Creating good forms is a tricky business encompassing a wide range of disciples (accessibility, usability, security, etc). What's more, the development of bespoke online forms, and their back-end reporting interfaces, can be a huge resource drain for institutional Web teams. This session will tackle these problems by asking 'what do we need to know to make better forms, and how can we better manage form development processes'? As a case study, we will look at how the implementation of a form building and management application has aided the Web team at City University. The session was facilitated by Dan Jackson, City University.

David Supple is manager of the Corporate Web team at the University of Birmingham and manager of the University's Institutional Portal Project. His teams remit is the development of the site to facilitate the e-business and e-learning aims of the institution, and the delivery of a Web-enabled organisational vision. In real terms this means the re-corporatization of the University Web site, through a focussed Web strategy, common infrastructures and templates, centralised hardware, adequate support and a customer focussed internal sales process to help convince users to migrate back to the centre. The Web Team uses mostly Microsoft products (a challenge in itself), with occasional forays into MySQL and Unix just to keep us sane. Over the coming year, David's focus will be on developing a major portal environment for the University, something that has been in planning for almost 2 years now, and he is keen to engage with the HE community on this new type of development to help maximise the potential of this technology. David is also interested in Web strategy in general and the development of organisational structures and processes as they respond to a more electronic view of the world. David Supple gave a plenary talk on Trials, Trips and Tribulations of an Integrated Web Strategy.

Jeff Barr, Amazon Web Services (Senior Manager, Web Services Evangelism) will discuss Amazon's approach to Web-scale computing. Using this new approach, developers can use Amazon's broad line of web services to rapidly and cost-effectively build scalable and flexible Web applications. Jeff will focus on Amazon's newest services, including the Simple Queue Service, the Simple Storage Service, and the Elastic Compute Cloud. The talk will include technical details and an overview of how the services are being used by customers all over the world.

ETSI releases first globally applicable standard for consumer IoT security

Sophia Antipolis, 19 February 2019

The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.

Read More...

ETSI Open Source MANO unveils Release SEVEN, enables more than 20,000 cloud-native applications for NFV environments

Sophia Antipolis, 12 December 2019

Today, the ETSI Open Source MANO group is pleased to unveil its latest release, OSM Release SEVEN. This release brings cloud-native applications to NFV deployments, enabling OSM to on-board over 20,000 pre-existing production-ready Kubernetes applications, with no need of any translation or repackaging. OSM release SEVEN allows you to combine within the same Network Service the flexibility of cloud-native applications with the predictability of traditional virtual and physical network functions (VNFs and PNFs) and all the required advanced networking required to build complex end to end telecom services.

Read More...

ETSI releases a Technical Report on autonomic network management and control applying machine learning and other AI algorithms

Sophia Antipolis, 5 March 2020

The ETSI Technical Committee on Core Network and Interoperability Testing (TC INT) has just released a Technical Report, ETSI TR 103 626, providing a mapping of architectural components for autonomic networking, cognitive networking and self-management. This architecture will serve the self-managing Future Internet.

The ETSI TR 103 626 provides a mapping of architectural components developed in the European Commission (EC) WiSHFUL and ORCA Projects, using the ETSI Generic Autonomic Networking Architecture (GANA) model.

The objective is to illustrate how the ETSI GANA model specified in the ETSI specification TS 103 195-2 can be implemented when using the components developed in these two projects. The Report also shows how the WiSHFUL architecture augmented with virtualization and hardware acceleration techniques can implement the GANA model. This will guide implementers of autonomics components for autonomic networks in their optimization of their GANA implementations.

The TR addresses autonomic decision-making and associated control-loops in wireless network architectures and their associated management and control architectures. The mapping of the architecture also illustrates how to implement self-management functionality in the GANA model for wireless networks, taking into consideration another Report ETSI TR 103 495, where GANA cognitive algorithms for autonomics, such as machine learning and other AI algorithms, can be applied.

New ETSI specification allows single UICC to support the use of multiple applications simultaneously

Sophia Antipolis, 26 October 2022

New specifications released by ETSI will enable multiple subscriptions and identities to exist in the same smartphone handset without needing several SIM cards to be within the device.

