Future EU Virtual Cybersecurity Center to Receive Secure Communication System From Indra
Spanish defense contractor Indra will integrate a secure communication system to withstand quantum computer attacks into the European Commission’s upcoming virtual cyber risk management center. The project is part of a 2023 program launched with a Leonardo-led consortium for new digital infrastructure with real-time tracking capability to protect against cyber criminal groups. The resulting solution will leverage various databases to gather intelligence from activities across the internet, social networks, and the dark web. Under the initiative, Indra will equip the center with its proprietary COMSec technology to provide end-to-end encrypted voice, video, and instant messaging services. The platforms will protect data across computers and mobile phones using cellular, wireless, or satellite networks, permitting users to hold simultaneous telephone conversations and video conferences and exchange sensitive information worldwide. Indra’s COMSec will secure information being exchanged within the center and data stored in it to counter harvest now, decrypt later threats at any time. Indra wrote that the company is exploring procedures to support data transfer between the future EU cyber management capability incorporating systems as well as with outside environments. The next phase will involve the coordination of the center with networks under other operations facilities throughout Spain. Once completed, the center is expected to bolster cybersecurity across Europe by utilizing new, more secure algorithms. The company added that the project will “promote the development of the information and knowledge” against criminal organizations responsible for disinformation campaigns, cyberattacks, ransomware, phishing, and denial of service.
Lancaster University and National Cyber Force deliver ‘hackathon’
A University in Lancashire teamed up with the government’s National Cyber Force (NCF) to deliver a ‘hackathon’ event for the cyber experts of the future. The event, the first of its kind delivered by the NCF, saw some of the North West’s brightest young cyber talent put to the test at Lancaster University. Held within the university’s cutting-edge computer labs on April 12, the hackathon is one of the first major initiatives held by the NCF ahead of the move to its new home at Samlesbury in 2025. The hackathon provided a series of rapid computer engineering challenges, with participants working in teams to create new software and hardware while supported by CyberFirst alumni experts. The activities were designed to teach participants about a range of emerging technologies, how they work, and how they can be exploited by cyber criminals. The challenges included a tiny computer to fit inside the rim of a hat while being able to connect to the internet and communicate with other devices; learning how security cameras work and how to control and take screenshots from them; and how to approach using AI models. In addition to the challenges, attendees heard from inspirational speakers and received insights into what it is like to work for the NCF as well as the rewarding range of cyber careers on offer to them. Support for the hackathon was also provided by the Ministry of Defence’s Cyber Specialist Unit, part of the Joint Cyber Reserve Force, who helped to develop the challenges and facilitate the day. The hackathon challenges provide relevant experience of emerging and developing technologies and threats that cyber experts are grappling with in the real world. It is great to work alongside the National Cyber Force to help develop the skills pipeline of young cyber professionals that will be key to ensure the future security of the UK
Vet Group CVS Warns Over Risk to Personal Information in Cyber Attack
One of the UK’s largest vet groups has told regulators about a possible breach of personal information after it was hit by a cyber-attack. CVS Group said hackers had gained unauthorised external access to a limited number of its IT systems. The company continued to have problems with slow-running systems on Monday after disruption across the UK business. The chain has more than 500 locations around the world, most of which are in Britain, and is one of the big six groups of UK veterinary practices. The largest rivals to CVS include the private equity owned IVC Evidensia, which owns more than 1,000 first-opinion practices in the UK VetPartners, another private equity-owned chain with more than 500 sites; and Pets at Home, the superstore chain that has vet practices in many stores. The company was forced to shut down computer systems at its practices and in some broader business functions for several days last week, it added. IT services to our practices and business functions have now been securely restored across the majority of the estate; however, due to the increased levels of security and monitoring, some systems are not working as efficiently as previously and this is likely to result in an ongoing operational impact. The company is listed on London’s Alternative Investment Market and was valued at £680m before the hack was disclosed. Its biggest shareholder is the Canadian investor Global Alpha Capital Management.
