Mediaboss Marketing

Former head of the National Security Agency, retired Gen. Paul Nakasone, will join OpenAIs board of directors, the AI company announced Thursday afternoon. He will also sit on the boards security and safety subcommittee.

The high-profile addition is likely intended to satisfy critics who think that OpenAI is moving faster than is wise for its customers and possibly humanity, putting out models and services without adequately evaluating their risks or locking them down.

Nakasone brings decades of experience from the Army, U.S. Cyber Command and the NSA. Whatever one may feel about the practices and decision-making at these organizations, he certainly cant be accused of a lack of expertise.

As OpenAI increasingly establishes itself as an AI provider not just to the tech industry but government, defense and major enterprises, this kind of institutional knowledge is valuable both for itself and as a pacifier for worried shareholders. (No doubt the connections he brings in the state and military apparatus are also welcome.)

OpenAIs dedication to its mission aligns closely with my own values and experience in public service, Nakasone said in a press release.

That certainly seems true: Nakasone and the NSA recently defended the practice of buying data of questionable provenance to feed its surveillance networks, arguing that there was no law against it. OpenAI, for its part, has simply taken, rather than buying, large swathes of data from the internet, arguing when it is caught that there is no law against it. They seem to be of one mind when it comes to asking forgiveness rather than permission, if indeed they ask either.

The OpenAI release also states:

Nakasones insights will also contribute to OpenAIs efforts to better understand how AI can be used to strengthen cybersecurity by quickly detecting and responding to cybersecurity threats. We believe AI has the potential to deliver significant benefits in this area for many institutions frequently targeted by cyber attacks like hospitals, schools, and financial institutions.

So this is a new market play, as well.

Nakasone will join the boards safety and security committee, which is responsible for making recommendations to the full Board on critical safety and security decisions for OpenAI projects and operations. What this newly created entity actually does and how it will operate is still unknown, as several of the senior people working on safety (as far as AI risk) have left the company, and the committee is itself in the middle of a 90-day evaluation of the companys processes and safeguards.

See original here:
Former NSA head joins OpenAI board and safety committee - TechCrunch

OpenAI has appointed retired U.S. Army General Paul M. Nakasone to its Board of Directors. Nakasone, a cybersecurity expert, will bring his expertise to the Boards Safety and Security Committee.

What Happened: As the impact of AI technology continues to grow, OpenAI has appointed Nakasone to its Board of Directors. His extensive experience in cybersecurity is expected to bolster the companys commitment to safety and security, announced OpenAI on Thursday.

Nakasone, a cybersecurity expert, will provide valuable insights into enhancing the security of OpenAI's systems. His role will involve making critical safety and security recommendations for OpenAI projects and operations.

General Nakasone's expertise is expected to bolster OpenAI's resilience against sophisticated cybersecurity threats. His experience includes leading U.S. Cyber Command and the National Security Agency, where he focused on safeguarding the nation's digital infrastructure.

OpenAI's Chair, Bret Taylor, emphasized the importance of secure AI innovations, stating, "General Nakasone's unparalleled experience in areas like cybersecurity will help guide OpenAI in achieving its mission of ensuring artificial general intelligence benefits all of humanity."

General Nakasone expressed his enthusiasm, noting that OpenAI's mission aligns with his values and public service experience. He looks forward to contributing to the safe and beneficial development of artificial general intelligence globally.

See Also: Tesla Bear Says Elon Musk Has Mentally Checked Out Of EV Giant Long Ago, But Will Stay Back For This Re

Why It Matters: The appointment of General Nakasone comes at a crucial time for OpenAI, which has been actively expanding its influence and operations. Recently, the company has significantly increased its lobbying efforts to shape AI regulations amid growing concerns about safety.

The global affairs team has grown from three members at the beginning of 2023 to 35, with plans to reach 50 by the end of 2024. This strategic move aims to influence the development of AI safety legislation, which could potentially restrict the growth of OpenAI's advanced models.

