Podcasts about technology nist

Rob Knake is a professional specializing in quality systems, metrology, and standards development. He is actively employed with the National Institute of Standards and Technology (NIST) and involved with NCSL International, where he contributes to training, technical exchanges, and the advancement of measurement science. With expertise in ISO/IEC 17025, measurement traceability, and laboratory accreditation, Rob frequently leads seminars and workshops aimed at enhancing metrology practices. His roles encompass coaching, public speaking, and organizational leadership, focusing on improving quality systems and fostering collaboration within the metrology community. Rob's professional endeavors are highlighted through his active participation in events like the NCSL International Technical Exchange and the MSC Annual Training Symposium. His contributions have been recognized in various capacities, including hosting sessions and delivering presentations on metrology and digitalization topics. For more detailed information about Rob Knake's professional background and contributions, you can visit his LinkedIn profile.

Today's bonus episode is all about MEPs, and actually a very urgent issue related to MEPs. For context, the Manufacturing Extension Partnership (MEP) is a public-private partnership that delivers comprehensive, proven solutions by helping small and medium-sized manufacturers grow, make operational improvements, and reduce risk.To put it in more simplified terms - MEPs provide resources to small- and medium-sized manufacturers that allow them to adopt new technology, upskill and train their people, and ultimately create jobs in their area. Every state has one, they go by different names in different states, and it was recently announced that this program was being defunded.Specifically, funding for 10 state MEP initiatives expired at the end of March, and the government's controlling agency, the National Institute of Standards and Technology (NIST), chose not to renew them. This is a moving target, it could change (as it already has once by extending the deadline to the end of the fiscal year), and quite frankly manufacturers don't know what's going to happen. It hasn't been communicated as to why this cut is taking place, but the reality is right now is there is a concern across the manufacturing community that funding for the entire MEP initiative - across all 50 states - might get cut.As a result of this action, a number of manufacturing podcasters got together to discuss the situation and actions that you, as manufacturers, can take to have your voices heard and say "This is ridiculous. My MEP has helped my business and community succeed for XYZ reason." We cannot afford to lose a critical resource like this that so many small- to mid-sized manufacturers rely on. All this an more in today's episode.

The U.S. National Institute of Standards and Technology (NIST) has selected the Hamming Quasi-Cyclic (HQC) algorithm as a backup post-quantum encryption standard, adding a fifth quantum-resistant tool to its lineup of post quantum cryptography (PQC) standards. Unlike the primary standard ML-KEM – which is based on a complex type of multi-dimensional modelling called lattice mathematics – HQC uses code-based cryptography, offering an alternative defense in case future quantum breakthroughs threaten the integrity of lattice-based systems. HQC emerged from NIST's fourth round of evaluation, where it outperformed similar candidates like BIKE and Classic McEliece due to its strong security and practical performance. You can listen to all of the Quantum Minute episodes at QuantumMinute.com. The Quantum Minute is brought to you by Applied Quantum, a leading consultancy and solutions provider specializing in quantum computing, quantum cryptography, quantum communication, and quantum AI. Learn more at https://AppliedQuantum.com.

As quantum computing advances, experts warn of an impending "quantum apocalypse" that could jeopardize current encryption methods. With roots tracing back to the 1990s, this threat highlights the urgent need for organizations to adopt quantum-safe cryptography. While significant technological hurdles remain, the potential for quantum attacks on sensitive data looms large. Experts emphasize the urgency of transitioning to quantum-safe cryptography to protect sensitive data from future threats, particularly as attackers may collect encrypted information now for later decryption. The National Institute of Standards and Technology (NIST) is advocating for organizations to phase out non-quantum-safe cryptography by 2035, underscoring the need for immediate action in the face of evolving quantum capabilities.

SummaryThis episode of Breaking Math explores the fundamental concept of measurement, its importance in daily life, and the necessity for standardized units. The discussion highlights the role of the International System of Units (SI) and the National Institute of Standards and Technology (NIST) in maintaining measurement accuracy. It also touches on historical measurement failures and the evolution of measurement definitions, emphasizing the future of measurement in technology and science.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramFollow Gabe on Twitter.Become a guest hereemail: breakingmathpodcast@gmail.com

