In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
DHS Releases New Guidelines for Securing Critical Infrastructure
"AI can present transformative solutions for US critical infrastructure, and it also carries the risk of making those systems vulnerable in new ways to critical failures, physical attacks, and cyber attacks. Our department is taking steps to identify and mitigate those threats," said Secretary of Homeland Security Alejandro Mayorkas.
DHS outlines a four-part mitigation strategy, involving the following steps:
Govern: Establish an organizational culture of AI risk management – build organizational structures that prioritize security.
Map: Understand your individual AI use context and risk profile.
Measure: Develop systems to assess, analyze, and track AI risks – identify repeatable methods and metrics for measuring and monitoring AI risks and impacts.
Manage: Prioritize and act upon AI risks to safety and security – implement controls to maximize the benefits of AI systems while decreasing harmful impacts.
In the news: MySQL 9.0 Released; NordVPN Launches File Checker Tool; Critical OpenSSH Vulnerability Affects Linux Systems; IT Pros See Shrinking Job-Related Benefits Despite Salary Increases; Top Trends Driving Observability Adoption; Containers Dominate in Both Development and Production, According to Docker Report; Ubuntu Core 24 Released for Edge and IoT; Yocto Project Releases 5.0 LTS Version; OpenSSF Introduces Siren Security Platform; Raspberry Pi Announces Intent to Go Public; and Red Hat Introduces Image Mode for RHEL.
In the news: Open Source AGPL Added as License Option for Elasticsearch; Sovereign Tech Fund Invests in FreeBSD Development; Red Hat's OpenStack Services on OpenShift Now Generally Available; Juniper Networks Offers New AI-Native Courses and Services; Delphix Report Cites Growing Concerns Over Data Protection; Endor Labs Launches Magic Patches and Upgrade Analysis Tool; Rackspace to Offer TuxCare's Extended Linux System Support; Announcing eLxr: Enterprise-Grade Linux for Edge-to-Cloud Deployments; NSA Issues Zero Trust Guidance on Automation and Orchestration; and IT Pros Report Lack of Familiarity with Secure Software Development.
