NIST

Subscribe to NIST
Health-law-Privacy

On January 26, 2023, the National Institute of Standards and Technology (“NIST”) released guidance entitled Artificial Intelligence Risk Management Framework (AI RMF 1.0) (the “AI RMF”), intended to help organizations and individuals in the design, development, deployment, and use of AI systems. The AI RMF, like the White House’s recently published Blueprint for an AI Bill of Rights, is not legally binding. Nevertheless, as state and local regulators begin enforcing rules governing the use of AI systems, industry professionals will likely turn to NIST’s voluntary guidance when performing risk assessments of AI systems, negotiating contracts with vendors, performing audits on AI systems, and monitoring the use AI systems.

Continue Reading NIST Publishes Artificial Intelligence Risk Management Framework

Health-law-Privacy

The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged a “Shields Up” defense in depth approach, as Russian use of wiper malware in the Ukrainian war escalates. The Russian malware “HermeticWiper” and “Whispergate” are destructive attacks that corrupt the infected computers’ master boot record rendering the device inoperable. The wipers effectuate a denial of service attack designed to render the device’s data permanently unavailable or destroyed. Although the malware to date appears to be manually targeted at selected Ukrainian systems, the risks now escalate of a spillover effect to Europe and the United States particularly as to: (i) targeted cyber attacks including on critical infrastructure and financial organizations; and (ii) use of a rapidly spreading indiscriminate wiper like the devastating “NotPetya” that quickly moves across trusted networks. Indeed, Talos researchers have found functional similarities between the current malware and “NotPetya” which was attributed to the Russian military to target Ukranian organizations in 2017, but then quickly spread around the world reportedly resulting in over $10 billion dollars in damage.[1] The researchers added that the current wiper has included even further components designed to inflict damage.

Continue Reading CISA Encourages “Shields Up” to Protect Operations and Workers as Cyber War Ramps Up

Macro,Eyes,Web,Surfer,And,The,Office,Worker,,Insurance,Broker,

The Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) jointly published a new resource as part of their ongoing efforts to promote awareness of, and help organizations defend against, supply chain risks. The publication, Defending Against Software Supply Chain Attacks, provides recommendations for software customers and vendors

Enacted on December 4, 2020, the Internet of Things Cybersecurity Improvement Act of 2020 (the “IoT Act”) is expected to dramatically improve the cybersecurity of the ubiquitous IoT devices.[1] With IoT devices on track to exceed 21.5 billion by 2025, the IoT Act mandates cybersecurity standards and guidelines for the acquisition and use by