In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
DHS Releases New Guidelines for Securing Critical Infrastructure
"AI can present transformative solutions for US critical infrastructure, and it also carries the risk of making those systems vulnerable in new ways to critical failures, physical attacks, and cyber attacks. Our department is taking steps to identify and mitigate those threats," said Secretary of Homeland Security Alejandro Mayorkas.
DHS outlines a four-part mitigation strategy, involving the following steps:
Govern: Establish an organizational culture of AI risk management – build organizational structures that prioritize security.
Map: Understand your individual AI use context and risk profile.
Measure: Develop systems to assess, analyze, and track AI risks – identify repeatable methods and metrics for measuring and monitoring AI risks and impacts.
Manage: Prioritize and act upon AI risks to safety and security – implement controls to maximize the benefits of AI systems while decreasing harmful impacts.
In the news: MySQL 9.0 Released; NordVPN Launches File Checker Tool; Critical OpenSSH Vulnerability Affects Linux Systems; IT Pros See Shrinking Job-Related Benefits Despite Salary Increases; Top Trends Driving Observability Adoption; Containers Dominate in Both Development and Production, According to Docker Report; Ubuntu Core 24 Released for Edge and IoT; Yocto Project Releases 5.0 LTS Version; OpenSSF Introduces Siren Security Platform; Raspberry Pi Announces Intent to Go Public; and Red Hat Introduces Image Mode for RHEL.
In the news: CIQ Offers Long-Term Support for Rocky Linux on AWS; Apple's PQ3 Brings Post-Quantum Security to iMessage; Google Open Sources Magika File-Type Detection System; Microsoft Announces Sudo for Windows; Linux Foundation Launches Post-Quantum Cryptography Alliance; Sys Admins Saw the Biggest Average Salary Increase in 2023, According to Dice; Use of Open Source Software Increased Significantly in 2023; Docker Build Cloud Announced; Wi-Fi CERTIFIED 7 Announced; EU Commissions Nostradamus Project for Quantum Testing; and NIST Identifies Main Types of Adversarial Machine Learning Threats, GitLab Announces Critical Security Releases.