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews CISA Chief Privacy Officer James Burd about data privacy and protection. Topics include how CISA protects agencies and critical infrastructure, how they responded to a recent data attack, and what risk professionals and data privacy professionals can work together to ensure their organization is resistant to data breaches.   Listen for actionable ideas to improve the cyber security at your organization. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:32] About this episode. We will discuss data privacy with James Burd, the Chief Privacy Officer of The Cyber Infrastructure Security Agency (CISA) here in the U.S. [:58] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:36] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:59] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:22] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:51] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! It is Data Privacy Week here in the U.S., through January 31st. This is an annual effort to promote data privacy awareness and education. Its events are sponsored by the National Cybersecurity Alliance. This week's theme is Take Control of Your Data. [3:23] Here to discuss how to take control of your data, and the best practices that risk professionals and business leaders need to know, is Chief Privacy Officer of CISA, James Burd. [3:36] James is the senior agency leader responsible for managing and overseeing CISA's privacy, external civil rights, civil liberties, and transparency programs. [3:46] We're going to talk about some of the big events that made headlines in late December and early January around cybersecurity and data privacy and the frameworks and strategies that risk professionals can implement to take control of their data. [4:02] CISA Chief Privacy Officer James Burd, welcome to RIMScast! [4:18] James has a fantastic team of privacy, transparency, and access professionals who provide transparency to the American public while integrating full privacy rights, liberties, and protections into the management of a safe, secure, and resilient infrastructure. [4:48] As Chief Privacy Officer, James Burd's primary responsibility is to ensure that privacy is at the forefront and integrated into every initiative, program, and policy CISA undertakes, regardless of whether it's by policy, process, or technical solutions. [5:00] This includes ensuring compliance with Federal privacy laws and embedding privacy considerations in the agency's operations and partnerships. [5:08] Protecting critical infrastructure inherently involves safeguarding sensitive and critical information that any organization holds, whether it's CISA or any of the many stakeholders of CISA. Privacy and cybersecurity are inherently interconnected. [5:21] CISA ensures its cybersecurity programs focus on protecting systems, networks, and data from unauthorized access while the privacy portion ensures that personal and sensitive data are handled responsibly, ethically, and securely. [5:39] What are the keys to a strong cybersecurity strategy? [5:52] The work CISA does in the privacy world is to ensure that the information CISA is holding is secure and safeguarded and also to tell the public how exactly they do that. [6:14] In the early days of CISA, it was a Computer Emergency Readiness Team (CERT). CERTs respond to major cybersecurity incidents at a state, local, national, or international level. A cybersecurity incident in the U.S. is similar to a cybersecurity incident in any nation. [6:50] All nations are facing the same cybersecurity issues. CISA's international work is about information sharing and helping each other understand what threats we all face. [7:19] Integrating privacy into risk management frameworks is a core consideration. A lot of the privacy work CISA does with risk managers is for ERM, identifying privacy risks and impacts and ensuring that mitigation strategies align with goals. [7:42] Risk managers are key partners in implementing strong data governance practices. CISA works with them to establish policies for data handling, access, and usage that align with the security needs and privacy protection of an agency or organization. [7:56] Risk managers have the opportunity to help privacy officers identify a privacy problem or privacy risk all across the organization. That's part of the risk manager's job as a point person. [9:13] CISA wants to do this privacy protection work with organizations before a breach. Many privacy professionals have learned the hard way that if you don't collaborate up front, you have to collaborate later, as a result of your emergency. That's not a great day. [9:29] Risk professionals have different viewpoints to consider. They may see that some privacy risks overlap with some financial risks, depending on the risk owner's point of view. It doesn't make sense to solve the same problem in 10 different ways. [10:30] The National Institute of Standards and Technology (NIST) is a valuable partner of CISA's. NIST can see what works or doesn't work as a conceptual or technical framework. NIST studies a problem from several angles and gives CISA an effective solution for the framework. [11:23] Daniel Elliott of NIST has been on RIMScast. James has collaborated with Daniel. [11:49] CISA is a collaborative agency. It does not exist without its partners and stakeholders. When NIST facilitates conversations between CISA and other stakeholders, it helps CISA figure out, of all the problems in the world, which critical problem we need to solve right now. [12:17] CISA has Cyber Performance Goals or CPGs, which are a subset of the NIST Cybersecurity Framework. CISA will tell a small business that they should start with the CPG and get it right, and then expand to everything else. [12:38] CPGs are not a substitute for a risk management framework, but they are a starting point. The CPGs would not exist if not for the work NIST had done in talking to small, medium, and large businesses and figuring out all the different issues they face. [13:08] In December, Chinese cyber attackers infiltrated U.S. agencies. When there is a major incident like that, there is a whole-government response. CISA plays an important role in that response, like a firefighter. Law enforcement plays the role of investigator. [14:16] CISA and its interagency partners are heavily involved in responding to recent Chinese activity associated with both Salt Typhoon and Volt Typhoon. They've been working very closely with the Treasury Department to understand and mitigate the impacts of the recent incident.  [14:35] There's no indication that any other Federal agency has been impacted by the incident but CISA continues to monitor the situation and coordinate with other authorities, like the FBI, to ensure that there's a comprehensive response. [14:50] The security of federal systems and data is of critical importance to national security. CISA is working aggressively to safeguard any further impacts. The People's Republic of China is a persistent threat, specifically, the GRC and related entities, who perform these activities. [15:12] They're one of the most persistent and strategically sophisticated adversaries we face in cyberspace today. The PRC has decades of experience in conducting rampant cyber espionage against U.S. businesses and critical infrastructure. [15:26] CISA has become increasingly concerned over the last year that the PRC is not just doing espionage but is trying to burrow into the critical infrastructure for a rainy day. These state-sponsored activities are coming from campaigns like Volt Typhoon and Salt Typhoon. [15:45] What happened to Treasury provides a stark example of these types of tactics. These tactics target critical infrastructure such as telecommunications, aviation, water, and energy. [15:56] Their goal, as far as we can tell, is not to cause immediate damage but to gain persistent access to those systems and remain undetected until they want to do something. [16:08] CISA has been very involved, not just responding to these incidents, but deeply studying these incidents to understand what is happening and what we need to do as a government and nation to protect ourselves from these burrowing activities. [16:27] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:39] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:55] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:07] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:20] Let's Return to My Interview with James Burd of the Cyber Infrastructure Security Agency!   [17:42] Whether talking about AI, IoT, or 5G, the issues are hardware problems and software problems. [18:02] The issues of the 1970s are similar to the issues of the 2020s, regarding vulnerabilities, exposure, and unsafe practices when developing software and hardware. [18:20] What we're seeing in the emerging technology space with AI, IoT, and 5G is an increase in the volume and velocity of data. The improvement of technology in this space is based on power and efficiency. Software improvement is based on the reach of interconnectivity. [18:34] Privacy and cybersecurity risks do not just appear. We're seeing existing risks and issues increasing in size and complexity. What we previously thought of as a perceived risk is now a real risk, thanks to advances in computational power and the amount of data available. [18:54] It's always been a risk but it was less likely to occur until this point where there's more data, more volume, and more complexity. AI systems rely on a vast amount of personal data, raising concerns about data security, algorithmic bias, and a lack of transparency. [19:11] We've heard about these risks with machine learning and big data databases. They require governance frameworks that address how data is collected, stored, and used in systems, or, in this case, AI models. [19:28] Those frameworks should be familiar to anyone working in the data protection space or the risk management space for the last three decades. Insurers getting into the cybersecurity space have been paying stark attention to this. [19:58] We've found out that IoT devices are probably the easiest and most risky entrance points within networks into homes and critical infrastructure devices. The biggest risks they create are unauthorized access, data breaches, and potential surveillance. [20:19] These are not new risks. They're existing risks that are promulgated because of the new avenue to get in. It used to be that the worst thing that could happen to an IoT device like a router is that it gets compromised and becomes part of a botnet to take down websites. [20:38] Today, that still happens, but that IoT device is looked at as the back door for entering someone's network if it's not properly secured. [20:49] In itself, 5G is awesome. There are fantastic things to do with increased data flow. With increased speed and connectivity come the ability to move more data at a time and we're facing data being transferred in an insecure manner. People don't know what data they're sharing. [21:15] We're running into the same classic issues but they're exacerbated by something we view as a major success, access. Access should be celebrated but we shouldn't open doors because we can open them. We need to be able to make sure those doors are secured. [21:48] James paraphrases Mark Groman, a privacy expert formerly with the FTC. “Privacy and cybersecurity are sometimes viewed as competing priorities. They are two sides of the same coin. I refuse to live in a world where you compromise security for privacy or vice versa.” [22:11] We live in a world where you can have both. The great thing about advancing technologies is that we can do both. Both cybersecurity and privacy aim to protect sensitive data and systems, just from slightly different angles and for different reasons. [22:31] There has to be a collaborative approach between cybersecurity and privacy. An intermediary like a risk professional can help cybersecurity and privacy teams work together. [22:41] By leveraging things privacy-preserving technologies and designing privacy into cybersecurity measures, organizations can bridge the gap and achieve harmony between the two essential functions. This strengthens the organization and its overall risk management. [22:58] When a risk is realized in one area, it's common for it to be a harmonious risk with another risk in a different area. In the privacy and cybersecurity space, risks overlap often. Conflicts between cybersecurity and privacy are easily bridged. [23:24] Cybersecurity professionals want to collect more data; privacy professionals want you to minimize the amount of data you collect. [23:34] Cybersecurity relies on extensive data collection to detect, monitor, and respond to threats. Privacy wants to collect only what's necessary and maintain it for a minimum time. [23:46] Security monitoring tools like intrusion detection systems may gather logs or metadata that could include personal data, creating potential privacy risks, especially for an insider threat. [24:00] Organizations can implement privacy-aware cybersecurity solutions that anonymize or pseudo-anonymize data where possible, allowing cybersecurity professionals to get to the root of the problem they're trying to solve while masking sensitive data. [24:13] If you're investigating an insider threat, you can unmask the data. Do you need that data to do the job that you're tasked to do? If not, why run the risk of inappropriately accessing it? [24:53] Privacy frameworks will always encourage transparency about data usage and sharing, especially by private entities doing consumer business and handling personal information. [25:07] The public needs to know what you are collecting from them, how you are using it, and whether are you sharing it. They need to know if you are handling their data securely. [25:38] James would tell cybersecurity professionals that if they think obscurity is security, they should find another job. Obscurity is typically the worst way to secure things. [25:51] There are ways to describe how data is being held or secured by an organization without compromising the cybersecurity tools or techniques used to monitor or look for vulnerabilities. [26:03] Transparency can be maintained without compromising security and can be used in a way to assure the public that an organization is keeping serious security techniques in mind when handling the public's data. James tells how to share that message with the public. [27:08] When James opens software, he reads the Third Party Agreements. He knows most people don't. Government agencies include a plain language version of the agreement. Some private companies are doing the same to help people understand how their data is being used. [28:40] Quick Break for RIMS Plugs! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through August 6th, 2025. [28:58] This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world! Also known as the Risk Management Roundup in San Antonio, you can join as a speaker!  [29:11] The Conference planning committee is interested in submissions that explore technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and other trending now sessions. [29:28] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode's show notes. Go check it out! [29:39] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [29:58] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [30:20] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [30:30] Let's Return to the Conclusion of My Interview with the Chief Privacy Officer of CISA, James Burd! [31:00] A lot of ERM frameworks exist because they were required by regulation or law. [31:10] Privacy professionals are starting to see the same risks that risk management and compliance professionals have been dealing with for decades. The big tools that privacy professionals use are called Data Privacy Impact Assessments (DPIA). [31:29] DPIAs vary, depending on the regulatory framework or law. DPIAs do two things: they identify what data assets you have and they examine the risks that are associated with the handling of those data assets and what mitigations must be in place to buy down those risks. [31:48] That assessment can populate half of an ERM framework's register. Getting involved with your privacy program manager as they do these DPIAs may first cause the privacy program manager to resist your risk assessment, but a risk in one space is a risk in another space. [32:21] The DPIA is a valuable source of information for a risk manager. You can see the risks earlier. You can identify with the privacy program manager what some of the major risks might become. That means both realized and unrealized risks, which are equally important. [33:06] A privacy program manager will be preoccupied with a lot of the perceived risks. A risk manager wants to know which risks are more likely and identify them early. [33:40] A likelihood assessment will help the privacy officer identify how many “calories” to spend on this risk. The risk manager and privacy manager have a mutually beneficial relationship. They help each other. [34:17] CISA provides cybersecurity education, news on vulnerabilities and cyber threats, threat intelligence, and service to critical infrastructure providers once there is an incident of some sort. The CISA website shows cyber threat indicators of what a compromise might look like. [35:40] CISA has found novel patterns on networks that make it hard to tell that your network has been compromised. CISA calls those things “Left of Doom.” On the “RIght of Doom,” CISA prioritizes the incidents that it responds to. [36:02] CISA focuses primarily on critical infrastructure. If you have a situation CISA cannot respond to, they will assist you by a local field office to find the people to help you, whether it's law enforcement, local cyber security service providers, or a local Emergency Response Team. [37:03] Companies are involved in the California wildfires. Could an incident like that distract them that they might become susceptible to data breaches? James notes that you can't address every problem at the same time. Prioritize, rack, and stack. [37:17] Incidents are going to happen. CISA asks agencies and companies to take the time and spend the resources to knock out all the low-hanging fruit. The great majority of incidents CISA sees are bad actors exploiting very simple, easy-to-fix vulnerabilities. [37:55] It might be companies not using encrypted traffic, or only using a password to secure access to a server. The fix is relatively low cost or low impact. It takes time to figure out how to do the fix, but you'll be grateful that you took the time and spent the money to implement it. [38:24] The cost of a greater fix from the breach of a simple vulnerability will be far greater than the resources you'd spend to address it in the first place. Establishing that floor will help you focus on other “fires” that pop up while assuring you won't get “popped” for a silly reason. [38:49] If somebody's going to get you, make sure they've tried their hardest to get you. [38:58] It's Data Privacy Day today, as this episode is released! It's the start of Data Privacy Week! The theme is Take Control of Your Data!  [39:22] Robust privacy governance tips: Figure out where your data asset inventory is for your organization. Keep track of it and keep track of the risk associated with each data asset, Each data asset may have a different set of risks. [39:47] Every organization should maintain a comprehensive inventory of data assets, detailing what data is collected, where it is stored, who has access to it, and how it's used. [39:56] The risk professional probably isn't the one who takes the inventory, but they should have access to it and they should be evaluating that inventory.  [40:06] The risk professional can help the privacy manager by helping them establish clear policies and procedures for handling data, access control, and breach response, based on real risk. A privacy officer sometimes has difficulty identifying a real risk over a perceived risk. [40:23] By focusing on real risks, you avoid the problem where privacy officers spend too much energy coming up with solutions for the most unlikely scenarios, leaving organizations unprepared for what's likely to happen. [40:42] Special thanks again to James Burd of CISA for joining us here on RIMScast! There are lots of links about Data Privacy Day and Data Privacy Week in this episode's show notes. [40:54] Also see links to RIMS Risk Management magazine coverage of data privacy through the years and links to some RIMScast episodes that touch upon the topic. Be sure to tune into last week's episode with Tod Eberle of the Shadowserver Foundation on cyber risk trends of 2025! [41:18] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [41:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [42:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [42:23] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [42:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [42:53] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [43:00] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4-7. | Register today! RIMS Legislative Summit — March 19‒20, 2025 Cyber Infrastructure Security Agency National Cybersecurity Alliance | Data Privacy Week 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27, 2025 | Instructor: Elise Farnham “Managing Data for ERM” | March 12, 2025 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Cyberrisk Trends in 2025 with Shadowserver Alliance Director Tod Eberle” “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff”   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance”| Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: James Burd, Chief Privacy Officer, Cyber Infrastructure Security Agency (CISA)   Production and engineering provided by Podfly.  