WHY ISO/IEC 42001 IS THE ULTIMATE STANDARD FOR RESPONSIBLE AI IMPLEMENTATION
The Rise of Generative AI & Its Limitless Potential Artificial Intelligence (AI) has captivated the world, and our first encounter with its power has likely been through ChatGPT when it was first released on 30th November 2022. This remarkable tool acquired 100 Million Users in less than two months, the fastest Sign-Up Rate ever witnessed, surpassing even TikTok’s meteoric rise. The potential of AI is truly limitless, laying the foundation for the Fifth Industrial Revolution. Like ChatGPT, AI Enables seamless Human-Machine Interfaces, empowering us to work more accurately, efficiently across industries. At the heart of this revolution lies Generative Pre-Trained Transformer (GPT), the AI Technology Powering ChatGPT. This powerful large Language Model can understand and respond like a human, thanks to its Pre-Training on Massive Datasets. GPT enables computers to Comprehend Human Language in a way that was once unimaginable, simulating Human-Like Responses and opening up new realms of possibilities. The Need for AI Management & ISO/IEC 42001:2023: As the Adoption of AI continues to accelerate, the need for a comprehensive and globally recognised Standard for AI Management Systems has become paramount. While existing Frameworks & Guidelines (eg. NIST CSP 2.0, COBIT 2019, ISO 27001:2022) provide Guidance for Managing Systemic Application Inputs, Processes & Data Outputs, they fall short in addressing the unique challenges posed by evolving AI Systems. AI Applications are dynamic and constantly evolving, with the Potential to Produce Creative, Unexpected and sometimes Concerning Outputs, even when Presented with the same input. To address this challenge, the International Organisation for Standardisation / International Electrotechnical Commission has published ISO/IEC 42001:2023, a Comprehensive Standard that Provides Guidelines for Implementing AI Management Systems (AIMS). This standard emerges as the ultimate choice for organisations seeking to Implement AI Responsibly, Ethically, and with Utmost Transparency. The Holistic Approach of ISO/IEC 42001:2023: Like other ISO Standards, ISO/IEC 42001 takes a Holistic Approach to AI Governance, addressing not only the technical aspects but also the Strategic, Ethical & Regulatory Considerations. Unlike Narrow Frameworks that focus solely on specific AI Applications or Sectors, this Standard provides Comprehensive Guidelines Applicable to organisations of all sizes and across various Industries. One of the Key Advantages of ISO/IEC 42001 is its Alignment with Harmonised Structure used in other ISO Management System Standards (eg ISO 27001). This common approach Facilitates Seamless Integration with Existing Standards related to Quality, Safety, Privacy & Information Security. It provides a Structured Framework for Managing the Entire AI Application Lifecycle, enabling organisations to leverage their existing Management System Frameworks, ensuring Consistency & Efficiency. Ethical Considerations & Key Controls: Ethical Considerations are a New Dimension introduced in ISO/IEC 42001, required throughout the entire AI Lifecycle. A proper Governance Structure can demonstrate the Management Team’s accountability and commitment to Deploying AI responsibly. Management Oversight should include elements such as Security, Safety, Fairness, Transparency, Accountability, Reliability, Robustness, Privacy, Accessibility & Data Quality. Key Controls Outlined in ISO/IEC 42001 include: Explainable AI Models Eminently Fair & Thoroughly Tested AI Algorithms Diverse & Representative Training Data Ensuring Ethical & Socially Responsible Deployment Backup Procedure when AI Fails Under this Framework, organisations can Embrace Innovation Responsibly while Mitigating Risks & Addressing Ethical Concerns. Alignment with EU AI Act: The EU AI Act represents the first AI-Specific Legal Framework, Addressing the Risks & Deployment Requirements of AI Systems. It Outlines Obligations for organisations, such as: Risk Management (Article 9) Record-Keeping (Article 12) Appointing Compliance, Risk, Security Oversight Officers (Article 17) Transparency (Article 52), and Incident Reporting (Article 62). ISO/IEC 42001 provides a solid Framework to help organisations fulfil the EU AI Act Principles while Managing Risks Effectively. Conclusion As the world navigates the Challenges & Opportunities presented by AI, the ISO/IEC 42001 Standard emerges as the Ultimate Solution for organisations seeking to establish a robust AI Management System. By embracing this Comprehensive Standard, organisations can ensure Transparent, Reliable, Secure & Responsible AI Implementation, fostering trust among Stakeholders and positioning themselves as Leaders in the AI Revolution. With ISO/IEC 42001, organisations can harness the limitless potential of AI while Upholding Ethical Principles & Maintaining Accountability, paving the way for a future where Human Ingenuity & Artificial Intelligence Coexist Harmoniously.