Additionally, OpenAI has recently entered into a collaboration with Apple Inc. to integrate its AI chatbot, ChatGPT, into Apple devices. This partnership, announced at the WWDC 2024, is part of Apple's broader push into AI. Although the collaboration does not involve cash payments, it is expected to enhance the exposure of OpenAI's technology to Apple's vast user base.

Moreover, OpenAI has been expanding its global footprint, with a new office set to open in Tokyo, marking its first foray into Asia. This will be OpenAI's third international location, following offices in London and Dublin. The Tokyo office will focus on expanding AI services in the Japanese language.

Read Next: OpenAI Steps Up Lobbying Efforts As It Seeks To Shape AI Regulations Amid Growing Concerns About Safety

Image Via Shutterstock

This story was generated using Benzinga Neuro and edited by Kaustubh Bagalkote

Continue reading here:
OpenAI Appoints Cybersecurity Expert And Retired US Army Genera With NSA Pedigree To Board, Enhancing AI ... - Benzinga

SAN FRANCISCO Former U.S. Cyber Command and National Security Agency chief Paul Nakasone has been named the inaugural head of a new, national security-focused hub at Vanderbilt University.

The school on Wednesday announced Nakasone as the founding director and leader of its Institute for National Defense and Global Security, which is expected to formally launch at the Nashville-based campus in the fall.

The appointment follows Nakasones retirement earlier this year after a six-year stint as the chief of the U.S. militarys top digital warfighting organization and the worlds largest intelligence agency.

One of the things that really attracted me to Vanderbilt was the fact that it has a very strong belief in an interdisciplinary approach, Nakasone told Recorded Future News during a sit-down interview on the sidelines of the RSA Conference in San Francisco.

He noted the multi-faceted challenges posed by the COVID-19 pandemic, securing U.S. elections and Russias invasion of Ukraine during his tenure leading both entities.

The only way that we were able to have success against all of those threats was the fact that we had a broad partnership with a number of different players academia and industry and our interagency allies, he said.

You take a look at the most challenging problems that our nation faces today, and you move at the speed of conflict.

Vanderbilt Chancellor Daniel Diermeier said the idea for the appointment originated from Nakasones appearances at the universitys annual Summit on Modern Conflict and Emerging Threats and the schools existing focus on education, research and accelerating innovation in national security.

We had conversations about it initially, about whether this particular approach made sense, he said. We love working with him. So, we started talking about it Then gelled into an idea for how these things can reinforce each other.

In his new role, Nakasone will shape what the institute will be, including its structure and long-term goals. He said he would detail his visions for what the next year or two will look like when the center launches.

You should anticipate that there's going to be some type of surge on an activity, much in the same way we took a look at ransomware, he said. We said, Hey, we're gonna surge on that or election security.

The retired four-star also said there would be an emphasis on immediate action and advice and recruitment for individuals to serve as fellows at the new hub.

We think were going to drive outcomes, he said.

Diermeier vowed Vanderbilt would be able to move at the speed Nakasone aims to achieve, noting the institute went from an idea to reality in just around six months.

We love to move fast, Diermeier said. We love to be able to really have an impact and then execute.

Nakasone shrugged off the suggestion that he would have less influence on national security issues now that he is out of uniform.

I have had some experience working in very, very difficult circumstances and being able to get tough problems across the finish line, he said. But most importantly, I think I know people pretty well and I think that's going to be to our advantage.

While the institute marks Naksones first foray outside of government, he didnt rule out the possibility of doing more in the private sector as his two most recent predecessors have done.

I think there'll be other things that I will certainly do. But right now, my focus is obviously on building this premier institute, he said.

Read More:Live updates from the 2024 RSA Conference

Recorded Future

Intelligence Cloud.

No previous article

No new articles

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.

Read the original here:
Former NSA head Paul Nakasone to helm national security institute at Vanderbilt - The Record from Recorded Future News

FORT MEADE, MARYLAND The U.S. government has yet to learn the full extent of a massive Chinese espionage campaign that targeted American critical infrastructure, according to a senior National Security Agency official.

