ETSI IoT Week: semantics, experiences and security

Sophia Antipolis, 28 October 2019

ETSI IoT Week 2019 (21-25 October) drew more than 200 attendees to ETSI’s headquarters for what has become a must attend event for anyone who wants to understand the importance of standard-enabled technologies for IoT service deployments, in many different sectors.

Read More...

The Agricultural Industry Electronics Foundation signs MoU with ETSI

Sophia Antipolis, 20 January 2021

On 7 January, the Agricultural Industry Electronics Foundation (AEF) signed a Memorandum for Understanding (MoU) with ETSI.

Read More...

Starts: Thu, 14 Nov 2024 20:00:00 -0500
11/14/2024 06:00:00PM
Location: montreal, Canada

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

Marie Boran is a PhD candidate at the INSIGHT Centre for Data Analytics, the National

موجز:

وجز :

"Sail the Pacific Islands in search of destiny and the demigod Maui in this retelling of Disney Moana. Moana is a spirited teenager who loves the ocean, yet she is forbidden to travel beyond the reef that surrounds her island home of Motunui. But she feels called to something more, and wants to discover who she was meant to be. When darkness begins to consume the island, and nature is out of balance, Moana knows the solution lies beyond the safety of the reef. Following the messages of her ancestors, and with encouragement from the ocean itself, Moana sails into the open sea to find the demigod Maui and right a wrong from his past. Together they face rough waters, monstrous creatures, and the unknown, in a mission to stop the darkness from spreading, and restore life to the islands! Become a master wayfinder in this action-packed story as Moana's love for the sea turns her into a hero among her people, the gods, and the ocean." -- Provided by publisher

Event Begins: Wednesday, November 13, 2024 6:00pm
Location: Electrical Engineering and Computer Science Building
Organized By: Michigan Computer Graphics

At Michigan Computer Graphics (MCG), our goal is to offer all interested campus members a unique platform to explore, learn, discuss, and engage with the various disciplines of computer graphics (CG). You'll have the opportunity to collaborate on exciting projects, develop creative skills, and expand your network within the industry and beyond.

This is MCG's weekly general meeting. Join us for a variety of content and events, including introductory presentations, hands-on projects, and guest speakers!

https://michigancg.org/

Event Begins: Wednesday, November 13, 2024 4:00pm
Location: Palmer Commons
Organized By: DCMB Seminar Series

Abstract: The initial Human Genome Project was a landmark achievement, serving as an essential resource for basic and clinical science, as well as for understanding human history, for over two decades. However, it needs an upgrade due to missing data, inaccurately assembled regions, and its inability to fully represent and identify sequence variants equitably. A single reference map, regardless of its completeness, cannot encapsulate the variation across the human population, leading to biases and ultimately inequity in genomic studies. Recognizing this limitation, the new initiative known as the Human Pangenome Project aims to deliver hundreds of highly accurate and complete genomes. This effort intends to define all bases of each chromosome from telomere to telomere (T2T), ensuring a broader representation of common variants across the human species. Achieving these goals will require the rise of new tools and technology standards for complete genome assemblies and pangenomics, which will have broad and lasting impact on genomic research.

Short bio: Throughout her career, she has developed innovative computational and experimental approaches to advance understanding of centromeric and pericentromeric DNAs. She works at the forefront of genome technologies as part of the T2T and Pangenome initiative to construct genetic and epigenetic maps to expand our understanding of their structure and function. As a group leader, she prioritizes fostering a creative and scientifically rigorous environment that supports inclusivity and diversity within our scientific team. She also prioritizes training that operates at the intersection of science, justice, and equity.

Event Begins: Wednesday, November 13, 2024 3:00pm
Location: West Hall
Organized By: Department of Physics

TBA

Event Begins: Wednesday, November 13, 2024 3:00pm
Location: East Hall
Organized By: Learning Seminar in Algebraic Combinatorics - Department of Mathematics

By what has been shown in previous talks, we have seen that we can show coefficients of the characteristic polynomial of a realizable matroid can be realized via specific computations in the Chow ring of its wonderful compactification. In this talk, we will introduce the notion of Poincare duality algebras, which are graded algebras with a degree function giving an isomorphism from the top degree to the base field that induces a non-degenerate pairing between complementary degrees of the algebra. Furthermore, we will introduce a notion of hard Lefschetz and Hodge-Riemann relations for such algebras. When a Poincare duality algebra satisfies a certain version of these properties, we can show that the log-concavity of its "volume polynomial" is equivalent to the eigenvalues of a symmetric form on the algebra arising from the Hodge-Riemann relations. Because the Hodge-Riemann relations in appropriate degree imply the log-concavity of the coefficients of the characteristic polynomial of the matroid, this framework gives us a program to establish the log-concavity result. Throughout this talk, I will attempt to provide intuition from the case of the Chow rings of smooth projective varieties.

Metrics Matter: Assessing Progress towards Women’s Empowerment in Agriculture and Beyond

The Philippine Institute for Development Studies (PIDS), in partnership with the International Food Policy Research Institute (IFPRI), will hold a public seminar featuring three studies on women empowerment on August 14, 2024, 9:00 AM to 11:30 AM (Asia/Manila) / August 13, 2024, 9:00 PM to 11:30 PM (US/Eastern) at the PIDS Conference Hall and via Zoom. […]

The post Metrics Matter: Assessing Progress towards Women’s Empowerment in Agriculture and Beyond appeared first on IFPRI.

Integrated Proteomics and Metabolomics Reveal Altered Metabolic Regulation of Xanthobacter autotrophicus under Electrochemical Water-Splitting Conditions  ACS Publications

Use of Proteomics for Dietary Reconstruction: A Case Study Using Animal Teeth from Ancient Mesopotamia  ACS Publications

Environmental proteomics as a useful methodology for early-stage detection of stress in anammox engineered systems  ScienceDirect.com

Integrated transcriptomics and proteomics analysis reveals muscle metabolism effects of dietary Ulva lactuca and ulvan lyase supplementation in weaned piglets  Nature.com