ETSI releases cybersecurity specification to secure sensitive functions in a virtualized environment

Sophia Antipolis, 6 February 2019

The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 457, that tackles the challenge of secure storage - where organizations want to protect customer data whilst still using a cloud that is not under their direct control.

Read More...

22^nd Global Standards Collaboration meeting convenes world’s leading standards bodies in Montreux, Switzerland

Sophia Antipolis, 28 March 2019

The 22nd meeting of the Global Standards Collaboration (GSC), a high-level gathering of the world’s leading information and communication technologies (ICT) standards organizations, took place from 26-27 March 2019, hosted by IEC (International Electrotechnical Commission) and ISO (International Organization for Standardization) in Montreux, Switzerland.  GSC members shared their priorities and focused on Smart Sustainable Cities and AI (Artificial Intelligence). 

Read More...

COAI and ETSI sign MoU to foster a closer co-operation on Telecom Standardization

New Delhi & Sophia Antipolis, 13 May 2019

Acknowledging the role of standards, especially in the context of emerging technologies and technologies of the future and the need to collaborate and work in partnership with different types of organizations around the world, COAI, the apex industry association representing leading Telecom, Internet, Technology and Digital Services companies and ETSI, a leading standardization organization for Information and Communication Technology (ICT) standards fulfilling European and global market needs announced to come together once again to work and collaborate on areas of mutual interest.

Read More...

AIOTI, ISO/IEC JTC1, ETSI, oneM2M and W3C Collaborate on Two Joint White Papers on Semantic Interoperability Targeting Developers and Standardization Engineers

Cross-organization expert group works together on accelerating adoption of semantic technologies in IoT.

AIOTI today announced its collaborative role in the publication of two joint white papers on semantic interoperability entitled Semantic IoT Solutions - A Developer Perspective and Towards semantic interoperability standards based on ontologies in conjunction with organizations closely tied to the advancement of the IoT ecosystem.

Read More...

ETSI standardizes new Secure Platform to address IoT, 5G, and security sensitive sectors

Sophia Antipolis, 18 November 2019

Trust and privacy together with cost and flexibility are key to security solutions for many applications in today’s digital world. To address this challenge, ETSI Technical Committee Smart Card Platform, who standardized the former generations of SIM cards, has been working on a brand-new security platform called Smart Secure Platform (SSP). The ETSI committee is pleased to unveil the first three technical specifications to launch this new security platform.

Read More...

ETSI OSM organizes its first fully remote Hackfest with a record number of participants

Sophia Antipolis, 16 March 2020

These are special times where many face-to-face meetings are being postponed or canceled. But when the going gets tough, the tough gets going and ETSI OSM opted for reorganizing its Hackfest, originally planned as a physical event in Madrid from 9 to 12 March 2020, as a fully remote event. What originally seemed a huge challenge due to the hands-on approach and the high level of interaction required in a Hackfest, proved possible in a record time thanks to the outstanding engagement of the OSM community and the means provided by ETSI, making this Hackfest one of the best attended ever. The 4 days of Hackfest were run in parallel with the OSM Mid-Release EIGHT meeting and the OSM Ecosystem Day, also held remotely. 

Read More...

New ETSI group to develop standardization framework for secure smartphone-based proximity tracing systems, helping to break COVID-19 transmission chains

Sophia Antipolis, 12 May 2020

In response to the global coronavirus pandemic, the new ETSI Industry Specification Group “Europe for Privacy-Preserving Pandemic Protection” (ISG E4P) has been established to provide a standardization framework that will enable developers to build interoperable mobile apps for proximity detection and anonymous identification.

Read More...

New ETSI white paper: Harmonizing standards for edge computing, a synergized architecture leveraging ETSI ISG MEC and 3GPP specifications

Sophia Antipolis, 27 July 2020

Members and officials of the ETSI Multi-access Edge Computing group and the 3GPP SA WG6 have just published a new white paper which aims to harmonize standards for edge computing. The white paper highlights the role of standards for edge when edge computing is deployed in conjunction with mobile networks. It also reviews the leading efforts in the industry and introduces a synergized architecture which leverages the ETSI ISG MEC and 3GPP specifications. This paper highlights the value proposition of different standards streams and how those standards may be combined when it comes to deployments. Some deployment options are discussed.