On this episode of Translating Proteomics, co-hosts Parag Mallick and Andreas Huhmer of Nautilus Biotechnology discuss the reproducibility crisis in biology and specifically focus on how we can enhance reproducibility in computational proteomics. Key topics they cover include:• What the reproducibility crisis is• Factors that make it difficult to replicate multiomics research• Steps we can take to make biology research more reproducibleChapters 00:00 – 01:20 – Introduction01:20– 03:10 – What is reproducibility in research and why is it important?03:10 – 05:42 – Recent work from the Mallick Lab focused on computational proteomics reproducibility05:42 – 09:32 – Ways to help improve reproducibility in computational proteomics – More detailed documentation, moving beyond papers as our main form of documentation, and ensuring computational workflows are available,09:32 – 11:30 – Why Parag got interested reproducibility – Attempts to build AI layers on top of current workflows11:30 – 14:00 – The need to create repositories of analytical workflows codified in a structured way that AI can learn from14:00 – 15:24 – A role for dedicated data curators15:24 – 18:31 – Moving beyond the idea of study endpoints and recognizing data as part of a larger whole18:31 – 21:32 – How does AI fit into the continuous analysis and incorporation of new datasets21:32 – 23:36 – The role of AI in helping researchers design experiments23:36 – 27:25 – Three things we can do today to increase the reproducibility of computational proteomics experiments:· Be clear about the stated hypothesis· Document analyses through workflow engines and containerized workflows· Advocate for support for funding for reproducibility and reproducibility tools27:25 – End – OutroResourcesParag's Gilbert S. Omenn Computational Proteomics Award Lectureo In this lecture, Parag describes his vision for a more reproducible future in proteomicsNature Special on “Challenges in irreproducible research”o A list of articles and perspective pieces discussing the “reproducibility crisis” in researchWhy Most Published Research Findings Are False (Ioannidis 2005)o Article outlining many of the issues that make it difficult to reproduce research findingsReproducibility Project: Cancer Biologyo eLife initiative investigating reproducibility in preclinical cancer researchCenter for Open Science Preregistration Initiativeo Resources for preregistering a hypothesis as part of a studyNational Institute of Standards and Technology (NIST)o US government agency that aims to...

On our latest episode of The Huddle, Sheetal Shah, founder of MettaHealth Partners discusses the evolving realm of AI, the role DCESs and other health care professionals can play in embracing and adopting AI technology, and the importance of keeping a human element in the technology.Learn more about MettaHealth Partners here: MettaHealth PartnersLearn more about the National Institute of Standards and Technology (NIST) here: National Institute of Standards and TechnologyStay up to date on all things related to diabetes technology on danatech: Diabetes technology for healthcare professionals | Danatech Listen to more episodes of The Huddle at adces.org/perspectives/the-huddle-podcast.Learn more about ADCES and the many benefits of membership at adces.org/join.

Dr. Karen Hardy speaks with Clio Grillakis about the practice of Enterprise Risk Management within the CHiPs Semiconductor Manufacturing Program at the National Institutes of Standards and Technology (NIST). *An interview clarification: "the United States produces 10% of all semiconductors, not just leading-edge semi-conductors."

#285 IWC Schaffhausen | Zeit für Innovation | Dr. Lorenz Brunner | Department Manager Research & InnovationWie ein Materialwissenschaftler die Zukunft der Luxusuhren schmiedetIn dieser faszinierenden Episode des Startcast Podcasts taucht Host Max Ostermeier in die Welt von Dr. Lorenz Brunner ein, dem Department Manager Research & Innovation bei IWC Schaffhausen. Von seinen Anfängen als Werkstoffingenieur an der ETH Zürich bis hin zur Revolutionierung der Luxusuhrenwelt - Lorenz teilt seine außergewöhnliche Reise mit einer Begeisterung, die ansteckend ist.Höre, wie Lorenz den Spagat zwischen Wissenschaft und Handwerkskunst meistert. Als ehemaliger Gastforscher am National Institute of Standards and Technology (NIST) und jetziger Innovationstreiber bei IWC bringt er frischen Wind in die oft als traditionell geltende Uhrenindustrie. Erfahre, wie seine Leidenschaft für Materialforschung zur Entwicklung bahnbrechender Technologien wie Ceratanium® führte - ein Material, das die Vorteile von Titan und Keramik vereint.Tauche ein in Lorenz' Gedankenwelt, wenn er über die Herausforderungen bei der Entwicklung leuchtender Keramikuhren oder der Schaffung des präzisesten Mondphasenmoduls der Welt spricht. Wie schafft er es, die Grenzen des technisch Machbaren immer weiter zu verschieben und dabei die DNA von IWC zu bewahren?Diese Episode ist ein Muss für jeden Uhrenliebhaber und Technik-Enthusiasten. Lorenz teilt exklusive Einblicke in die Zusammenarbeit mit dem Deutschen Zentrum für Luft- und Raumfahrt (DLR) und erklärt, wie die Entwicklung von Uhrengehäusen aus keramischem Faserverbundwerkstoff (CMC) sogar zur Verbesserung von Satellitenantriebssystemen beiträgt.Lass dich inspirieren von Lorenz' unermüdlichem Forscherdrang und seiner Vision, die Uhrmacherkunst ins 21. Jahrhundert zu katapultieren. Erfahre, wie er und sein Team 22 Billionen Kombinationen von Zahnrädern durchrechneten, um den ersten säkularen ewigen Kalender zu erschaffen - eine Uhr, die theoretisch für die nächsten 11.700 Jahre genau geht.Von der Entwicklung farbiger Keramiken für die "Top Gun"-Kollektion bis hin zur Schaffung eines revolutionären Stoßabsorptionssystems - diese Episode bietet dir einen ungeschminkten Blick hinter die Kulissen der Uhreninnovation.Schnall dich an für eine Achterbahnfahrt durch die Höhen und Tiefen einer der faszinierendsten Karrieren der Schweizer Uhrenindustrie. Lorenz nimmt kein Blatt vor den Mund, wenn er über seine Visionen, Herausforderungen und die Zukunft der Zeitmessung spricht.Diese Episode ist deine Chance, einen der innovativsten Köpfe der Branche hautnah zu erleben. Tauche ein in Dr. Lorenz Brunners Welt, wo Wissenschaft auf Handwerkskunst trifft und jede Uhr eine technologische Meisterleistung ist. Lass dich von seiner Energie und seinem Innovationsgeist mitreißen und entdecke, was es wirklich bedeutet, die Zeit neu zu definieren.Citations:[1] https://ch.linkedin.com/in/lorenz-brunner-2419a7193[2] https://chapter.digital/aus-gemeinsamem-antrieb/[3] https://press.iwc.com/de/iwc-and-dlr-fibre-reinforced-ceramics-watch-cases-and-new-applications-in-space-de/[4] https://www.xing.com/profile/Lorenz_Brunner[5] https://www.google.de/policies/faq[6] https://www.watchtime.net/brands/iwc/iwc-ceralume-lewis-hamilton[7] https://www.leaders-network.de/veranstaltungen/details/online-rundgang-spektakulaerer-blick-hinter-die-kulissen-des-iwc-schaffhausen-manufakturzentrums-design-zum-greifen-nah[8] https://www.watchonista.com/articles/interviews/behind-scenes-iwcs-lorenz-brunner-birth-portugieser-eternal-calendar[9] https://open.spotify.com/episode/2bm0D4Qi1Qcks7H1IzteDl[10] https://www.iwc.com/en/journal/continued-innovation.html Get bonus content on Patreon Hosted on Acast. See acast.com/privacy for more information.

