Security News

The TSA has announced updates to its Security Directive to strengthen the operational resilience of oil and natural gas pipeline owners and operators against cyber-attacks. In this Help Net Security video, Chris Warner, OT Senior Security Consultant at GuidePoint Security, discusses how these newly introduced provisions mandate pipeline owners and operators to proactively enhance their systems' security and protect against potential cybersecurity threats in the oil and natural gas sector.

The National Institute of Standards and Technology released a discussion draft for possible Cybersecurity Framework changes earlier this year. The proposed changes aim to help increase the CSF's clarity and bring the updated version closer to national and international cybersecurity standards and practices.

The EU General Data Protection Regulation is a comprehensive set of rules designed to keep the personal data of all EU citizens collected by any organization, enterprise or business safe from...

AI professionals are still facing some very real challenges in democratizing data, much less AI (much less Generative AI), across their organizations, according to Dataiku. While the global survey...

In March, the U.K. government released a white paper promoting the country as a place to "Turbocharge growth" in AI. According to the white paper, 500,000 people in the U.K. are employed in the AI industry, and AI contributed £3.7 billion to the national economy in 2022. In response, on July 18, the independent research body Ada Lovelace Institute, in a lengthy report, called for a more "Robust domestic policy" in order to regulate AI through legislation that clarifies and organizes the U.K.'s effort to promote AI as an industry.

In this Help Net Security interview, Nadir Izrael, co-founder & CTO of Armis, discusses the global efforts and variations in promoting responsible AI, as well as the necessary measures to ensure responsible AI innovation in the United States. What are your initial impressions of the Biden-Harris Administration's efforts to advance responsible AI? Are they on the right track in managing the risks associated with AI? The effort to address the issue of responsible AI is a proactive step in the right direction.

In addition to being consistent the principles of regulation should be flexible, both to cater for the speed of technological development and to enable businesses to apply appropriate requirements to their capabilities and risk profile. Regardless of what regulation is coming, it is worthwhile for every business to understand how the risk is being evaluated, the current exposure level, and how standards and regulation will affect the company.

Peru in 2020 began requiring any foreign fishing boat entering its ports to use a vessel monitoring system allowing its activities to be tracked in real time 24 hours a day. The equipment, which tracks a vessel's geographic position and fishing activity through a proprietary satellite communication system, sought to provide authorities with visibility into several hundred Chinese squid vessels that every year amass off the west coast of South America.

We need SBOMs. The good news is that regulations demanding SBOMs are in the works in the US and elsewhere. The US government has demanded that federal agencies adopt SBOMs in a standard format, but whether this is necessary is based on the "Criticality of the software".

Let's face it, security teams are only as good as the next problem they face. Why is keeping up so difficult? New/evolving requirements, lengthy/confusing acronyms, and countless moving parts plague compliance regulations.