Read More...

SESAR Deployment Manager signs MoU with ETSI for European Air Traffic Management modernization

Sophia Antipolis, 27 July 2020

SESAR Deployment Manager (SDM) has recently signed an MoU with ETSI, namely to participate to the ETSI technical group making standards for aeronautics (TG AERO). SESAR aims at the modernization of Europe’s Air Traffic Management (ATM), crucial for the sustainability of European aviation and the forecasted increase in air traffic by 2035 (pre covid-19 forcast). SDM synchronizes and coordinates the deployment of common projects, translating the regulatory requirements to the industry.

Read More...

ETSI unveils NFV&MEC 2020 Interoperability Report:
Strong focus on Containerized and 5G Network Services

Sophia Antipolis, 22 September 2020

ETSI is pleased to release the report of its NFV&MEC Plugtests^TM  event that took place remotely in June 2020. After several weeks of remote integration and pre-testing, the event offered NFV and MEC solution providers as well as open source communities an opportunity to discuss and solve interoperability challenges while validating their implementation of NFV and MEC specifications and APIs.

Read More...

ETSI webinar on Standardization for EU competitiveness in a digital decade

Register now!

Sophia Antipolis, 6 October 2020

ETSI and KREAB invite you to a high-level virtual debate on 28 October to discuss and share your ideas on a standardization strategy to stimulate EU competitiveness in the digital economy.

Read More...

ETSI virtual conference on boosting the impact of research & innovation through standardization

Sophia Antipolis, 6 November 2020

Standardized commercial products and services substantially contribute to the overall global economy and quality of life of citizens around the world.

Join ETSI and TelecomTV for a two-day virtual conference focused on the Research Innovation Standards Ecosystem and Research Opportunities in Standards.

The virtual event will take place on 24 and 25 November, and each of the two days will comprise multiple sessions, including presentations and panel discussions followed by LIVE Q&A sessions where you'll be able to interact and ask your questions to the experts.

Read More...

ETSI releases Technical Report on Citizen Requirements for Smart Cities

Sophia Antipolis, 9 November 2020

The ETSI Human Factors Technical Committee has released ETSI TR 103 455, a Technical Report that assesses the different citizen-related issues that smart city-related standardization in the ICT domain needs to address. These include fundamental aspects such as accessibility, usability, interoperability, personal data protection and security, and how services to citizens are to be designed to maximize benefits to the community. The study gives an overview of existing ETSI and other SDOs standards in that field, including ETSI community indicators. It aligns well with the UN Sustainable Development Goal 11 "Make cities inclusive, safe, resilient and sustainable".

Read More...

Open Source MANO Release NINE fulfils ETSI's zero-touch automation vision, ready for MEC and O-RAN use cases

Sophia Antipolis, 18 December 2020

ETSI is pleased to announce the launch of OSM Release NINE today. With an array of new features, this Release completes the alignment process with ETSI NFV specifications, culminating in native adoption of ETSI GS NFV-SOL006 for network functions and service modelling. Standardizing the onboarding process for VNFs into OSM fosters interoperability and boosts the growth of OSM’s VNF ecosystem. Release NINE coincides with the announcement of a new production deployment, confirming OSM as the most comprehensive open-source NFV orchestrator and a key enabler for zero-touch end-to-end network and service automation.

Read More...

Highlights of the Cybersecurity Standardization Conference

Sophia Antipolis, 5 February 2021

The European Standards Organizations, CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organize its annual conference virtually this year. The event, which took place from 2 to 4 February, attracted over 2000 participants from the EU and from around the world.

Read More...