As I delve into the intricacies of Project 2025, a political initiative published by the Heritage Foundation in April 2022, it becomes clear that this is more than just a policy blueprint – it is a comprehensive vision for a radical restructuring of the U.S. federal government, aligned closely with conservative principles and the ideology of former President Donald Trump.At its core, Project 2025 is a 900-page manual titled "Mandate For Leadership," crafted by former Trump administration officials and conservative thinkers. Despite Trump's attempts to distance himself from the project, the connections run deep. Kevin Roberts, the president of the Heritage Foundation, who previously worked on Trump's transition team in 2016, has described his organization's role as “institutionalizing Trumpism”[5].One of the most striking aspects of Project 2025 is its sweeping proposal to overhaul various federal agencies. The plan calls for dismantling the Department of Homeland Security (DHS) and abolishing the Department of Education (ED), with its programs either transferred or terminated. The Department of Justice (DOJ), Federal Bureau of Investigation (FBI), Department of Commerce (DOC), Federal Communications Commission (FCC), and Federal Trade Commission (FTC) are all slated for partisan control, a move that raises significant concerns about the politicization of these critical institutions[1].The project also targets the Environmental Protection Agency (EPA), proposing to prevent the agency from using what it deems "unrealistic" projections of climate change impacts. For instance, it criticizes the RCP 8.5 emissions scenario, suggesting it has been misused for political purposes. The EPA's research activities would be subjected to closer oversight by political appointees, rather than scientists, and the agency would be barred from conducting any science activity without clear congressional authorization[2].In the realm of healthcare, Project 2025 seeks to cut Medicare and Medicaid, and urges the government to explicitly reject abortion as healthcare. It aims to eliminate coverage of emergency contraception and proposes using the Comstock Act to prosecute those who send and receive contraceptives and abortion pills. This stance is part of a broader agenda that opposes abortion and reproductive rights, reflecting the conservative values of the Heritage Foundation[1].The project's energy and climate policies are equally contentious. It advocates for reducing environmental and climate change regulations to favor fossil fuels, despite climatologists' warnings about the dangers of such policies. For example, Diana Furchtgott-Roth, the Heritage Foundation's energy and climate director, suggests that the EPA should support the consumption of more natural gas, even though this could increase leaks of methane, a potent greenhouse gas[1].Project 2025 also outlines significant changes to science policy. It proposes focusing the Department of Energy on fundamental research that the private sector would not otherwise conduct, while eliminating many of the agency's offices focused on energy technology development and climate change programs. The National Institute of Standards and Technology (NIST) would be restructured, combining it with the U.S. Patent and Trademark Office and the National Technical Information Service, with non-mission-critical research functions either eliminated or moved to other federal agencies[2].The implications of these proposals are far-reaching. By prioritizing fundamental research over practical applications and rolling back climate science initiatives, the project could significantly hinder the U.S.'s ability to address pressing environmental issues. Darrell West of the Brookings Institution argues that the inconsistencies in the plan are designed to attract funding from certain industries or donors that would benefit from these changes[1].In addition to these policy changes, Project 2025 includes plans for administrative reforms. It suggests merging the Bureau of Economic Analysis, the Census Bureau, and the Bureau of Labor Statistics into a single organization, aligning its mission with conservative principles. The project also recommends maximizing the hiring of political appointees in statistical analysis positions, a move that could compromise the impartiality of these agencies[1].The project's vision extends to labor policies as well. It proposes work requirements for people reliant on the Supplemental Nutrition Assistance Program (SNAP) and changes to overtime rules that could weaken protections and decrease overtime pay for some workers. It also seeks to abolish the Consumer Financial Protection Bureau and shrink the role of the National Labor Relations Board, which protects employees' ability to organize and fight unfair labor practices[1].Despite the ambitious scope of Project 2025, it is not without its critics. The American Civil Liberties Union (ACLU) has labeled the initiative as a threat to democracy, arguing that many of its recommendations are outright unconstitutional and erode fundamental rights such as reproductive rights, LGBTQ rights, and racial equity[5].As we look ahead, the implementation of Project 2025's proposals hinges on several key milestones. With Trump's return to office, the project's authors are poised to integrate their work into the new administration's policies. Russell Vought, the founder of the Center for Renewing America, which is on Project 2025's advisory board, has been named policy director of the Republican National Committee platform committee. Vought has confirmed that they are "secretly drafting hundreds of executive orders, regulations, and memos" to lay the groundwork for rapid action on Trump's plans if he wins[1].In conclusion, Project 2025 represents a seismic shift in the way the U.S. federal government could operate, with far-reaching implications for various aspects of American life. As the country navigates these proposed changes, it is crucial to consider both the stated goals and the potential impacts of such a radical overhaul. Whether these policies will come to fruition remains to be seen, but one thing is certain – the next few years will be pivotal in determining the future of American governance.

