Tag Archive for: mandate

China to Mandate Security Reviews for ChatGPT-Like Services


(Bloomberg) — China plans to require a security review of generative AI services before they’re allowed to operate, casting uncertainty over ChatGPT-like bots unveiled by the country’s largest tech companies including Baidu Inc.

Most Read from Bloomberg

Providers of services must ensure content is accurate and respects intellectual property, and neither discriminates nor endangers security, the Cyberspace Administration of China said in draft guidelines seeking public feedback. AI operators must also clearly label AI-generated content, the country’s internet overseer said in a statement posted on its website.

The CAC’s requirements add to Beijing’s growing attempts to regulate the explosive growth of generative AI since OpenAI’s ChatGPT fired up the industry in November. Companies from Alibaba Group Holding Ltd. to SenseTime Group Inc. and Baidu all aim to build the definitive next-generation AI platform for the world’s largest internet market. That mirrors a growing wave of development abroad with Alphabet Inc.’s Google and Microsoft Corp. among the many tech companies exploring generative AI, which can create original content from poetry to art just with simple user prompts.

Alibaba shares gave up much of their initial gains on Tuesday after the CAC announcement, while SenseTime was down slightly. The larger e-commerce company on Tuesday described how it planned to build generative AI into its Slack-like work app and Amazon Echo-like smart speakers, before expanding that portfolio to its other services. A day before, SenseTime demonstrated the large AI model SenseNova and a user-facing chatbot called SenseChat.

That followed Baidu Inc.’s Ernie bot, which was released for selective testing about a month ago. The company — considered the current domestic leader — was down 7% in Hong Kong.

Read more: Alibaba Enters ChatGPT Fray With AI Speaker, Slack-Like App

In addition, the powerful regulator stressed that AI services must be transparent about the data and algorithms used in training their large-scale models, reinforcing Beijing’s focus on maintaining control over sensitive and valuable information.

“Service providers should provide certain…

Source…

Is Louisiana’s ID Verification Mandate a Step in the Wrong Direction? – Global Village Space


It was recently announced that Louisiana had introduced legislation that requires users of adult websites to show identification to access the pages. This has stirred up plenty of questions about how much authority governments can have over the policing of the internet.

Aside from the ethical debates surrounding the news, it also feels like this is a step backward. Technology is moving forward rapidly, and improved methods of authentication are already emerging. A more sensible solution could be to jump on the growing trend of biometric technology for accessing websites.

What is the Louisiana Mandate?

PIA reported that lawmakers in Louisiana have decided to implement a new rule for accessing adult websites. In a push to ensure that children don’t encounter content that could be damaging to them, internet users in the state will now be required to use their personal identification credentials to log on.

Experts have noted how other countries, including the UK, Australia, and Germany, have all attempted similar measures in the past. None of these worked. In fact, collecting IDs for age verification can have serious knock-on effects when it comes to data privacy.

This highlights how there’s a need for more modern approaches to authentication that are in line with the advancing technological world. Biometrics has already started to creep in on devices and some sites. However, they haven’t become widespread or used as an alternative to traditional identification methods yet.

How Far Away are We From Ubiquitous Biometrics?

According to Grand View Research, the global biometrics market will be worth around $60 billion by 2025. It is growing at a rate of 20.4 percent each year, and this is being driven by the increased demand for enhanced security methods.

Issues Arising from Biometrics

For the technology to become used for logging onto all sites and devices, internet users need to have the reassurance that their data won’t be sold or lost to third parties.

Like it or not, biometric technology is on the way, and some people believe that it is a great step forward. There’s no doubt, though, that western countries will need to learn how to cope with these challenges. There…

Source…

ISM updated to mandate web API protection – Security


Recent data breaches have put a spotlight on web API vulnerabilities, and in what may not be a coincidence, the Australian Cyber Security Centre has added them to its influential Information Security Manual.

The latest edition of the ISM, published by the ACSC, adds a new control “to ensure clients are authenticated when calling web application programming interfaces that facilitate access to data not authorised for release into the public domain.”

In addition, “A new control was added to ensure clients are authenticated when calling web application programming interfaces that facilitate modification of data.”

These controls were not present in the September edition of the ISM.

The ACSC also takes aim at what could be termed “compliance culture”, in particular a set-and-forget attitude to security controls.

Three controls have been revised to make it clear that they should be actively maintained.

  • Overseeing cyber security awareness raising: “The existing control relating to overseeing the development and operation of a cyber security awareness raising program was amended to ensure it is also maintained.”
  • Trusted insider program: “The existing control relating to the development and implementation of a trusted insider program was amended to ensure it is also maintained.”
  • 33 different controls relating to documentation were updated: “Existing controls relating to the development and implementation of cyber security documentation were amended to ensure documentation is maintained throughout its lifetime”.

Another aspect of compliance culture, strategies that exist only as documents, is also highlighted: “The existing control relating to the development and maintenance of a cyber security communications strategy was amended to ensure it is implemented (emphasis added)”.

For the first time, the ISM explicitly draws the burgeoning – and often insecure – world of the Internet of Things into its remit.

“The definition of ICT equipment was amended to explicitly state that ‘smart devices’ are considered ICT equipment and therefore all controls relating to ICT equipment equally apply to smart devices, such as smart televisions and…

Source…

New owner of Canadian ransomware negotiating firm expands its mandate


Two of Canada’s best known names in cybersecurity are teaming up again, this time to lead a firm specializing in post-breach remediation.

Daniel Tobok and Ed Dubrovsky, formerly the founder and managing director respectively of the Toronto-based incident response firm Cytelligence, are now behind Cypfer, which is moving from focusing on ransomware negotiations into post-incident recovery consulting.

Both men left Cytelligence recently, after staying with that firm following its acquisition in December, 2022 by insurance and consulting giant Aon plc.

Early last month Tobok announced he had bought Toronto-based Cypfer. A few weeks later he announced that Dubrovsky has joined the company as managing director.

Dubrovsky has led international security consulting practices as well as being a chief information security officer (CISO) and chief operating officer.

“We’re about recovery post-breach,” Tobok said in an interview from Miami, where he now makes his home.

“There’s a very big gap in the market today. When companies get breached, nobody is assisting them to get up and running after an incident. Our whole strategy is to build the largest global organization that will handle post-breach remediation.”

Cypfer has 52 employees in Toronto. Tobok hopes to soon add 30 in Miami, which he said has become a big tech hub. He also plans to open offices in Europe, the Caribbean and South America.

“Florida has about six major universities,” he said, “with very robust cybersecurity programs. That’s one of the reasons we chose Florida as a base. Miami is also great because we can get international flights. New York is extremely expensive.”

Cypfer founder and president Jason Kotler will stay with the company as president. Dubrovsky will be responsible for strategy, execution, innovation and growth.

“Once somebody gets breached … their biggest problem is, when they recover, to make sure their data is secure so they don’t get re-infected with ransomware, their credentials are not compromised and they can actually operate properly,” Tobok said. “That’s been a very big problem in the industry because people can re-install software, they can re-install hardware but…

Source…