Standardization conference explores EU cybersecurity legislation

Sophia Antipolis, 16 March 2022

On 15 March, the European Standards Organizations (ESOs), CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organize their 6^th annual conference. The virtual conference focused on ‘European Standardization in support of the EU cybersecurity legislation’ and attracted over 900 attendees from the EU and from around the world.

Read More...

ETSI provides lectures to the University of Luxembourg on standardization for their Master’s course

Sophia Antipolis, 1 June 2022

Continuing our role in encouraging the new generation of standards people, ETSI has recently provided online lectures to the University of Luxembourg. A series of 6 presentations for students following the MTECH Master degree project "Technopreneurship: mastering smart ICT, standardization and digital trust for enabling next generation of ICT solutions". The first post-graduates from this course will receive their degrees at the end of 2022.

Read More...

ETSI organizes the first TeraFlowSDN Hackfest during Network X in Amsterdam

Sophia Antipolis, 21 October 2022

ETSI organized the first TeraFlowSDN Hackfest during the Network X event in Amsterdam, Netherlands, on 20 October. With the support of the European Commission (EC) and the European Free Trade Association (EFTA) the Hackfest brought together 25 developers eager to get a first hands-one experience with the software developed by TeraFlowSDN, the open source group created by ETSI in May this year.

Read More...

ETSI signs MoU with the French organization for railway standardization

Sophia Antipolis, 24 October 2022

ETSI and the Bureau de normalisation ferroviaire (BNF), the French organization for railway standardization, have just signed a Memorandum of Understanding to structure and strengthen their relationship.

Read More...

ETSI launches a new group on Terahertz, a candidate technology for 6G

Sophia Antipolis, 12 December 2022

On 8 December the newly launched ETSI Industry Specification Group on Terahertz (ISG THz) held its kick-off meeting and decided on work priorities for this candidate technology for 6G.

“ISG THz provides an opportunity for ETSI members to coordinate their pre-standards research efforts on THz technology across various European collaborative projects, extended with relevant global initiatives, a move towards paving the way for future standardization of the technology,” outlines Thomas Kürner, Chair of ISG THz.

Read More...

A successful European Standardization System

Sophia Antipolis, 20 December 2022

The European standardization system is a global success story. After the release of the European Standardization Strategy in 2022, it became clear that the work of standardization was growing in its role as an integral tool of the European Single Market.

Read More...

BILBAO, Spain—Open Source Summit Europe, 19 September 2023

The Linux Foundation, the nonprofit organization focused on fostering innovation through open source, and ETSI, the independent organization providing global standards for ICT services across all sectors of industry, today announced expanded collaboration. While the two organizations have been working together for years, the 2019 formal Memorandum of Understanding (MOU)  recently has been updated and expanded.

Read More...

Sophia Antipolis, 5 October 2023

ETSI is pleased to announce the extension of its Zero touch network and Service Management group (ISG ZSM) for an additional 2 year-period.

Read More...

Sophia Antipolis, 30 November 2023

ETSI proudly announces its commitment to fostering the education and skills development of the next generation of European standardization professionals. This initiative is part of a voluntary pledge which ETSI’s Director-General Luis Jorge Romero signed today in Brussels in the presence of the Commissioner for Internal Market of the European Union, Thierry Breton. It was launched by the European Commission’s High-Level Forum on European Standardization, specifically under the workstream on Education and Skills.

Read More...

Sophia Antipolis, 13 February 2024

Sharing intelligence: ETSI AI Conference highlights role of standardization in supporting ICT industry transformation.

Held at ETSI’s Sophia Antipolis headquarters from 5-7 February, the event welcomed close to 200 participants from 25+ countries, with featured speakers including AI experts from government agencies, standards bodies, academia and industry.

Artificial Intelligence/Machine Learning (AI/ML) technologies are enabling disruptive new applications across a wide range of digital products and services. Reviewing the current status of AI developments worldwide, the Conference explored the role of standardization in ETSI and other SDOs to support the development of a robust market for safe, lawful AI applications and services within the framework of European policymaking.

Read More...