* New Phishing Scam Uses Fake CAPTCHA Tests to Install Malware* Google Releases Open-Source Tool to Speed Up Android Security Patching* The Global Trail of Stolen Smartphones* Year-Long Attack Steals Credentials from Security Researchers and Hackers* Australia Leads the Way in Quantum-Resistant CryptographyNew Phishing Scam Uses Fake CAPTCHA Tests to Install Malwarehttps://au.pcmag.com/security/107245/this-captcha-test-can-trick-windows-users-into-installing-malwareA new phishing scam is targeting unsuspecting users with fake CAPTCHA tests. These malicious tests, disguised as legitimate security measures, are designed to trick victims into installing malware on their devices.How the Scam Works:* Fake CAPTCHA: Users encounter a fake CAPTCHA test on a malicious website.* Malicious Instructions: The CAPTCHA asks users to perform specific keystrokes, such as "Windows + R" followed by "Ctrl + V."* Malware Installation: These keystrokes execute a PowerShell script that downloads and installs the Lumma Stealer malware.* Data Theft: Once installed, the Lumma Stealer can steal sensitive information, including passwords, cookies, and cryptocurrency wallet details.The Growing Threat of Phishing Attacks:This latest phishing scam highlights the ongoing threat posed by cybercriminals who continuously evolve their tactics to target unsuspecting users. It's crucial to remain vigilant and exercise caution when encountering online requests, especially those involving unusual actions.Tips to Protect Yourself:Be Wary of Unusual CAPTCHAs, If a CAPTCHA test asks you to perform actions beyond simple image recognition, be suspicious. And avoid clicking on links in unsolicited emails or messages, even if they appear to come from a trusted source.Google Releases Open-Source Tool to Speed Up Android Security Patchinghttps://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.htmlGoogle has released Vanir, a new open-source tool designed to streamline the process of identifying and applying security patches to Android devices.The Problem:The Android ecosystem relies on a complex update process where manufacturers must incorporate security fixes from Google and deploy them to individual devices. This process is time-consuming and labor-intensive, often leaving devices vulnerable for longer periods.Vanir's Solution:Vanir uses static code analysis to directly compare a device's code against known vulnerable code patterns. This approach avoids relying on unreliable metadata like version numbers and focuses on the actual code itself.Benefits of Vanir:* Faster Patch Identification: Vanir automates the identification of missing security patches, significantly reducing the time it takes for manufacturers.* Improved Accuracy: Vanir boasts a 97% accuracy rate, minimizing false alarms and wasted effort.* Scalability: Vanir can be applied across diverse Android ecosystems and can be easily adapted to other platforms with minor modifications.* Open Source: By making Vanir open source, Google encourages collaboration and wider adoption within the security community.Impact:Vanir is expected to significantly improve the security posture of Android devices by enabling faster and more efficient deployment of critical security patches. This will ultimately benefit all Android users by reducing their exposure to vulnerabilities.Availability:Vanir is available now on GitHub under the BSD-3 license. The tool can be used as a standalone application or integrated into existing build systems.The Global Trail of Stolen Smartphoneshttps://www.dailymail.co.uk/news/article-14165053/How-stolen-phone-ends-Chinas-Silicon-Valley.htmlA Dark Journey from London Streets to Chinese MarketsThe theft of mobile phones in major cities like London has become a significant global issue, with stolen devices often ending up thousands of miles away in China.The Theft and Smuggling Process:* Street Theft: Phone snatchers, often operating in gangs, target unsuspecting victims in busy areas.* Handoff to Brokers: Stolen phones are quickly passed on to brokers, who may be involved in other criminal activities.* Securing the Device: To prevent tracking, the phones are placed in Faraday cages to block signals.* Shipping to China: The phones are shipped to China, often through intricate smuggling routes.* Repairs and Resale: In China, stolen phones are either sold as second-hand devices or disassembled for parts. Valuable components like gold, silver, and lithium-ion batteries are extracted.The Impact on Victims:Beyond the financial loss, victims of phone theft may also face privacy and security risks. Stolen phones can be used to access personal information, financial accounts, and social media profiles.Combating the Problem:Law enforcement agencies, technology companies, and governments are working together to combat phone theft and the global black market. Some strategies include:* Improved Tracking Technologies: Phone manufacturers are implementing advanced tracking and security features to deter theft and facilitate recovery.* International Cooperation: Law enforcement agencies are collaborating across borders to disrupt criminal networks involved in phone theft and smuggling.* Public Awareness Campaigns: Educating the public about the risks of phone theft and how to protect themselves.While significant progress has been made, the global trade in stolen phones remains a complex issue. By understanding the methods used by criminals and the international supply chain, we can work towards more effective prevention and recovery strategies.Year-Long Attack Steals Credentials from Security Researchers and Hackershttps://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/Over 390,000 WordPress credentials and sensitive data stolen in a large-scale campaign targeting cybersecurity professionals.A sophisticated cyberespionage campaign spanning over a year has compromised hundreds of systems belonging to security researchers, penetration testers, and potentially even malicious actors. Datadog Security Labs discovered the campaign, which is believed to be carried out by a threat actor tracked as MUT-1244.Fake Exploits and Phishing Lured VictimsThe attackers used a two-pronged approach:* Trojanized Repositories: They created fake repositories on GitHub containing malicious code disguised as proof-of-concept exploits for known vulnerabilities. Security professionals searching for exploit code unknowingly downloaded and executed the malware.* Phishing Emails: Phishing emails tricked victims into installing fake kernel updates that were actually malware.Stolen Data Included SSH Keys and AWS CredentialsThe malware targeted valuable data, including:* WordPress credentials (over 390,000 stolen)* SSH private keys* AWS access keys* Command historyAttackers Exploited Trust Within Security CommunityThe use of fake repositories on trusted platforms like GitHub allowed the attackers to exploit trust within the cybersecurity community. Additionally, some of the stolen credentials likely belonged to attackers who were using a tool called "yawpp" to validate stolen credentials. This suggests the attackers were targeting both legitimate security professionals and malicious actors.Hundreds Still at Risk as Campaign ContinuesResearchers believe hundreds of systems remain compromised, and the campaign is still ongoing. Security professionals and researchers are advised to be cautious when downloading code from untrusted sources and to be wary of unsolicited emails, even those seemingly related to security updates.Australia Leads the Way in Quantum-Resistant Cryptographyhttps://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptographyAustralia's Cyber Security Agency Accelerates Transition to Post-Quantum CryptographyThe Australian Signals Directorate (ASD) has announced plans to phase out traditional cryptographic algorithms like SHA-256, RSA, ECDSA, and ECDH in high-assurance cryptographic equipment by 2030. This move aims to proactively address the potential threat posed by quantum computing advances, which could render current encryption methods obsolete.The Quantum Threat:Quantum computers, once fully realized, have the potential to break current cryptographic standards, compromising sensitive data and systems. To mitigate this risk, the US National Institute of Standards and Technology (NIST) has developed new quantum-resistant algorithms.Australia's Proactive Approach:While NIST has set a 2035 deadline for transitioning to quantum-resistant cryptography, Australia is taking a more aggressive stance, aiming to complete the transition five years earlier for high-assurance systems. This proactive approach demonstrates Australia's commitment to cybersecurity and its recognition of the potential impact of quantum computing.Challenges of the Transition:The transition to post-quantum cryptography presents significant challenges, including:* Technical Complexity: Implementing new cryptographic algorithms requires careful planning and technical expertise.* Interoperability: Ensuring compatibility with existing systems and standards is crucial.* Security Risks: A poorly executed transition could introduce new vulnerabilities.The Road Ahead:As quantum computing technology continues to advance, it is essential for organizations to stay informed about the latest developments and to plan for a smooth transition to quantum-resistant cryptography. By taking proactive steps to adopt new standards, organizations can protect their sensitive data and systems from future threats. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

In the latest episode of the Security Sprint, Dave and Andy covered the following topics: Warm Start: H2OEx - An Exercise for the Water Sector   Main Topics: UHC Assassination: ·      Health insurers step up security, scrub websites of leadership information ·      Luigi Mangione, suspect in fatal shooting of UnitedHealthcare CEO Brian Thompson, used ghost gun that may have been 3D-printed ·      Suspect in killing of health care CEO faces 5 charges including forgery and firearm without a license ·      Health care CEO shooting suspect was Ivy League graduate who appears to have written about Unabomber online ·      Suspect in fatal shooting of UnitedHealthcare CEO Brian Thompson ID'd as Luigi Mangione, an ex-Ivy League student ·      Luigi Mangione's sprawling family found success after patriarch's rise ·      Health insurers step up security, scrub websites of leadership information ·      UnitedHealth CEO says insurer will continue to prevent ‘unnecessary care' in leaked video as sick trolls warn, ‘Dude's next' ·      What Companies Should Be Asking Their Security Teams Right Now ·      A timeline of the fatal shooting of UnitedHealthcare CEO Brian Thompson and search for his killer ·      UnitedHealth CEO's killing unleashes social media rage against insurers ·      UnitedHealthcare CEO kept a low public profile. Then he was shot to death in New York ·      Bullets fired at healthcare CEO in fatal shooting had words carved on them ·      Message on bullets fired by healthcare CEO's assassin bear eerie link to book condemning insurance companies ·      Copycat, Contagion, and the Robin Hood Effect as Risk Enhancers in Targeted Violence   Faith-Based Threats ·      Terror attack on Bavarian Christmas market foiled by police ·      Man in van filled with explosives, guns intended to attack a North Texas church, report states ·      FeatherRiver School of Seventh-Day Adventists Shooting: o  2 kindergarteners wounded and gunman dead after shooting at California religious school ·      Five-Eyes security and law enforcement agencies release joint authored analysis of youth radicalization & PDF analysis.   Six password takeaways from the updated NIST cybersecurity framework. Password security is changing — and updated guidelines from the National Institute of Standards and Technology (NIST) reject outdated practices in favor of more effective protections.    Quick Hits: ·      FBI IC3 PSA: Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud ·      Russian Woman Arrested In U.S. For Alleged Ties To Russian Intelligence ·      NGA: 2024 State Experts Roundtable On Protecting Energy Infrastructure From Physical Attacks ·      Manager of Chatham County Company Charged with Skimming Hundreds of Thousands of Dollars From Employer with Fake Invoices ·      The California tsunami danger is real. The 7.0 earthquake is wake-up call to prepare. o  'Swaying back and forth': Magnitude 7 earthquake, aftershocks rock California o  Tsunami warning canceled after strong California earthquake Salt Typhoon: o  White House says at least 8 US telecom firms, dozens of nations impacted by China hacking campaign o  FCC chair proposes cybersecurity rules in response to China's Salt Typhoon telecom hack   Health: o  What is mystery 'disease x' and why have dozens died in DR Congo? o  Unknown disease kills 143 in southwest Congo, local authorities say o  FINAL REPORT: COVID Select Concludes 2-Year Investigation, Issues 500+ Page Final Report on Lessons Learned and the Path Forward ·      Korea arrests CEO for adding DDoS feature to satellite receivers ·      Outraged? You're more likely to share misinformation, study finds ·      Romania hit by major election influence campaign and Russian cyber-attacks ·      EU orders TikTok to freeze Romanian elections data ·      Choosing secure and verifiable technologies ·      CISA Releases New Public Version of CDM Data Model Document

