一、美国军政要闻
1 美国提出新法案:希望建立人工智能国家安全委员会
U.S. Proposes New Act: Hope to Establish Artificial Intelligence National Security Council
据外媒报道,众议院武装部队新兴威胁和能力小组委员会主席Elise Stefanik最近提出新法案,希望建立一个人工智能国家安全委员会。如果该法案通过,美国总统特朗普将在2019年某个时候收到关于人工智能的完整报告。该法案将制定“2018年国家安全委员会人工智能法”,并要求临时组建一个11人委员会,其目的是对政府进行人工智能的全面审查。它要求在颁布后180天内制定初步报告。[thenextweb.com, 2018年4月9日]
Rep. Elise Stefanik, recently introduced legislation calling for the creation of a national security commission on artificial intelligence. If the bill passes, President Trump will receive a full report on AI sometime in 2019.The legislation would establish the “National Security Commission Artificial Intelligence Act of 2018,” and calls for the temporary formation of an 11-member committee whose purpose would be to conduct a general review of AI for the government. It calls for an initial report to be generated within 180 days of enactment and a comprehensive review scheduled for the President’s desk no later than one year from the commission’s formation. [thenextweb.com, 4/9/2018]
2 美国2018“网络风暴”演习:关注漏洞披露
DHS launches Cyber Storm VI
美国国土安全部(DHS)于当地时间2018年4月10日举行了“Cyber Storm VI”演习,希望以此让参与者走出“舒适区”,在关键基础设施风险加剧的情况下共享信息并响应威胁。Cyber Storm VI 演习中,交通运输和关键制造行业在内的1000多人参与其中,包括公司高管、执法机构工作人员、情报和国防官员。部分参与者在华盛顿哥伦比亚特区 DHS 下的特勤局总部参加演习,其他人则在自己的办公室参加演习。[executivegov.com, 2018年4月12日]
The Department of Homeland Security kicked off its biannual global cybersecurity incident response training exercise on Tuesday, targeting the transportation and critical manufacturing sectors for simulated cyber attacks and seeking insights that could inform updates to national coordination plans. where over 1,000 players aim to assess and enhance procedures that need to be taken to resolve a cyber incident, players from the National Cybersecurity and Communications Integration Center, federal governments and private companies. [executivegov.com, 4/12/2018]
二、前沿技术
1 BigID 获得 RSA 2018 创新沙盒冠军
BigID Named “Most Innovative Startup” at 2018 RSA Conference Innovation Sandbox Contest
RSA 2018 美国信息安全大会于当地时间 4 月 16 日到 4 月 20 日举行。在首日的“创新沙盒”竞赛中,BigID 公司获得冠军。BigID 是一家隐私保护公司,主要针对欧盟的 GDPR 以及奇特同类隐私保护法规帮助企业实现数据保护与管理企业可以有效响应“以个人数据隐私为中心的 GDPR 要求,包括被忽视的权利、加快违规响应通知、确保遵循用户协议以及限制所收集数据的使用方式等”。[finance.yahoo.com, 2018年4月16日]
RSA Conference, the world’s leading information security conferences and expositions, has named BigID “RSAC Most Innovative Startup 2018. BigID is a US-Israeli software company focused on privacy and personal data protection. BigID is redefining how enterprises satisfy GDPR and meet new data privacy and protection requirements. [finance.yahoo.com, 4/16/2018]
2 IBM:网络弹性建设,AI 与机器学习是关键
AI, Machine Learning Key To Cyber Resilience
一项项由波耐蒙研究所进行、IBM Resilient 赞助的研究发现,77%的受访者表示其所在组织内还没有以一致性方式建立正式的网络安全事件响应计划。研究人员们对419家公司的进行1900多次独立访谈,这项访谈工作持续了10个月,并于2017年3月完成,在此期间,众多来自 IT 部门、合规部门以及信息安全行业的从业者接受了调查,并借此对所在组织的网络安全实践进行了评估,收集到深入的明确数据。[zdnet.com,2018年4月3日]
The study, conducted by Ponemon Institute and sponsored by IBM Resilient, has found that 77% of respondents state they do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization. IBM's 2017 Cost of Data Breach Study collected direct and indirect cost information using interview data gathered from over 1,900 participants across 419 organizations. [zdnet.com, 4/3/2018]
三、产业动态
1 新加坡电信、SoftBank、Etisalat和Telefonica四家电信运营商组建全球网络安全联盟
Telefónica partners with Etisalat, Singtel and SoftBank to create Global Telco Security Alliance
新加坡电信(Singtel)、SoftBank(日本软银集团)、Etisalat(阿联酋电信)和Telefonica(西班牙电信)日前组建了一个网络安全联盟,旨在交换与威胁相关的数据及利用彼此的资源支持全球客户。该联盟名为全球电信商安全联盟(Global Telco Security Alliance),主要是提供一个托管安全服务平台,共同支持亚太、欧洲、中东和美洲60个国家超过12亿的用户。[telecomtv.com,2018年4月12日]