Navigating the Complexities of Cybersecurity in the Digital Age
In today’s digital age, cybersecurity is a paramount concern for global treasury management. As financial transactions become increasingly reliant on digital platforms, the evolution of cyber threats underscores the urgency for robust cybersecurity measures. However, the landscape of treasury management worldwide is fraught with challenges, as organizations struggle to safeguard sensitive financial data against sophisticated cyber-attacks. These threats not only jeopardize the integrity of financial systems but also pose a substantial risk to the global economy. The sad-but-true reality is that many organisations find themselves ill-prepared to combat these evolving threats due to a lack of comprehensive and systematic risk management strategies. To address this issue, treasury departments must transcend traditional security measures and embrace innovative solutions to fortify their defenses against the relentless onslaught of cyber threats. Implementing Effective Cybersecurity Measures: Practical Approaches To safeguard against the ever-increasing cybersecurity threats, organisations must adopt practical approaches that align with the strategic framework outlined. This involves a meticulous assessment of the enterprise’s cybersecurity capabilities across seven domains, ensuring a comprehensive defense strategy. To start, deploying advanced network security tools and processes is crucial for protecting the infrastructure that supports digital operations. Equally important is enhancing endpoint security by systematically scanning and monitoring devices to prevent unauthorized access. Implementing robust identity and digital trust mechanisms, such as multi-factor authentication, safeguards against identity theft and enhances data security. Additionally, developing a resilient response and recovery plan is essential for minimizing the impact of cyber incidents. Governance, risk, and compliance (GRC) practices must be integrated into the organizational culture, promoting a proactive stance towards cybersecurity. By focusing on these practical approaches, enterprises can significantly bolster their cybersecurity posture, ensuring the protection of critical assets and maintaining operational continuity. Undo Like this AI draftDislike this AI draft Open Emoji Keyboard
Tackling Cybersecurity Vulnerabilities through Secure by Design
Today’s Secure by Design paper shares Google’s years of experience using the concept to “build security in” during the design of a software product and throughout the development lifecycle, rather than “bolting it on” afterwards. We offer four principles for Secure by Design for software design, development and deployment: User/customer-centric design: we consider our products in the context of their use, and how user actions and choices could lead to adverse outcomes, especially when users cannot be reasonably expected to know whether a choice is risky. Developers are users, too: in our experience, the development and deployment ecosystem in which a software product or service is produced has significant influence on its security posture, so we consider how to ensure that the developer ecosystem encourages secure design and prevents vulnerabilities and errors. Thinking in terms of invariants: we ground our security design by defining properties that we expect to always hold for a system, even when it’s under attack — our security invariants. Design for understandability and assurance: software systems should be designed such that security experts can determine with confidence that the systems will indeed uphold their security invariants, and can do so at scale and throughout ongoing development over the lifecycle of the product. These four principles can help produce products and services that are designed to automatically defend users from things like malicious servers, network-level adversaries, attacks through downloaded files, phishing attacks, and more. These principles can also significantly reduce entire classes of vulnerabilities.
Cyber Security Governance, The Role of The Board
As cyber threats evolve, boards must remain vigilant in cyber security governance. Understanding threat and managing cyber risk are crucial for effective cyber security governance, and boards play a critical role in ensuring this. Not only do boards carry the legal responsibility and accountability for cyber governance within their organisation, but they also have the opportunity to harness the benefits that technology offers, drive their company’s agenda, and deliver real value throughout the organisation. Upcoming Cyber Governance Training Pack for Boards In the coming year, the NCSC is committed to developing a comprehensive and interactive online ‘Cyber Governance Training Pack’ for Boards. This will provide boards with valuable knowledge and practical guidance to enhance their understanding of cyber security governance. The training will complement the Department of Science, Technology, and Innovation’s (DSIT) proposed Cyber Governance Code of Practice, currently open for call for views untill 19th March The Code of Practice, which is aimed at executive and non-executive directors (and other senior leaders), sets out key actions to take to strengthen their cyber resilience and governance regarding cyber risk. The NCSC’s existing Cyber Security Toolkit for Boards provides guidance on how to implement the actions the outlined in the Code. As cyber threats evolve, boards must remain vigilant in cyber security governance. Our video, Board Toolkit, and upcoming training empower boards to understand risks and provide effective governance. We will update you on our progress later in the year. Keep an eye out for further announcements.
