinion Provisions). This time, the application scope of security assessment was no longer confined to news information services. According to Article 3 of the Public Opinion Provisions, providers of internet information services shall carry out security assessment under the following circumstances:
* Information services with public opinion nature or social mobilization capacity are implemented online, or corresponding functions are integrated into such online information services.
* There are new technologies or new applications that will cause significant changes in information services functions, technical implementation methods, basic resource allocation, etc., thus leading to major changes in public opinion nature or social mobilization capacity.
* User scale is markedly increasing, resulting in major changes in the public opinion nature or social mobilization capacity of such information services.
* Unlawful or harmful information has been disseminated, which indicates that the existing security measures fall short to effectively prevent and control cybersecurity risks.
* Other circumstances occur where cyberspace administrations or public security bureaus at the prefecture level and above notify in writing that security assessment is required.
In such circumstances, providers of internet information services are obligated to conduct security assessment and submit the security assessment report to the cyberspace administrations or public security bureaus at the prefecture level and above via the National Internet Security Management Service Platform (https://www.beian.gov.cn/portal/index.do). The specific requirements for security assessment can be found in Article 5 of the Public Opinion Provisions.
Additionally, cyberspace administrations or public security bureaus have the authority to initiate on-site inspections based on their evaluations. Generally, providers of internet information services should furnish the designated public security bureau with relevant documents for on-site inspections. Looking from the submission window and on-site inspection bodies, the public security bureau is the primary body responsible for implementing Security Assessment 1.0.
Even though Security Assessment 1.0, by law, is closely related to internet information services characterized by public opinion nature or social mobilization capacity, in practice, interpretation of what qualifies as such services is somewhat expansive, virtually covering all products featuring internet information interaction functionalities or channels. The submission process for Security Assessment 1.0 is very transparent, and businesses simply need to accurately complete the forms and submit their assessment reports under the guidance of the Security Assessment User Manual available on the National Internet Security Management Service Platform. Generally, the review of the security assessment reports, from submission to approval, can be accomplished within a month.
4. THE SECURITY ASSESSMENT: VERSION 2.0DEADLINE
Fast forward to 2023, a year of exceptional growth and development in the field of artificial intelligence. AIGC product developers, primarily those working on large models, are now required to provide comprehensive Double-new Assessment reports to the CAC. Such reports must meet extensive requirements, normally including over a hundred pages of meticulous details, which are quite different from Security Assessment 1.0 reports submitted via the National Internet Security Management Service Platform. Hence, we refer to this as Security Assessment 2.0.
The primary regulatory targets of Security Assessment 2.0 are AIGC developers. Based on our experience and observations, Security Assessment 2.0 differs from Security Assessment 1.0 in the following ways:
Regulatory authorities have been closely monitoring the potential security risks of AIGC products for some time. Back in 2021, the CAC, along with the Ministry of Public Security (MPS), issued directives to strengthen the security assessment of emerging internet technologies and applications, especially those related to voice-centric social media and deepfake technologies. The cited legal basis then was the Public Opinion Provisions. Fast forward two years to today, and we now see significantly enhancements in the rigor of regulatory oversight, with major AIGC product developers currently grappling with the requirements of Security Assessment 2.0.
Interestingly, Security Assessment 2.0 appears to be implemented in practice despite a lack of clear statutory guidance. Pursuant to Article 6 of the draft AIGC Measures, service providers shall declare the security assessment to the CAC before launching any AIGC products to the public per the Public Opinion Provisions. Compared to Security Assessment 1.0, Article 6 of the draft AIGC Measures revise up the regulatory body from the cyberspace administration offices or public security bureaus at the prefecture level and above to the CAC. Hence, it was once perceived as the legal basis for Security Assessment 2.0.
But in the officially released AIGC Measures, the requirements for declaring security assessment to the CAC have been modified. It now states, those providing AIGC services with public opinion nature or social mobilization capacity, security assessment should be conducted according to relevant provisions of the state. This updated, albeit somewhat nebulous, statutory requirement may be interpreted in several ways:
* Possible Interpretation 1. AIGC services with public opinion nature or social mobilization capacity fall under the category of internet information services with public opinion nature or social mobilization capacity. Thus, AIGC service providers should satisfy the relevant requirements set forth in the Public Opinion Provisions, including the submission of Security Assessment 1.0.
