On-Demand Webinar >   Watch Now!>>SPONSORED BY: Juniper NetworksWatch this FREE on-demand webinar to learn how you and your company can get started down the road to reach the pinnacle ...

As the recent spread of West Nile virus and the anthrax scare of 2001 dramatically illustrate, America faces a variety of new health challenges in the 21st century, along with a number of persistent problems, such as racial disparities in health status and care delivery.

While every mode of transportation in the U.S. will be affected as the climate changes, potentially the greatest impact on transportation systems will be flooding of roads, railways, transit systems, and airport runways in coastal areas because of rising sea levels and surges brought on by more intense storms, says a new report from the National Research Council.

The National Academy of Engineering today announced the winners of its 2018 EngineerGirl essay competition.

A new report from the National Academies of Sciences, Engineering, and Medicine says that enhancements to the geodetic infrastructure are needed to answer important questions about sea level rise, water resources, geological hazards, and more over the next decade.

To continue earth sciences’ rapid pace of discovery, the National Science Foundation’s Division of Earth Science (EAR) should invest in new initiatives, partnerships, and infrastructure to answer priority research questions in the next decade, according to a new report from the National Academies of Sciences, Engineering, and Medicine.

Climate change and its extremes — higher temperatures, rising sea levels, more intense hurricanes — pose a variety of threats to U.S. infrastructure. In a June discussion, NAE President John Anderson and former USACE Chief Engineer Thomas Bostick explored these hazards and how the nation can respond.

Congress should consider requiring all projects that are candidates for federal funding undergo resilience assessments to account for natural hazards and the changing risks stemming from climate change.

The recently passed Infrastructure Investment and Jobs Act presents a unique opportunity for the U.S. to improve its transportation, water, communication, and energy systems.

The recently passed bipartisan infrastructure law is poised to enable nationwide investments in roads, bridges, broadband, and more. A new National Academies initiative aims to help states, regions, and communities coordinate their investments and maximize the benefits.

“Earlier, there used to be the largest companies who were there to solve the customers’ problems. But now there are hundreds of startups that are coming up. We need to make sure we work together with them and build an ecosystem with them. We share with them our issues, and they come back and build the products with us together. And then we help them scale,” he said.

BT Compute brings you a choice of data centre and expert services that enable you to deliver applications and services where and when you need them -- Global services delivered locally. Our hybrid cloud services blend intelligent network and compute resources giving you the IT infrastructure you need to adapt, quickly and cost effectively.

The survey indicates that 57% of CEOs believe stakeholder expectations on ESG are evolving faster than they can adjust their strategies, with more than half concerned that inadequate climate adaptation could negatively impact growth in the short to medium term.

By adjusting global cybersecurity tools and strategies to fit Indian requirements, distributors help companies of all sizes -- small businesses to large corporations -- adopt security solutions that are practical, effective, and scaled appropriately for their environments.

A proposed series of U.S. Environmental Protection Agency (EPA) regulations that set maximum contaminant levels (MCLs) for per- and polyfluoroalkyl substances (PFAS) and other so-called ‘GenX chemicals’ are set to go into effect in the fall.

Award-winning data center, cloud, and digital infrastructure leader, Bill Kleyman is announced to Hyperview advisory board

Group's Resources Can Be Used to Maximize Impact

Forest James is lauded for his leadership expertise with EnerTribe Inc. and Earthprint Technologies

Katherine Doerr is the chief executive officer and founder of Goldfinch LLC

Pradeep Kumar assists several vital railroad projects across the United States and holds various leadership roles to implement operation and revenue services into the transit system

Diane H. Cowin, NACD.DC, is an expert in growth markets and environmental and social governance

Rothstein Publishing Wins 2 Top Books of the Year by ASIS International

James Emil Chance is a critical infrastructure compliance specialist at Pedernales Electric Cooperative Inc.