Federal agencies are not done with efforts to uncover or eradicate the threats created by the Chinese hacking group known as Volt Typhoon, said Rob Joyce, the outgoing director of the NSAs Cybersecurity Directorate, during a roundtable with reporters on Friday.

Investigators are still finding victims and making sure to clear out intrusions tied to the sweeping operation, which Western nations first disclosed nearly a year ago, he said.

Joyce also acknowledged for the first time that the government used artificial intelligence to discover some of the breaches made during the campaign, noting that Volt Typhoon activity was difficult to initially identify because the group steals or generates legitimate credentials and doesnt bring additional malware into a system.

Conversely, Joyce said he has seen no examples of them using AI to date. Instead, the prolific, state-sponsored outfit relies on bulk vulnerability scans to sniff out and exploit known weaknesses.

Joyce declined to comment on just how much of the operation the federal government has unearthed to date.

The new insights come a few weeks after some of the countrys top cybersecurity leaders issued stark warnings about the ability of Volt Typhoon and other Chinese hackers to compromise U.S. networks should a conflict with Beijing arise.

"Unfortunately, the technology underpinning our critical infrastructure is inherently insecure because of decades of software developers not being held liable for defective technology," Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA) told the House Select Committee on China.

"That has led to incentives where features and speed to market have been prioritized against security, leaving our nation vulnerable to cyber invasion, she said during the January 31 hearing.

That same day, the Justice Department announced it had disrupted an effort by Volt Typhoon to infiltrate hundreds of insecure U.S. home routers and gain access to critical infrastructure.

The U.S. and its allies revealed the groups actions last May when analysts at Microsoft found it had targeted systems ranging from U.S. telecommunication networks and transportation hubs to the military installation on the island territory of Guam.

Since then, the Biden administration has published over six digital security adversaries warning of the Volt Typhoons tactics and techniques.

From the beginning, its been a broad campaign, said Joyce, who noted targets included airlines as well as energy and pipeline organizations.

The intent really goes back to inspiring societal panic, he said.

That would, in turn, force the U.S. to turn inward and prevent the nation from being able to mobilize and support a conflict in the South Pacific, he told reporters, adding the view of the activity changed as we expanded our knowledge about it

That said, officials believe it would be a pretty high bar for Beijing to activate the groups pre-positioning in Western networks, according to Joyce.

He told reporters he hoped Chinese officials would be thoughtful following the national anger at the discovery of Beijings high-altitude balloon campaign last year.

Chinas military sorely underestimated the countrys response to that event, an anger that would only grow if state-backed hackers struck water and transportation systems, he predicted.

Joyce, who was the NSAs initial pick to be its latest No. 2, instead will retire at the end of the month.

He will be replaced by Dave Luber, who has held various posts at U.S. Cyber Command and has served as the Cybersecurity Directorates deputy chief for almost the last four years.

Recorded Future

Intelligence Cloud.

No previous article

No new articles

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.

The rest is here:
US is still chasing down pieces of Chinese hacking operation, NSA official says - The Record from Recorded Future News

The reality of cybersecurity for companies is that adversaries compromise systems and networks all the time, and even well-managed breach-prevention programs often have to deal with attackers inside their perimeters.

On March 5, the National Security Agency continued its best-practice recommendation to federal agencies, publishing its latest Cybersecurity Information Sheet (CIS) on the Network and Environment pillar of its zero-trust framework. The NSA document recommends that organizations segment their networks to limit unauthorized users from accessing sensitive information though segmentation. That's because strong cybersecurity measures can stop compromises from turning into full-blown breaches by limiting all users' access to areas of the network in which they have no legitimate role.

The guidance from the NSA also allows security teams to make a stronger business cases to management for security protections, but CISOs need to set expectations because implementation is a tiered and complex process.

While the document targets defense-related government organizations and industries, the wider business world can benefit from zero-trust guidance, says Steve Winterfeld, advisory CISO at Internet services giant Akamai.