Southern Water customers are affected by Cyber Attack!
Southern Water has warned that data belonging to 5-10% of its customers has been stolen in a cyber attack. In an email to customers on Tuesday, the firm said personal details and financial information may have been stolen for sale on the dark web. The company provides water services across Kent, Sussex, Hampshire and the Isle of Wight. It apologised and said it had contacted regulators and was working with cybersecurity experts. Southern Water provides essential water services to 2.5 million customers and wastewater services to more than 4.7 million customers. In an email to customers seen by the BBC, it said data including names, dates of birth, national insurance numbers, bank account details and reference numbers could have been stolen. The company said it had been monitoring suspicious activity in its IT Systems since it was named on a Cyber Crime website last month. In a statement the company said: “Based on our forensic investigations so far, which are ongoing, we are planning to notify in the order of 5 to 10% of our customer base to let them know that their personal data has been impacted. We are also notifying all of our current employees and some former employees. “We have engaged leading independent cybersecurity experts to monitor the ‘dark web’. We take data protection and information security very seriously and, in accordance with our regulatory obligations, we are making contact with anyone whose personal data may be at risk.” It added that services and water supplies had not been affected. The Information Commissioner’s Office (ICO) said it had received a report about the incident and was investigating. It added: “Our advice to the public remains that if anyone is concerned about how their data has been handled or they are concerned about a potential breach, they should get in touch with the ICO.”
Cyber League
What is Cyber League? Cyber League is a new NCSC initiative which brings together a trusted community of NCSC and industry cyber experts to work on the biggest cyber threats facing the UK. This is part of the NCSC mission to make the UK the safest place to live and work online. A new community of NCSC and industry experts to work together on cyber threats against the UK. Members of Cyber League are a diverse group of industry experts, working with NCSC analysts and each other, to bring their unique knowledge and understanding to the threat picture. They take part in a range of engagements, including analytic workshops and discussion groups. Their work is a crucial part of improving visibility and tracking existing and emerging threats to the UK. Joining Cyber League Membership of Cyber League is voluntary and we welcome new members. To participate in Cyber League, an organisation must: have a substantial UK connection be part of the cyber security or threat intelligence industry Up to three individuals in an organisation can join the Cyber League community, providing they have the relevant cyber experience and knowledge. How does Cyber League work with Industry 100? Cyber League is designed to be flexible. While it complements the Industry 100 (i100) secondment programme, it is also open to those who may not be able to commit the time i100 requires but still have experience and knowledge to share that can bring operational benefit.
New guidance launching to help small organisations to use online services more securley
Small organisations have become increasingly dependent on online services for their day-to-day IT tasks. Many organisations adopted these online services also known as ‘cloud services as staff transitioned to home-working as a result of the pandemic, and they continue to rely on them for home or hybrid based work. Today, we are launching our new guidance tailored for small organisations. This is specifically written for small and medium sized enterprises SMEs, who may be overwhelmed by our existing cloud security guidance which is aimed squarely at IT professionals and contains a lot more technical details. Our new guidance will help SMEs use online services more securely, so that they’re less likely to be the victim of a cyber attack. As the guidance explains, many SMEs already rely on online services for day-to-day tasks, even if they’re not aware of it. This includes email and instant message communications, cloud storage, website/shop hosting, online accounting and invoicing, or simply using social media to engage with customers. How long could your business operate without these critical functions if you couldn’t log onto your computers as a result of a ransomware attack? Or if you were locked out of an online account? If you rely on any of these services, it’s important that they are set up in such a way that they’re safe from online risks, whilst also reflecting your organisation’s priorities. Reputable service providers make it easy for you to do this, and will often provide useful ‘getting started’ tutorials and guides, such as for organisations using Google Workspace Security checklist for small business or Microsoft 365.