* Possible Interpretation 2. The term relevant provisions of the state is not confined to the Public Opinion Provisions. Therefore, AIGC service providers should also comply with other applicable laws and regulations. If other applicable laws and regulations put forward similar security assessment requirements, AIGC service providers should also fulfill their relevant assessment obligations in accordance with such laws and regulations.
In addition, the requirements for security assessment also recur in other AI-related legislations. For instance, providers of algorithmic recommendation services that bear public opinion nature or social mobilization capacity must conduct security assessment. Similarly, providers and technical supporters of deep synthesis services with specific functionalities must also perform security assessment according to relevant laws and regulations. The recurring requirements of security assessment across different legislative frameworks inevitably cause confusion among businesses. Consequently, we cautiously foresee that the CAC may introduce auxiliary regulations or specific assessment guidelines for Security Assessment 2.0 in the future, thereby filling the current legislative gap.
5. THE SECURITY ASSESSMENT: MIIT VERSION
In addition to Security Assessments 0.5, 1.0, and 2.0, all of which were supervised by the cyberspace administration offices or public security bureaus, the Ministry of Industry and Information Technology (MIIT) introduced another variant of security assessment, referred to as the MIIT Version.
The inception of the MIIT Version can be traced back to the Internet New Business Security Assessment Management Measures (Draft for Comments) (the MIIT Measures). It was promulgated by the MIIT in 2017, which requires telecommunications business operators to carry out security assessment - also known as Double-new Assessments - regarding potential cybersecurity threats that their new Internet services may pose. Despite the MIIT Measures not having officially taken effect, the MIIT has subsequently released a succession of industry standards that pertain to the security assessment of new internet technologies and services within the telecommunications sector. This progression has enabled the practical implementation of the MIIT Version of the security assessment:
The MIIT Version of security assessment currently operates under a well-established service procedure, and recognized assessment institutions are available to conduct the process. Notably, the content of the MIIT Version largely intersects with the requirements of Security Assessment 2.0. The extent to which the CAC, MIIT, and MPS will coordinate and harmonize their regulatory scopes and benchmarks in the future remains an open question.
6. CONCLUSIONS
The existing dialogue surrounding security assessment remains ambiguous, leaving businesses in dire need of further clarification and definition from the regulatory authorities. Its indisputable that Security Assessment 2.0 has emerged as the toughest hurdle to cross before AIGC products can enter the market. We would strongly advise businesses that havent commenced preparation to deal with this matter with utmost seriousness. Initiating internal projects at an early stage, dedicating personnel, and enlisting external legal help if needed, could be instrumental in facilitating the smooth market entry of AIGC products.
Read the rest here:
Deciphering the AIGC Compliance Blueprint (Part III): Security ... - Lexology
AI and cyber: everyone, everywhere | Professional Security – JTC Associates Ltd
Check Point Head of Engineering US East, Mark Ostrowski, says AI is rapidly transforming enterprise endeavours. He provides frameworks for thinking about AI as it relates to cybersecurity, delves into how to assess the accuracy of security products, explains recent advancements in AI-powered cyber security tools, and so much more.
How is AI becoming an everyday tool within the cyber security corporate world?
I would answer this question in two different ways. The first way is, from a pure cyber security perspective, AI is a critical component of providing the best threat prevention. Check Point has over 70 engines that give us the ability to have the best prevention in the industry. And almost half of those involve some type of artificial intelligence. But thats not new. Thats something thats been going on for many, many, many years. So thats one aspect.
I think the area in which its become the most interesting, as of recently like from December of last year and onwards is how much generative AI, things like ChatGPT, has moved beyond that gimmick phase. Now, its like how do we incorporate generative AI in our products? Or in our customer service model? Or How do we take that technology and then make what we do better by leveraging this technology? And were seeing it all over the place. Were seeing it, like I mentioned, with getting better customer success, were seeing it in relation to creating more accurate data so that we can deliver a better product. And thats really industry independent. So, thats what I would say are the two things that Ive noticed the most in recent years all the way to the present day.