Integrity360, one of the leading pan-European cyber security specialists, has announced the launch of its new Managed ASM service designed to address the growing complexities of securing diverse environments, including IT (Information Technology), Operational Technology (OT) and Internet of Things (IoT). The Attack Surface Management (ASM) service provides complete visibility into an organisation's attack surface, enabling proactive risk reduction, exposure management, and threat detection to safeguard critical assets. The attack surface is expanding at an unprecedented rate, with the number of connected assets worldwide expected to grow by an additional 50 billion devices by 2030. This surge, driven by the adoption of IoT, OT, and other connected technologies, has created new opportunities for cyber attackers to exploit poorly secured assets. Integrity360's Managed ASM enables organisations to discover, prioritise, and remediate risks before they can be exploited. According to Gartner, organisations prioritising continuous threat exposure management (CTEM) will be three times less likely to suffer a breach by 2026, highlighting the critical importance of the ASM service. Powered by the Armis Centrix Cyber Exposure Management (CEM) Platform, Integrity360's Managed ASM leverages advanced automation and AI to discover and monitor all assets, identify exposures, and provide actionable recommendations for remediation. "Integrity360's Managed ASM provides organisations with a complete, end-to-end attack surface management solution," said Jamie Andrews, Senior Director of International Partners at Armis. "By leveraging our platform's AI-driven intelligence alongside Integrity360's expert management and remediation services, businesses can stay ahead of evolving threats and maintain a proactive security posture across even the most complex environments." According to the National Institute of Standards and Technology (NIST), an organisation's attack surface includes every point where an attacker can enter or extract data from a system spanning internal and external assets. Recent incidents, such as attacks targeting IoT-connected industrial devices, illustrate how adversaries chain exposures to access or disrupt critical systems or sensitive data. With attack surfaces expanding across multiple infrastructures and a 140% increase in cyberattacks targeting critical infrastructure over recent years, the Managed ASM service responds to the urgent need for comprehensive visibility and proactive management. The Managed ASM Service addresses several challenges faced by organisations, operating on a cyclical, continuous model to ensure constant improvement in security posture.* The Managed ASM Service is tailored to help organisations reduce cyber risk by ensuring complete visibility, prioritising critical exposures, and supporting remediation efforts. This approach is especially vital for industries such as manufacturing, healthcare, and utilities, where compromised IoT and OT systems can lead to significant operational and safety impacts and aligns with specific compliance requirements for these critical sectors. "Unlike traditional solutions that focus solely on IT infrastructure, Integrity360's Managed ASM extends its capabilities beyond IT to also include OT, IoT devices, and even specialised systems like medical devices. These often-overlooked areas represent some of the most vulnerable entry points for attackers," said Brian Martin, Director of Product Management, Integrity360. "What's seen can be managed and secured. By providing granular visibility and continuous monitoring of the full attack surface, the service enables organisations to identify hidden risks across their entire environment and take proactive steps to address them." Integrity360's Managed ASM emphasises the importance of collaboration through fortnightly customer review calls and provides transparency, enabling organisations to assess risk trends, review performa...

In this episode of The Good Trouble Show with Matt Ford, physicist / electrical engineer Mitch Randall demonstrates a radar system for detecting UAPs / UFOs that can be deployed by the public, bypassing Pentagon classification rules. The tech is called Passive Bistatics and is a distributed UFO detection system with multi-sensor data and provenance. It's designed to distinguish instantaneous acceleration - something humans can't do. This tech will be globally revealed for the first time so anyone can develop the tech. The sensor platform is based on a Lockheed Martin radar system that detects ballistic missiles and other airborne targets and, of course, UAP / UFO.Follow or Contact Mitch Randall through: Twitter/X: @realityseaker Web: https://www.ascendantai.com/skywatch.Mitch Randall, MSEE, MS Phys, began building scientific instrumentation and research radars in 1984. He joined the National Center for Atmospheric Research (NCAR) in 1989 where he developed airborne, ground-based, and mobile scientific weather research radars. Randall pioneered Software Defined Radio (SDR) techniques and deployed them in NCAR, NASA, and NOAA radars. He developed a software-based Dopplerization technique for incoherent magnetron radars to create the Doppler On Wheels (DOW) tornado-chasing trucks, upon which was formed the Center for Severe Weather Research in Boulder, CO. His technologies became the industry standard for the meteorological weather radar community in the mid 90s. Working for the National Institute of Standards and Technology (NIST) in 2010, Randall developed a millimeter wave channel sounder to characterize real-world cell communications, used to develop today's 5G networks. Randall co-founded Binet in the 90s to bring passive radar tech to weather radars. Randall co-founded Advanced Radar Corporation in the 2000's. In 2005 Randall co-founded WildCharge and licensed his wireless charging technology Duracell. This invention was featured in TIME magazine's "Best Inventions of 2007" issue. Randall is a prolific inventor with licensed toys currently on the market. Randall co-founded Ascendant Artificial Intelligence (AAI), a consulting firm developing custom AI and consumer electronics. In 2021 Randall became a Research Team member of Harvard's Galileo Project, where he developed and deployed the proof of concept SkyWatch passive radar. Randall is the lead author of the paper describing the system in the Journal of Astronomical Instrumentation.The Good Trouble Show: Linktree:  https://linktr.ee/thegoodtroubleshowPatreon: https://www.patreon.com/TheGoodTroubleShow YouTube: https://www.youtube.com/@TheGoodTroubleShow Twitter / X: https://twitter.com/GoodTroubleShow Instagram: @goodtroubleshow TikTok: https://www.tiktok.com/@goodtroubleshow Facebook: https://www.facebook.com/The-Good-Trouble-Show-With-Matt-Ford-106009712211646Threads:  @TheGoodTroubleShowBlueSky: @TheGoodTroubleShowBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-good-trouble-show-with-matt-ford--5808897/support.

Dr. Laurie E. Locascio, U.S. Under Secretary of Commerce for Standards and Technology and director of the National Institute of Standards and Technology (NIST), reflects on the implementation of the bipartisan CHIPS and Science Act which appropriated over $52 billion for semiconductor manufacturing, research and development, and workforce training and education. In conversation with Karen Horting, executive director and CEO of the Society of Women Engineers, Dr. Locascio discusses how this legislation is shaping the future of the U.S. semiconductor industry and why organizations like SWE are essential to its success. Dr. Locascio shares insights on workforce development and efforts to increase the representation of women and underrepresented groups in STEM, including apprenticeships, upskilling, retraining, and returnships.

Elham Tabassi, the Chief AI Advisor at the U.S. National Institute of Standards & Technology (NIST), joins Chris for an enlightening discussion about the path towards trustworthy AI. Together they explore NIST's 'AI Risk Management Framework' (AI RMF) within the context of the White House's 'Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence'.

Elham Tabassi, the Chief AI Advisor at the U.S. National Institute of Standards & Technology (NIST), joins Chris for an enlightening discussion about the path towards trustworthy AI. Together they explore NIST's 'AI Risk Management Framework' (AI RMF) within the context of the White House's 'Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence'.

The National Institute of Standards and Technology (NIST) facces ongoing challenges regarding its backlog of security vulnerability reports. Despite some progress, NIST missed its September 30th deadline to restore processing speeds to pre-February levels, leaving over 17,000 Common Vulnerabilities and Exposures (CVEs) unprocessed. This backlog poses significant risks to organizations, as they may remain unaware of vulnerabilities that are actively being exploited. The episode highlights the importance of effective risk management in cybersecurity and encourages organizations to pressure vendors to participate in disclosure programs.The episode also delves into the rising concerns surrounding cloud security threats, which have become the top worry for executives, according to a recent PwC report. The report identifies hack and leak operations, third-party breaches, and ransomware as leading threats, with organizations feeling least prepared to address cloud attacks. Additionally, Microsoft has informed customers about a software bug that affected log data collection for key security products, emphasizing the need for robust security measures and incident response planning.Host Dave Sobel shifts focus to the impact of Broadcom's acquisition of VMware, which has led many users to explore alternatives like OpenStack. The latest version of OpenStack, codenamed Dalmatian, is experiencing a resurgence as former VMware users migrate to its platform, benefiting from improved tools and a stable ecosystem. Meanwhile, Microsoft has announced a 10% price increase for its System Center management tool set for 2025, raising questions about potential challenges for the product in the competitive landscape.Finally, the episode addresses the stagnation in IT leadership diversity, revealing concerning statistics from a recent survey. The data shows that 89.6% of IT leaders are white and 79% are male, with minimal changes from previous quarters. The Society for Human Resource Management's recent decision to remove equity from its diversity, equity, and inclusion strategy has sparked controversy, as critics argue it undermines commitments to fostering a diverse workplace. Sobel emphasizes the importance of gender diversity in IT, citing research that indicates diverse teams outperform homogeneous ones, ultimately enhancing business efficiency and customer satisfaction.Four things to know today00:00 NIST Faces Vulnerability Report Backlog as Cloud Threats Dominate Cybersecurity Concerns04:02 VMware Users Flock to OpenStack Amid Acquisition Uncertainty, While Microsoft Ups System Center Pricing for 2025 05:36 Apple Addresses macOS Sequoia Cybersecurity Bugs Ahead of Major AI Launch with iOS 18.106:38 IT Leadership Diversity Stagnates as DEI Efforts Face Scrutiny   Supported by:  https://www.huntress.com/mspradio/https://www.coreview.com/msp  Event: www.smbTechFest.com/Go/Sobel   All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