Manas Talukdar is a leading industry expert in artificial intelligence and data infrastructure, currently director of engineering at Labelbox Inc.

THNDR's game-changing wagering platform and API is reimagining competitive gaming on bitcoin.

Ashwin Poojary serves as the director of site reliability engineering and development operations at NVIDIA Corp.

Is Blockchain the hero of the villain?

With the announcement of the Build Back Better Framework, the Great Lakes and St. Lawrence Cities Initiative is urging Congress to take immediate action on both the bipartisan infrastructure bill and the Build Back Better reconciliation package

Challenges and Opportunities in the EV Charging Infrastructure Landscape

  Cryptic Studios is an industry leader in the development of free-to-play massively multiplayer role-playing games on PC and console including Champions Online, Star Trek Online, and Neverwinter.  We bring these popular properties to life with innovative gameplay mechanics, gorgeous graphics, and impressive sound to create an engaging and immersive player experience. We have fully embraced a flexible work policy that allows options for onsite work in our Los Gatos, CA studio or fully remotely from anywhere throughout the US. Come and join us! Cryptic Studios is currently seeking a Staff Infrastructure Software Engineer. The creation and operation of massive multiplayer online games requires a wide range of innovative technologies. As an Infrastructure Software Engineer, you can contribute to advancing the state of the art in back-end systems for online games.   Every day you could be * Working in a team of very talented software engineers to architect, build and maintain exceptional game play systems. * Analyzing game systems to improve game play experiences for players. * Working with operations staff to design and implement new features that will improve the reliability and efficiency of operating Cryptic's games. * Working with game development teams and game engine teams to bring their ideas to live in high performance back-end systems. * Analyzing performance of key systems and refactoring or re-implementing them to perform and scale better under load. * Working in a custom, state of the art, client-server game engine and tool suite. * Developing and extending systems to meet the ever-changing needs of a massively multiplayer online game. * Upgrading our workflows to improve team productivity and enhance content for customers. * Researching and introducing new technologies to all engineers and management.   Systems you might work on * Core components of Cryptic's game server architecture, ranging from gameplay servers, to social systems (such as friends management, chat, and teaming) to economic systems (such as auction). * Integration with platforms such as Xbox Live, PlayStation Network, and Steam. * Entitlement management systems, ranging from designing micro-transactions, through the purchase flows, to tracking and reporting on game monetization. * Management tools for Cryptic's private server cloud, ranging from deployment tools to operational telemetry. * Asset management ranging from internal tracking of game assets to large scale cloud deployment of the game to customers. * Cryptic's custom built NoSQL object database that optimizes for write-mostly, read-rarely use patterns.   What we need to see * 5+ years of experience programming and debugging. * 1+ year of professional experience programming and debugging with C/C++. * Solid understanding of pointers and memory management. * Working knowledge of asynchronous systems such as multi-threaded or multi-process systems. * Ability to work comfortably within a large pre-existing code base * A passion for delivering great work. * Clear and concise communication skills. * Bachelor's degree in Computer Science or related field (or equivalent experience). * Must be eligible to work in the United States.   What we’d like to see * 2+ years of experience with networking, including sockets, ports, firewalls, packet capture, etc. * Familiarity with web services mechanics such as REST, JSON-RPC, etc. * In-depth knowledge of and experience with games. * Experience in the video game industry and with MMO’s is a huge plus!   C/C++ Programming * Cryptic’s software engineers work almost exclusively in a high performance, cross-platform C/C++ code base.  In addition to problem solving skills, this job requires a high degree of proficiency with pointers, memory management, and performance optimization. The interview process will be testing you for these skills. (Java, C# and other high-level languages will not be utilized in this job.)   What Cryptic Offers * Remote Work Options - Anywhere Within The US * A fun tight-knit team where your contributions will have a major impact * Full-Time role * Paid Holiday, Sick Time & Paid Time off * Health Insurance & Perks: Medical, Dental, Vision * Company social events  * Pet-Friendly Environment      

In a recent broadcast, Vladimir Solovyov, a Russian state TV host and known ally of Russian President Vladimir Putin, called for the destruction of America's critical infrastructure if the United States tries to give Moscow "any kind of an ultimatum" in the ongoing Russia-Ukraine war.