Telefónica, Etisalat, Singtel and SoftBank have today signed an agreement to create the Global Telco Security Alliance to offer their combined enterprise customers a comprehensive portfolio of cyber security services. The alliance is claimed to be one of the world’s biggest cyber security providers, with more than 1.2 billion customers in over 60 countries across Asia Pacific, Europe, the Middle East and the Americas. [telecomtv.com, 4/12/2018]
2 思科、微软及其它32家大型厂商加入“Accord”项目 旨在提升安全性水平
34 Tech Firms Sign Accord Not to Assist Government Hacking Operations
以微软为首的34家高科技公司组成的行业联盟签署了一项技术协议,将不惜一切代价保护用户信息安全,同时也不会为政府针对其它国家、公司或者个人的网络攻击提供协助。该协议是微软首席法务官布拉德史密斯的想法,他近两年一直在谈论创建数字日内瓦公约的想法。史密斯一直主张政府不应将用户和私营部门作为针对其他国家的网络攻击的一部分。[bleepingcomputer.com,2018年4月17日]
An industry group of 34 high-tech companies led by Microsoft, have signed today a tech accord, agreeing to defend customers at all costs from cybercriminal and nation-state cyber-attacks, but also not to provide any technical aid to governments looking to launch cyber-attacks on other countries, companies, or individual users. The accord is the brainchild of Microsoft Chief Legal Officer Brad Smith, who's been talking for almost two years about the creation of a Digital Geneva Convention. [bleepingcomputer.com, 4/17/2018]
四 硅谷群英
1 谷歌公布最新Fuchsia操作系统说明文档
Google publishes documentation explaining the Fuchsia Operating System
谷歌公司终于公布了其 Fuchsia 操作系统迄今为止最为完整的说明文档,旨在供开发人员以及修复人员闲暇时进行阅读了解,这份名为《The Book》的文档正式揭开 Fuchsia 操作系统的神秘面纱。由谷歌公司开发的继 Android 和 Chrome OS 之后的第三个系统,目前Android 和 Chrome OS都是使用 Linux 内核,但从这份最新发布的说明文档中,谷歌明确 Fuchsia 并非基于 Linux内核。[xda-developers.com,2018年4月11日]
Google has released details on its experimental new operating system Fuchsia, explaining that - unlike its existing platforms, Chrome OS and Android - it will not be based on the Linux kernel. Now, that appears to be changing as Google has published a documentation page called “The Book.” The page aims to explain what Fuchsia, the “modular, capability-based operating system” is and is not. The most prominent text on that page is a large section explaining that Fuchsia is NOT Linux, in case that wasn’t clear already. [xda-developer.com, 4/11/2018]
2 思科将Webex Spark和Webex合并成Webex Teams
Cisco folds Spark into Webex as Webex Teams
思科周三宣布将思科Spark和Webex平台融合到一个全新的服务生态系统里。结果是一个包括新的Webex会议应用程序和Webex Spark应用程序在内的系统,名为Webex Teams。Webex Teams含思科Spark的所有协作功能,并提供基于Webex会议平台的功能,例如白板、持久消息传递、简单访客接入和内容共享等。[zdnet.com,2018年4月18日]
Cisco on Wednesday announced the convergence of its Cisco Spark and Webex platforms into a new ecosystem of services. The result is a new Webex meetings application and a Webex-enabled Spark application -- now called Webex Teams. Webex Teams takes all of the collaboration features in Cisco Spark and offers them alongside features based on the Webex conferencing platform, such as whiteboarding, persistent messaging, simple guest access, and content sharing. [zdnet.com, 4/18/2018]
五、硅谷之声
美国土安全部(DHS)部长Kirstjen Nielsen表示,美还没有排除对外国进行网络攻击并采取全方面回应的选择。在旧金山举行的RSA网络安全会议上,这位部长表示,美国需要采取强硬的立场来终止黑客对该国基础设施的攻击。美国政府和科技界正在解决一个棘手的问题,即各国是否要对由外国政府发起或资助的黑客发起网络攻击。目前该问题还未达成共识,但许多科技公司都表示不会参加这样的行动。
Speaking to the RSA cybersecurity conference in San Francisco, Nielsen said the US needs to take an assertive stance to stop hacks against its infrastructure. To deter such attacks, she considers the possibility of recommending cyberstrikes when planning responses with other government agencies.Nielsen's comments come as the government and technology community wrestle with the thorny issue of whether countries should carry out cyberattacks in response to hacks committed or funded by foreign governments. No consensus has emerged and many tech companies have declared they won't participate in a cyberstrike.