Host Dave Sobel discusses the evolving landscape of IT budgets, emphasizing a significant shift towards AI and data modernization. Accenture's recent earnings call reveals that enterprises are reallocating their IT spending to focus on enhancing digital capabilities and workforce upskilling, rather than increasing overall budgets. This trend is underscored by Gartner's forecast that AI-enabled PCs will dominate global shipments, particularly in the consumer market, indicating a growing reliance on AI technologies.The episode also highlights a concerning slowdown in the cybersecurity workforce, which has seen only a marginal increase in professionals despite a persistent shortage of nearly 5 million workers. Sobel points out that U.S. cybersecurity employment has shrunk by nearly 5%, as employers prioritize revenue-generating roles over cybersecurity positions. This disconnect between the skills sought by hiring managers and those perceived as necessary by applicants calls for more learning opportunities and a focus on recruiting diverse talent to address the skills gap.In regulatory news, California Governor Gavin Newsom vetoed a strict AI regulation bill, opting instead to collaborate with academics to develop alternative guidelines. This decision reflects the ongoing debate surrounding AI safety and regulation, with Newsom arguing against singling out large AI models. Additionally, the National Institute of Standards and Technology (NIST) has revised its password guidelines, shifting the focus from complexity to length, which aims to improve user experience and security practices.Finally, Sobel discusses Meta's recent announcements from their Connect event, particularly the unveiling of their Orion AR glasses. While the glasses showcase advanced features like eye tracking and muscle-reading technology, their high production cost means they won't be available for mass production anytime soon. Meta's commitment to innovation in spatial computing positions them as a leader in the industry, potentially paving the way for a new computing paradigm that integrates AI with real-world awareness. The episode concludes with a reflection on the importance of adapting to these technological advancements and the implications for the future of work. Three things to know today 00:00 AI and Data Take Priority as IT Budgets Shift, Cyber Workforce Slows, and Skill Shortages Persist Across Tech Sectors03:58 AI Regulation Vetoed in California as NIST Shifts Password Policy Focus from Complexity to Length05:42 Meta Leads Spatial Computing Race with Orion AR Glasses and AI Innovations, Highlighting Long-Term Industry Shift   Supported by:  https://www.huntress.com/mspradio/http://blumira.com/radio/   Event: www.smbTechFest.com/Go/Sobel    All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

In the summer of 2024, the National Institute of Standards and Technology (NIST) released a Hemp Plant Reference Material to help labs accurately measure the amount of THC, CBD, toxic elements and other compounds in cannabis products. It will also help producers and state regulators ensure that cannabis products are safe to use and accurately labeled. Today, we're going to talk about NIST's Hemp Plant Reference Material and about improving cannabis science with leading experts in the field of cannabis medicine. Our guests are Dr. Bryon Adinoff, president of the Doctors for Drug Policy Reform, and Dr. Leslie Mendoza Temple, former Chair of the Medical Cannabis Advisory Board for the Illinois Department of Public Health. Dr. Adinoff is an addiction psychiatrist, neuroscientist, academician, and advocate. He was appointed Clinical Professor at the University of Colorado School of Medicine following his retirement as Distinguished Professor of Alcohol and Drug Abuse Research in the Department of Psychiatry at the University of Texas Southwestern Medical Center and as a psychiatrist for 30 years with the Department of Veterans Affairs. He has published over 200 papers and book chapters on the neurobiology and treatment of addiction and is Editor-in-Chief of The American Journal of Drug and Alcohol Abuse. Dr. Temple is a Clinical Associate Professor for NorthShore University HealthSystem's Department of Family Medicine and Medical Director of the NorthShore Integrative Medicine Program. She was recently appointed as an endowed Chair of Integrative Medicine by the Owen L. Coon Foundation. She is also a Clinical Associate Professor in Family Medicine at the University of Chicago Pritzker School of Medicine. ◘ Related Content NIST's New Hemp Reference Material Will Help Ensure Accurate Cannabis Measurements https://bit.ly/3XWruef NIST Tools for Cannabis Laboratory Quality Assurance https://bit.ly/3Bq0lau ◘ Transcript https://bit.ly/3THgP4F ◘ This podcast features the song “Follow Your Dreams” (freemusicarchive.org/music/Scott_Ho…ur_Dreams_1918) by Scott Holmes, available under a Creative Commons Attribution-Noncommercial (01https://creativecommons.org/licenses/by-nc/4.0/) license. ◘ Disclaimer: The content and information shared in GW Integrative Medicine is for educational purposes only and should not be taken as medical advice. The views and opinions expressed in GW Integrative Medicine represent the opinions of the host(s) and their guest(s). For medical advice, diagnosis, and/or treatment, please consult a medical professional.

In August, the National Institute of Standards and Technology (NIST) released a new draft of its Digital Identity Guidelines for the identity-proofing process. This covers technologies like digital wallets, passkeys and physical identification documents like REAL ID-compliant passports and drivers licenses. The draft outlines ways to boost privacy, accessibility and security during the identity-proofing process for those accessing government services and benefits. Ryan Galluzzo is the digital identity program lead at NIST. At Identity Week in Washington, D.C., he spoke about the guidelines, the interoperability work that powers these technologies, and the importance of balancing security and accessibility when implementing digital identity programs.

Join us in this episode as we sit down with Georgia Harris, a seasoned expert with over 30 years of experience in U.S. Weights and Measures. Georgia's career includes 5 years with the State of Minnesota and an impressive 28 years at the National Institute of Standards and Technology (NIST), where she made significant contributions before her recent retirement. In our conversation, Georgia shares insights from her extensive career, including her pivotal role in evaluating and accrediting State weights and measures laboratories and her work ensuring accurate measurements for over 350,000 calibrations each year. She also discusses her involvement in training and proficiency testing for State metrologists and the development of key documentary standards for Weights and Measures field enforcement and laboratory activities. Georgia has not only presented and published widely across the U.S. but also on the global stage, including Canada, Mexico, South Africa, and Colombia. Her accolades include multiple best paper awards and notable honors such as the MSC Andrew J. Woodington Award, the NCSLI Education and Training Award, and the ASQ Measurement Quality Division Max J. Unis Award. She also served as a liaison to the Measurement Science Conference and held a long tenure on the NCSLI Board of Directors, including a term as President. Tune in to hear about her journey, her insights into the field of metrology, and her experiences from a distinguished career dedicated to advancing measurement science.

Tune in to be in the know as Craig Hill, Mike Luken, and Andy Stewart explore the crucial role of quantum safe cryptography as we approach the quantum computing era and its potential impact on current encryption methods. Discover what you need to know and how Cisco is leading the way in delivering quantum safe cryptography. The discussion begins with an overview of the urgent need to migrate to post-quantum cryptography. In the U.S., Federal agencies have been mandated by National Security Memorandum 10 to transition their cryptographic systems to withstand quantum computing attacks by 2035. This directive, enforced by the President's Office, the Office of Management and Budget (OMB), and the Office of the National Cyber Director, aims to mitigate future risks posed by quantum computers. Globally, governments, financial institutions, hospitals, and other entities requiring secure information protection are also taking steps to incorporate quantum-safe cryptography. Although quantum computers capable of breaking current encryption do not yet exist, the National Institute of Standards and Technology (NIST), in collaboration with over 100 countries and experts, has recently released the first three finalized Post-Quantum Encryption Standards. Listen in as Craig, Mike, and Andy delve into the nuances, needs, and technical details of quantum safe cryptography, and learn how Cisco is preparing for the post-quantum world.