ETSI Secures Critical Infrastructures against Cyber Quantum Attacks with new TETRA Algorithms

Sophia Antipolis, 8 November 2022

With the world facing growing challenges including the war in Europe and a global energy crisis, it is essential that the mission- and business-critical communications networks used by the public safety, critical infrastructure and utilities sectors (including transportation, electricity, natural gas and water plants) are secured against third-party attacks, to protect communications and sensitive data. With more than 120 countries using dedicated TETRA (Terrestrial Trunked Radio) networks for these critical services, work has been undertaken to ensure the ETSI TETRA technology standard remains robust in the face of evolving threats.

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

Using a representative sample of irrigation schemes, the study documents the physical, knowledge, and governance infrastructures of irrigation schemes in Ethiopia’s most intensively used river basin, the Awash. The findings show that about 20 percent of the equipped area of irrigation schemes in the basin is not being irrigated, while the number of actual beneficiaries […] Source: IFPRI Ethiopia: Ethiopia Strategy Support Program

Pure Water LA/Operation Next would increase the resiliency of drinking water supplies to future costs, earthquakes and climate-induced drought.

The ordinance includes all new construction, except for building additions and remodeling projects. Developers, builders, and owners of new structures must find alternatives to natural gas.

This product is optimized for pump, fan, and compressor applications in industries such as water/wastewater, HVACR, and more.

A ban on the installation of natural gas infrastructure in new buildings is coming soon to a town near you, and the local HVAC industry needs to be prepared — or maybe not.

The U.S. District Court of Appeals for the Ninth Circuit recently turned down the city of Berkeley’s request for another hearing in the case brought by the California Restaurant Association (CRA), which had challenged the ban.

With more than a trillion dollars designated from the Infrastructure Investment and Jobs Act (IIJA) starting to hit the wider economic field, HVAC contractors and the utility industry should be aware of how to cash in.

Posted by Daniel Augusto Veronezi Salvador on Nov 12

The decision is a win for the California Restaurant Association, which challenged the ban that took effect in 2020. The city has not decided whether to appeal.

Robert Blumen talks to Jon Gifford of Loggly about logging and logging infrastructure. Topics include logging defined, purposes of logging, uses of logging in understanding the run-time behavior of programs, who produces logs, who consumes logs and for what reasons, software as the consumer of logs, log formats (structured versus free form), log meta-data, logging […]

Kief Morris talks to Sven Johann about Infrastructure as Code and why it is important in the “Cloud Age”. Kief talks about the practices and benefits and why you should treat your servers as cattles, not pets.

Yevgeniy Brikman, author of Terraform: Up & Running: Writing Infrastructure as Code and co-founder of Gruntwork talks with host Robert Blumen about how to apply best practices from software engineering to the development of infrastructure as code...

Luke Hoban, CTO of Pulumi, joined host Jeff Doolittle for a conversation about infrastructure as code (IAC), which allows software development teams to configure and control their cloud infrastructure assets using code in contrast to other approaches...

Rob Hirschfeld CEO of RackN discusses Bare Metal as a Service. Host Brijesh Ammanath spoke with Hirschfeld about all things bare metal. Hirschfeld starts with the basics before doing a deep dive into bare metal configuring, provisioning, common failures..

Jaxon Repp of HarperDB speaks with Brijesh Ammanath about distributed data infrastructure, including what it is and why it's important. They discuss the key factors that make distributed data infrastructure attractive, as well as challenges to implementing it. The episode explores the architecture and design principles, the key security considerations, and the transition factors for distributed data Infrastructure. Brought to you by IEEE Computer Society and IEEE Software.