source: federalnewsnetwork.com

A new plan from the Air Force spells out where the service will put its cyber resources, priorities and investments over the next 10 years, as it aims to further project its power from cyberspace.

“The Air Force Cyber Warfare Flight Plan charts out where we are going to go and that we are going to hopefully innovate and inspire and actually turn to fielding,” Lt. Gen. Dash Jamieson, Air Force deputy chief of staff for intelligence, surveillance, reconnaissance and cyber effects operations, said Wednesday. “Flight plans and strategies are about prioritization and putting our money where our mouth is in resourcing. We actually have a signed plan that says ‘Let’s talk about it upfront, let’s invest in our people, lets invest in our training, let’s invest in our capabilities.’”

The Cyber Flight Plan is scant on public details. The Air Force boiled down the plan to a single trifold brochure, which is all the service intends to publish in an unclassified format, she said.

“There is a more detailed plan at different classification levels…but that will not be out for public consumption, because we are in persistent and continuous competition with our adversaries who would want to know what is our roadmap,” she told reporters.

 

But it does identify seven areas of importance and three lines of effort.

Insight by the Trezza Media Group: Technology experts from DoD’s JAIC, HHS and NOAA Fisheries explore machine learning and AI in this free webinar.

One of the most emphasized of those is human capital, which is an area of importance and part of the foundational capabilities line of effort.

 source: apnews.com

A growing number of countries are following China’s lead in deploying artificial intelligence to track citizens, according to a research group’s report published Tuesday.

The Carnegie Endowment for International Peace says at least 75 countries are actively using AI tools such as facial recognition for surveillance.

The index of countries where some form of AI surveillance is used includes liberal democracies such as the United States and France as well as more autocratic regimes.

Relying on a survey of public records and media reports, the report says Chinese tech companies led by Huawei and Hikvision are supplying much of the AI surveillance technology to countries around the world. Other companies such as Japan’s NEC and U.S.-based IBM, Palantir and Cisco are also major international providers of AI surveillance tools.

 

Hikvision declined comment Tuesday. The other companies mentioned in the report didn’t immediately return requests for comment.

 source: theguardian.com

Police say charges of stealing covert information against Cameron Ortis pose ‘potential risk’ for US, UK, New Zealand and Australia

Canada and its allies are scrambling to assess the damage inflicted by what experts believe could be the largest security breach in the country’s history after a senior federal intelligence official was arrested on charges of stealing covert information.

Following a lengthy investigation by the Royal Canadian Mounted police, Cameron Ortis – the leader of the police force’s own intelligence unit – was charged on Friday with leaking or offering to share covert information.

On Monday, the RCMP commissioner, Brenda Lucki, acknowledged that Ortis, 47, had access to intelligence from both domestic and international allies.

Lucki did not say which foreign organizations may have been exposed by Ortis, but Canada – alongside the United States, the United Kingdom, New Zealand and Australia – is part of an intelligence-sharing alliance known as the Five Eyes, in which certain investigations have a large degree of overlap between countries.

“We are aware of the potential risk to agency operations of our partners in Canada,” Lucki said in a statement.

 

Security experts said that case could have a profound impact on Canada’s relationship with its allies.

Officials in other countries are probably “tremendously concerned” about the safety and integrity of their own investigations, said Stephanie Carvin, a professor of international affairs at Carleton University and former national security analyst for the federal government.

 source: infosecurity-magazine.com

Eight years ago, a list of the world's most dangerous software errors was published by problem-solving nonprofit the MITRE Corporation. Yesterday saw the long-awaited release of an updated version of this rag-tag grouping of cyber-crime's most wanted.

The Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors list (CWE Top 25) is a roundup of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software.

What makes these bad boys so lethal is that they are often easy to find and exploit. And once attackers have gotten their grappling hooks into the errors, they are frequently able to completely take over execution of software, steal data, or prevent the software from working.

Each error was given a threat score to communicate its level of prevalence and the danger it presents. Topping the table of treachery with a threat score of 75.56 and leading by a huge margin is "improper restriction of operations within the bounds of a memory buffer."

The second-most lethal error was determined to be "improper neutralization of input during web page generation," also known as cross-site scripting, which had a threat score of 45.69. 

In 2011, a subjective approach based on interviews and surveys of industry experts was used to create the list. In 2019, the list's compilers took a data-driven approach, leveraging National Vulnerability Database (NVD) data from the years 2017 and 2018, which consisted of approximately 25,000 CVEs.