So, why is data such a core component of any AI technology?
Im not a mathematician or a data scientist, but AI from my perspective was really born from What do we do when we have so much data? Were talking about hundreds of thousands, millions or billions of data points on a daily basis. So, when you start to look at why AI is important, and how math, and how algorithms and how all of the things that were talking about have come about, its because of the vast quantity of data that we have.
The amount of data that we have is really proportional with how lets just take internet security as an exampleten years ago, we had far fewer microphones and cameras, and IoT devices, and then you fast forward a decade and look at how much devices are connected technological advances have occurred. Thats why AI is so important the only way that you can actually process that amount of data is with a better artificial intelligence or machine learning approach.
If organizations are looking at various AI-based security solutions, what kinds of engines should they look for?
Lets just look at cyber security from a pure preventative perspective first. When you look at the industry and hear all of the chatter, everybody is saying that they have AI in their product now, just because thats turned into the buzz, right?
What you need to watch to really break it down is how theyre actually using AI to give better outcomes in the cyber security field. And that kind of goes back to the first question, right? Theres a difference between Im going to build a generative AI model that helps customers search my website to get better data versus how does the company that Im looking to do business with leverage AI that actually gives me better security outcomes? And that actually ties back into the previous question that you asked, around data. So, you factor in the people, take the data, you take the math itself in the machine learning models, and you put that all together when you make a decision around who youre going to put your trust in to get better cyber security outcomes, they really should have all three components of that, delivering something that can prevent an attack.
And we havent even talked about how, after you have the AI and machine learning model start making decisions, you have to have the infrastructure that can actually block the attack itself. So, whether its on your mobile device, whether its on your network, your cloud instance or in your code repository really when you think about this question, its about not only having the best AI and the best data and the best people and the best map, but its also about how can I take that verdict and actually create an outcome that makes my organization safer? So, I think those are critical components of any decision that anybody would make.
How do solutions providers ensure the accuracy and reliability of AI models?
This is a little bit more of a technical question. I think, when we think about artificial intelligence, if you consider how its matured over even just a short period of time, you kind of had basic machine learning models lets take the most common use-case example: Google images, for looking at images. The reason as to why you can go to Google Images and type in whatever you want to type in, and you get 1,000s of responses is because there was a model that was trained to (metaphorically) say, hey, this is what a [strawberry, alien, fill-in-the-blank] looks like. These are the characteristics of it.
So, every time that the model is looking at an image, I can then predict that it is going to be what I had searched for. So, thats kind of the classic machine learning model You establish whats called ground truth, and then from there, you just use the model to perform work thats unsupervised, and in this unsupervised way, create the recognition of particular images. Whats happened over the years is that weve moved from that classic machine learning to deep learning. And then to multiple layers of deep learning, which is neural network capability, which really tries to mimic how our brains work. It makes a lot of decisions in a very quick fashion, and with very high accuracy and precision.
If you look at the maturity of artificial intelligence in the cyber world and the evolution of leveraging this technology, it just gives us the ability to have better outcomes, because were looking at more things, and more layers and able to arrive at more precise outcomes. And again, if you look at ChatGPT, to rewind a bit, think of how much data is being fed into that model to be able to give the responses that we have. That accuracy is because of how much data was put in and because of the accuracy of the actual model is itself. So, all of these things are sort of intertwined and give you that accuracy that people are looking for.
How do research teams and data scientists contribute to the continuous performance and development of AI models?
Im not a data scientist, but when you think about Check Points approach to this weve dedicated a lot of really smart people to our research. So, its not just about hey, I have this great algorithm, and I have all of this data that Im feeding into it, Im going to get this result that Im looking for.
I think that we can look at Check Point Research and how that team has really elevated our ability to provide the best prevention. Theres a human element to AI development. There needs to be constant feedback, there needs to be constant evolution. There needs to be human research, right? Not just the artificial intelligence engines doing the research.