Sophia Antipolis, 8 March 2024 

On 5 March, the European Standardization Organizations (ESOs), CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organize their 8th Cybersecurity Standardization Conference.

Read More...

Sophia Antipolis, 05 April 2024

ETSI is pleased to announce the release of the first two Group Reports developed by its Terahertz Industry Specification Group (ISG THz). They are addressing key elements in this initial phase of the pre-standardization works for THz communications: the use-cases and the spectrum. The role of ETSI ISG THz is to develop an environment where various actors from the academia, research centres, industry can share, in a consensus-driven way, their pre-standardization efforts on THz technology resulting from various collaborative research projects and global initiatives, paving the way towards future standardization. Complementing the work of other ETSI Technical Bodies and other SDOs, the group concentrates on establishing the technical foundation for the development and standardization of THz communications.

Read More...

Sophia Antipolis, 15 April 2024

This year’s first ETSI Conference on Non-Terrestrial Networks has stressed the importance of technical standardization in delivering a fully connected planet via NTN, a key element of tomorrow’s global 6G networks.

Held from 3-4 April 2024 at ETSI’s Sophia Antipolis headquarters, the event was co-organized with the European Space Agency (ESA), the 6G Smart Networks and Services Industry Association (6G-IA) and the Smart Networks and Services Joint Undertaking (SNS JU).

Titled ‘Non-Terrestrial Networks, a Native Component of 6G’, the 2-day conference attracted over 200 participants from 25 countries, including experts in standardization and research as well as industrial representation from the mobile, satellite and wider space industries. Delegates shared perspectives on NTN use cases, candidate technology solutions, current research status and standardization roadmaps. Day one sessions focused on the opportunities and challenges of integrating terrestrial and non-terrestrial networks within tomorrow’s global communications landscape. The second day afforded a deep dive into numerous cutting-edge NTN and 6G research & development initiatives in Europe and around the world.

Read More...

New essay, "Jazz and the African American Literary Tradition," by Gerald Early, Merle Kling Professor of Modern Letters at Washington University in St. Louis, added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

"Humanity pushes back! The Survey Corps develops a risky gambit— have Eren in Titan form attempt to repair Wall Rose, reclaiming human territory from the monsters for the first time in a century. But Titan-Eren's self-control is far from perfect, and when he goes on a rampage, not even Armin can stop him! With the survival of humanity on his massive shoulders, will Eren be able to return to his senses, or will he lose himself forever?"-- Page [4] of cover.

Kyle Barnes has been plagued by demonic possession all his life and now he needs answers. Unfortunately, what he uncovers along the way could bring about the end of life on Earth as we know it.

"Nothing about Saitama passes the eyeball test when it comes to superheroes, from his lifeless expression to his bald head to his unimpressive physique. However, this average-looking guy has a not-so-average problem— he just can't seem to find an opponent strong enough to take on! An emergency summons gathers Class S heroes at headquarters … and Saitama tags along. There, they learn that the great seer Shibabawa left the following prophecy: "The Earth is in danger!" What in the world is going to happen?!" -- Description provided by publisher.

Nothing about Saitama passes the eyeball test when it comes to superheroes, from his lifeless expression to his bald head to his unimpressive physique. However, this average-looking guy has a not-so-average problem-he just can't seem to find an opponent strong enough to take on! When aliens invade Earth, a group of Class-S heroes finally finds a way to fight back and go on the offensive. Inside the enemy mother ship, Saitama fights Boros. Faced with the alien's frightful power, he decides to get serious! What is the Earth's fate?!

"Hero hunter Gato intensifies his onslaught, so of course Saitama decides now is the perfect time to join a combat tournament. Meanwhile, Class-S hero Metal Bat takes an assignment guarding a Hero Association executive and his son, and before long trouble appears!" -- Description provided by publisher.

"Kyle is faced with the most emotional exorcism he's performed yet … as he begins to learn more about his abilities and what's really happening around him. The pieces are starting to fall into place as secrets are revealed that will change everything." -- Description provided by publisher.