"The reality is not [whether] you have unauthorized access incidents, it's if you can catch them before they become breaches," he says. "The key is 'visibility with context' that microsegmentation can provide, backed up with the ability to rapidly isolate malicious behavior."

Companies have embarked on zero-trust initiatives to make their data, systems, and networks harder to compromise and, when they are compromised, to slow attackers down. The framework is a solid set of guidelines for how to proceed, but implementing it is not easy, says Mike Mestrovich, CISO at Rubrik, a data security and zero-trust provider.

"Most networks have evolved over time and it is very difficult to go back and rearchitect them while keeping the business running," he says. "It is doable, but it can be costly both in terms of time and money."

Here are six takeaways from the NSA guidance.

The latest document from the National Security Agency dives into the fifth pillar of the seven pillars of zero trust: the network and environment. Yet the other six pillars are equally important and show "how wide-ranging and transformational a zero-trust strategy has to be to be successful," says Ashley Leonard, CEO at Syxsense, an automated endpoint and vulnerability management firm.

"Network and environment" is the fifth pillar in the National Security Agency's Seven Pillars of Zero Trust. Source: NSA

"For companies looking to get started with zero trust, I'd highly encourage them to review the NSA information sheets on the user and device pillars the first and second pillars of zero trust, respectively," he says. "If a company is just getting started, looking at this networking and environment pillar is a bit like putting the cart before the horse."

The network and environment pillar of the NSA's zero-trust plan is all about trying to stop attackers from expanding a breach after they have already compromised a system. The NSA guidelines point to the Target breach of 2013 without explicitly naming the company because the attackers entered via a vulnerability in the company's third-party HVAC system, but then were able to move through the network and infect point-of-sale devices with malware.

Companies should assume they will be compromised and find ways to limit or slow down attackers, NSA Cybersecurity Director Rob Joyce said in a statement announcing the release of the NSA document.

"Organizations need to operate with a mindset that threats exist within the boundaries of their systems," he said. "This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture."

The NSA guidance is a tiered model, where companies should start with the basics: mapping data flows in their networks to understand who is accessing what. While other zero-trust approached have been documented, such as NIST's SP 800-207 Zero Trust Architecture, the NSA's pillars provide a way for organizations to think about their security controls, Akamai's Winterfeld says.

"Understanding data flow primarily provides situational awareness of where and what the potential risks are," he says. "Remember, you cant protect what you dont know about."

After tackling any other fundamental pillars, companies should look kick off their foray into the Network and Environment pillar by segmenting their networks perhaps broadly at first, but with increasing granularity. Major functional areas include business-to-business (B2B) segments, consumer-facing (B2C) segments, operational technology such as IoT, point-of-sale networks, and development networks.

After segmenting the network at a high level, companies should aim to further refine the segments, Rubrik's Mestrovich says.

"If you can define these functional areas of operation, then you can begin to segment the network so that authenticated entities in any one of these areas don't have access without going through additional authentication exercises to any other areas," he says. "In many regards, you will find that it is highly likely that users, devices, and workloads that operate in one area don't actually need any rights to operate or resources in other areas."

Zero-trust networking requires companies to have the ability to quickly react to potential attacks, making software-defined networking (SDN) a key approach to not only pursuing microsegmentation but also to lock down the network during a potential compromise.

However, SDN is not the only approach, Akamai's Winterfeld says.

"SDN is more around governance of operations but depending on your infrastructure might not be the optimal solution," he says. "That said, you do need the types of benefits that SDN provides regardless of how you architect your environment."

Finally, any zero-trust initiative is not a one-time project but an ongoing initiative. Not only do organizations need to have patience and persistence in deploying the technology, but security teams need to revisit the plan and modify it as they face and overcome challenges.

"When thinking about starting on the zero-trust journey their guidance on starting with mapping data flows then segmenting them is spot on," Winterfeld says, "but I would add that is often iterative as you will have a period of discovery that will require updating the plan."

Read the original here:
6 CISO Takeaways from the NSA's Zero-Trust Guidance - Dark Reading