The mobile telecom industry has been facing an increasing demand for applications running on mobile devices like banking, payments, transport and identity for some time. These new specifications address this demand by adding the possibility to host and address several "virtual secure elements" into the same UICC. This allows multiple virtual secure elements to coexist logically separated, whilst having the ability to be addressed independently through the same physical interface.

Read More...

Sophia Antipolis, 22 June 2023

ETSI has just released a new White Paper on “MEC Support for Edge Native Design” written by members of the ETSI Multi-access Edge Computing group (ISG MEC). This White Paper provides an overview and vision about the Edge Native approach, as a natural evolution of Cloud Native. 

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

TORONTO – The Ontario Securities Commission (OSC) is inviting applications for membership on its Registrant Advisory Committee (RAC or the Committee).

TORONTO – The Capital Markets Tribunal is seeking applications for membership to the Securities Proceedings Advisory Committee (SPAC).

"When local park fixture (and spy-master) Pops gets squirrel-napped, it's up to Norma, Belly, and their friend little B to save him!" -- Provided by publisher.

Integrated transcriptomics and proteomics analysis reveals muscle metabolism effects of dietary Ulva lactuca and ulvan lyase supplementation in weaned piglets  Nature.com

Micropillar arrays, wide window acquisition and AI-based data analysis improve comprehensiveness in multiple proteomic applications  Nature.com

Application of Proteomics in Cancer: Recent Trends and Approaches for Biomarkers Discovery  Frontiers

In alignment with its ongoing commitment to bringing equity and inclusion to all aspects of its decision-making, the Chicago Transit Authority (CTA) announced today it will be seeking new applicants to join the agency’s Americans with Disabilities Act (ADA) Advisory Committee.

Planet Money's Supply Chain Holiday Extravaganza Did the supply chain wreck your holiday shopping? Planet Money comes to the rescue. | Subscribe to our weekly newsletter here.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Two stories about people trying to overcome supply chain challenges. We follow a ship that is forced to get creative to bypass clogged ports, and we visit a warehouse that is running out of space. | Subscribe to our weekly newsletter here.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Today on the show, how we got from mealy, nasty apples to apples that taste delicious. The story starts with a breeder who discovered a miracle apple. But discovering that apple wasn't enough.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Back in the 90s, Ivan Lozano Ortega was in charge of Bogota's wildlife rescue center. And he kept getting calls from the airport to come deal with... frogs. Hundreds of brightly colored, poisonous frogs.

Ivan had stumbled upon the poisonous frog black market. Tens of thousands of frogs were being poached out of the Colombian rainforest and sold to collectors all around the world by smugglers. And it put these endangered frogs at risk of going extinct.

Today on the show, how Ivan tried to put an end to the poison frog black market, by breeding and selling frogs legally. And he learns that it's not so easy to get a frog out of hot water.

This episode was hosted by Stan Alcorn and Sarah Gonzalez, and co-reported and written with Charlotte de Beauvoir. It was produced by Willa Rubin with help from Emma Peaslee. It was edited by Jess Jiang. It was fact-checked by Sierra Juarez. It was engineered by Josh Newell. Alex Goldmark is our executive producer.

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Around the world, democratic ideals are being tested in surprising ways. As the curtains rise on a big election year, TED speakers explore what can keep people united and what drives them apart. Guests include journalist and Broadway producer Jose Antonio Vargas, civil war expert Barbara Walter, and political scientist Yascha Mounk.

TED Radio Hour+ subscribers now get access to bonus episodes, with more ideas from TED speakers and a behind the scenes look with our producers. A Plus subscription also lets you listen to regular episodes (like this one!) without sponsors. Sign-up at: plus.npr.org/ted

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Toronto, ON – University of Toronto Professor Giovanni Grasselli, of the Department of Civil Engineering, has been named the inaugural holder of the Foundation CMG Industrial Research Chair in Fundamental Petroleum Rock Physics and Rock Mechanics. Professor Grasselli is joining 12 chairs at 12 universities, including Penn State and the University of Texas in Austin, […]

Toronto, ON — A new study from the University of Toronto’s Citizen Lab identifies security and privacy issues in QQ Browser, a mobile browser produced by China-based Internet giant Tencent, which may put many millions of users of the application at risk of serious compromise. Citizen Lab researchers identified problems in both the Android and […]

Apple leaders need deep expertise, immersion in details, and collaborative debate.