The U.S. National Institute of Standards and Technology (NIST) has issued guidance on differential privacy as a privacy-enhancing measure, fulfilling a mandate in President Joe Biden’s executive order on artificial intelligence. Differential privacy involves adding a mathematical algorithm to a dataset to protect individuals’ identities. For more information, see the full story at NIST’s website.
The Cybersecurity and Infrastructure Security Agency (CISA) has released a series of security configuration baselines for Google Workspace, including Gmail, Google Drive, and Google Meet, as part of its Secure Cloud Business Applications (SCuBA) program, in part as a response to the Chinese breach of Microsoft. These baselines aim to provide security standards for technology applications used across the federal government. CISA is requesting comments on the configurations and asking federal agencies to help validate and enhance the implementation of these baselines. CISA has also released an assessment tool called “ScubaGoggles” for evaluating security against the baselines.
And speaking of those breaches, Chinese military hackers have been infiltrating the computer systems of critical entities, including power and water utilities, ports, and oil and gas pipelines, to disrupt key American infrastructure, according to U.S. officials and industry security officials. The intrusions are part of a broader effort to sow panic and chaos or snarl logistics in the event of a U.S.-China conflict in the Pacific. The hackers have also targeted entities outside the United States. While none of the intrusions have caused disruptions, they indicate China’s desire to complicate U.S. efforts in the Pacific region, particularly about Taiwan.
During a congressional hearing, experts warned that smaller companies risk being overwhelmed by cybercrime due to AI-related threats. These threats include increased efficiency for hackers to develop malware, spread disinformation, and elevate the scale of attacks. The experts recommended moving smaller businesses to the cloud for collective defense, implementing an incident reporting regime, and fostering better information sharing among firms. They also emphasized the need for AI security measures, AI education, and workforce development.
The Cloud Security Alliance (CSA) has launched the AI Safety Initiative, a coalition of working groups that includes Amazon, Anthropic, Google, Microsoft, OpenAI, academic experts, and government agencies. The initiative aims to create safety and security guidelines for artificial intelligence (AI), focusing on generative AI. CSA has already published a paper on the security implications of ChatGPT and plans to release further guidelines. This initiative comes in parallel with other efforts, such as voluntary guidelines announced by the Biden administration and joint guidelines from the UK’s National Cyber Security Centre and CISA.
Why do we care?
There’s so much here to use. Need a justification for the cloud? Congressional testimony. Security guidance for Google Workspace? We have that now from CISA. Privacy details? NIST has you covered. Reason to talk security? Washington Post coverage of disruption of infrastructure. Happy Holidays. It’s your pile of gifts.