I think that when you tie that all together, it gives you better performance, it gives you better accuracy and more relevant data. Because, at the end of the day, we havent reached the point in our world where machines are taking over, right? So the extent to which research and data scientists are looking at the algorithm, looking at how to process the data, looking at how to enrich the data, taking more and more different areas of telemetry these are things that are being made by very smart people, like data scientists and researchers, and that ultimately gives us the results that were looking for. So, the human dimension of the feedback loop is super important.
Is there anything else that you would like to share?
In summary, weve talked a lot about artificial intelligence, obviously. If you think about it, in a very large scope, AI has really dominated a lot of the conversations in media, as well as in the cyber world and even outside the cyber world. Its amazing how extensive the curiosity has become. Ill get questions from relatives that I never would have thought would murmur the word artificial intelligence, and now, theyre asking Mark, should I be doing this? or Is this a tool that I should be using? And I think thats what makes it most interesting. Its become pervasive, really for everybody, in our everyday lives.
We look at things like Siri and Alexa as these things that are kind of nice to have around the house. But the fact that AI is so deeply rooted in those types of things is something that people need to consider. With the cars that we drive my car is able to recognize traffic patterns and make turns for me those things are possible because of strong artificial intelligence.
AI is not only going to become more and more pervasive, as the technologies get stronger and stronger, but I also think that there should be some recognition around where the limits should be. Thats in the future thats something that will come in later, and I think that well be able to throttle that either negatively or positively as things develop.
One follow-up question: It sounds like you have some concerns around household AI, like Siri and Alexa. Could you perhaps elaborate on that?
Yeah. Lets just use a very simple example. If you think about how powerful generative AI has become in a very short period of time, and you think about, through a pure safety perspective in the social world, having your voice, your images, your information about where you go and where you visit, all of this information is now sort of publicly out there more than its ever been before.
And now, we have this technology that can actually take a lot of that information and in a very short period of time, create something or predict something that perhaps we dont want to be predicted. So I think that from a pure safety perspective, I think those are things that as consumers, as fathers, as mothers, as grandparents, we should really think about how much data do we want to put out there?
Because the reality is that if someone is looking to cause harm or to take advantage, the more data that they have, the more acute and severe the attack could be. I think thats the negative side of this. And I say that because in the cyber world, we always like to consider negative outcomes because were always trying to prevent attacks.
Its not to say that all of it is negative With really good AI comes really good outcomes too, like safer driving. Or medical field advances. We might have advancements in pharmaceuticals that we may never have otherwise imagined.
So, there are many positive outcomes that could come from this. But I think that sometimes we have to take a step back and think about how we can protect ourselves by avoiding distributing data and unintentionally giving threat actors or folks who want to do harm more data than we would like. Thats the concern that I have, especially when I look around at how pervasive AI has become and how much data is out there. Thats where I think that we should maybe throttle back a little bit, until we understand the guardrails that are going to be put forth, ultimately advancing our use of technologies like AI.
Continue reading here:
AI and cyber: everyone, everywhere | Professional Security - JTC Associates Ltd
CERT-In warns users of AI-powered FraudGPT: Stay safe from cyber fraud – The Economic Times
CERT-In, the internet security agency, has issued a warning against FraudGPT, an AI-powered Chatbot that poses a significant risk in the realm of cybersecurity. This cutting-edge tool is being exploited by fraudsters to craft fraudulent content for cyber fraud and criminal activities.The Deceptive Capabilities of FraudGPTFraudGPT has the ability to produce highly authentic-looking phishing emails, text messages, and websites. This makes it difficult for users to discern genuine communications from fraudulent ones, leading to the inadvertent disclosure of sensitive information such as login credentials, financial details, or personal data.Furthermore, the AI-powered chatbot can generate deceptive messages to lure users into clicking on malicious links or downloading infected attachments, exposing them to malware infections. FraudGPT can even simulate human-like conversations, allowing hackers to engage with users and extract sensitive information or carry out harmful actions. Additionally, the tool can be employed to forge documents, invoices, and payment requests, facilitating financial scams.How to protect yourself with CERT-In's tips?To safeguard against the dangers of FraudGPT and other cyber threats, CERT-In recommends the following precautionary measures:
More here:
CERT-In warns users of AI-powered FraudGPT: Stay safe from cyber fraud - The Economic Times