Early in her career, Dr. Jessica Reiner realized that she cared more about ensuring the accuracy of the measurements she was making than making the measurements themselves. This realization, combined with experience in working with PFAS, led to her current role as Research Chemist at the National Institute of Standards and Technology (NIST).Join us to hear an insider's perspective on the PFAS topic, with a deep dive into the analytical methods used to detect, quantify, and identify PFAS species. Jessica and her team use LC-MS, anion exchange chromatography, and other orthogonal methods in their work and they focus on creating, validating, and maintaining reference materials (RM) and standard reference materials (SRM) that are used to help ensure that PFAS measurements are accurate and comparable with those made in other laboratories around the world. From challenges around defining a PFAS, to creating a stable, ultra-low concentration standard, to detecting ultra-high concentrations PFAS, Jessica provides an ace analytical chemist's perspective grounded in the metrology of it all.As always, and in addition to the great science, you'll get to learn about Jessica's personal career path, the ups and downs of her work, and hear her advice for career development. Related episodes: Season 4, Ep.2: The father of green chemistrySeason 2, Ep.7: Fresh urban waterSeason 1, Ep.3: There's chemistry in the air!Bonus content!Access bonus content curated by this episode's guest by visiting www.thermofisher.com/chemistry-podcast for links to recent publications, podcasts, books, videos and more.View the video of this episode on www.thermofisher.com/chemistry-podcast.A free thank you gift for our listeners! Request your free Bringing Chemistry to Life t-shirt on our episode website.Use code 0chemRcks in August, and BCTLisn3R in September. We read every email so please share your questions and feedback with us! Email helloBCTL@thermofisher.com

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Justin Smulison interviews Daniel Eliot of NIST about NIST, its new publications on cybersecurity, including two Quick Start Guides, the Cybersecurity Framework 2.0, and more, Daniel's history with cybersecurity for small businesses and his career-long passion for helping small businesses protect themselves against cybercrime.   Listen in for the latest information on NIST and cybersecurity guidelines for your organization. Key Takeaways: [:01] About RIMS. [:14] RISKWORLD 2025 will take place in Chicago, Illinois from May 4th through May 7th. The call for submissions is now open through August 27th. A link to the submission form is in this episode's show notes. [:30] About this episode. We will be joined by Daniel Eliot from the National Institute of Standards and Technology, or NIST. [:52] First, let's talk about RIMS Virtual Workshops. The full calendar of virtual workshops is at RIMS.org/VirtualWorkshops. August 15th starts the three-part series, Leveraging Data and Analytics for Continuous Risk Management. Other dates for the Fall and Winter are available on the Virtual Workshops full calendar at RIMS.org/VirtualWorkshops. [1:14] Let's talk about prep courses for the RIMS-CRMP. On September 10th and 11th, the RIMS-CRMP Exam Prep will be held with NAIT. There is another RIMS-CRMP Exam Prep on September 12th and 13th. [1:29] The next RIMS-CRMP-FED Exam Prep course will be hosted along with George Mason University on December 3rd through 5th, 2024. Links to these courses can be found on the Certification Page of RIMS.org and in this episode's show notes. [1:44] We've got the DFW RIMS 2024 Fall Conference and Spa Event happening on September 19th in Irving, Texas. Learn more about that event in Episode 299, which features an interview with the Texas State Office of Risk Management. [2:02] Also on September 19th is the RIMS Chicago Chapter's Chicagoland Risk Forum 2024. Register at ChicagolandRiskForum.org. [2:12] Registration opened for the RIMS Canada Conference 2024 which will be held from October 6th through the 9th in Vancouver. Visit RIMSCanadaConference.ca to register. [2:25] Registration is also open for the RIMS Western Regional, which will be held from September 29th through October 1st at the Sun River Resort in Oregon. Register at RIMSWesternRegional.com. [2:38] We want you to join us in Boston on November 18th and 19th for the RIMS ERM Conference 2024. The agenda is live. The keynote will be announced soon. We want to see you there! A link is in this episode's show notes. [2:53] The nominations are now open for the RIMS ERM Award of Distinction 2024. Nominations are due August 30th. A link to the nomination form is in this episode's show notes. [3:07] If you or someone you know manages an ERM program that delivers the goods, we want to hear about it. A link is in this episode's show notes. All RIMS regional conference information can be found on the Events page at RIMS.org. [3:24] On with the show! In October, we will celebrate National Cybersecurity Awareness Month. You should observe it all year round, of course. My guest today has a lot of great insight into risk frameworks. He is Daniel Eliot, the Lead for Small Business Engagement in the Applied Cybersecurity Division of The National Institute of Standards and Technology (NIST). [3:48] NIST is part of the U.S. Department of Commerce. Today, we will discuss some of the publicly available risk management frameworks and how they've evolved through the years and the new frameworks that address AI, as well. [4:05] You may remember Daniel from his appearance on an episode in April 2020, when he was with the National Cybersecurity Alliance. He is back to provide some new tips for the global risk management community. [4:18] Daniel Eliot, welcome back to RIMScast! [4:42] Justin and Daniel comment on some things that have changed since April 2020. Daniel was at the National Cybersecurity Alliance (NCA). [5:50] Now Daniel is the Lead for Small Business Engagement in the Applied Cybersecurity Division of The NIST. He shares his journey from NCA to NIST via the National Cybersecurity Center of Excellence, a NIST facility operated by Mitre. [6:52] Daniel is happy to be back supporting the small business community. [7:04] Daniel had worked in a small tech startup for almost seven years. He helped them scale the business and manage the development of their product. Next, Daniel joined the University of Delaware's Small Business Development Center, helping tech businesses start and scale. [8:16] Daniel applied for an SBA grant to help small businesses with cybersecurity. This was in 2014. The Cybersecurity Framework was published in 2014. Daniel applied the Cybersecurity Framework to small businesses. That started Daniel's career in small business cybersecurity. [9:32] There's a new NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide. Daniel's role at NIST is to coordinate across NIST, government, and the private sector, to create opportunities for the small business community to engage with NIST expertise. [10:19] The RMF Small Enterprise Quick Start Guide is a product of that coordination across NIST, government, and the private sector community. In February, NIST produced the Cybersecurity Framework 2.0 Small Business Quick Start Guide. [10:44] NIST decided to do a Quick Start Guide for a risk management framework for small to medium enterprises. The Risk Management Framework is a process. It's a holistic and repeatable seven-step process for managing security and privacy risks. [11:23] The NIST RMF Quick Start Guide provides an overview of the seven steps of the process, the foundational tasks for each step, tips for getting started with each step, a sample planning table, key terminology and definitions, questions to consider, and related resources. [11:53] It's RIMS plug time! Webinars! All RIMS Webinar registration pages are available at RIMS/org/Webinars. On August 27th, Riskonnect returns to discuss How To Successfully Deploy AI in Risk Management. [12:12] On September 5th, Merrill Herzog makes their RIMS Webinars debut with the Role of Insurance in Building Resilience Against an Active Assailant Attack. On September 19th, Origami Risk returns to deliver Leveraging Integrated Risk Management For Strategic Advantage. [12:28] Justin jumped ahead a bit. On September 12th, HUB International returns to deliver the third part of their Ready for Tomorrow series, Pivot and Swerve: Staying Agile During Shifting Market Dynamics. [12:44] Justin is delighted to be joined by the moderator for that session, the Chief Marketing Officer for Canada at HUB International, Linda Regner Dykeman. Justin welcomes Linda to RIMScast! [13:13] The webinar will be at 1:00 p.m. Eastern Time on September 12th. Linda says they will be discussing current market trends and challenges. The industry has been able to produce some very strong profits over the last few years. [13:29] The market needed correction after many years of unprofitability driven by weather events in the property line where rates seemed to be unsustainable. Casualty also had its issues, particularly with Directors and Officers Liability. [13:47] As a result of the profitability the industry was able to achieve over the last few years, most carriers have become more competitive in growing their books of business. This competition is not being seen in all lines, segments, or geographies. [14:04] Some catastrophe-prone zones such as BC and Alberta have not seen the same level of competition across the board. As the market transitions from a hard market to a competitive environment, there is some unusual and inconsistent behavior. [14:21] Carriers in Canada are being more flexible with their appetite. London is looking to grow significantly over the next couple of years with goals of hitting $100 billion by 2025. Add to that NGAs who are seeing their market share change as local carriers become more competitive. [14:39] As we transition out of what was considered to be a hard market, we see a lot of inconsistency in this market. [14:48] Add to this the supply chain issues, which are not what they once were, the economy is flat with spending, once normalized for an increase in population, it reflects that of a market in a recession. [15:02] We, as brokers are finding competitive solutions to protect our clients. We have to pivot and swerve to discover the right opportunities. [15:13] We had a significant rain event in Toronto, followed by one of the worst wildfires Jasper has ever seen, seemingly a once-in-a-hundred-year event; weather catastrophes are more severe and more frequent. [15:27] How is this going to change the availability of capacity and pricing? Time will tell, as insurers try to figure out if their pricing models included the right loadings for these events. [15:49] Being informed by what is happening in the market; the trends, the opportunities, what's available, and partnering with the right broker, will help a risk manager make an informed decision, appropriate for their business. [16:11] The panelists have decades of experience and expertise across North America. They work with clients, markets, and other experts and bring a much broader perspective and experience to this session. [16:26] Steve Pottle is the risk manager on the panel. He's been omnipresent in RIMS Canada for years. He's a former RIMS VP and is currently the Director for Risk and Safety Services at Thompson Rivers University. Justin says he's one of the best and Linda agrees. [16:57] Linda will moderate. She'll ask the panelists questions HUB International has received from its clients, based on what they are seeing happening in the environment around them. She would also like the audience to pose some questions. Audience participation is encouraged. [17:21] Justin thanks Linda Regner Dykeman of HUB International, and will see her again on September 12th, 2024 for the third installment of HUB's Ready for Tomorrow series, Pivot and Swerve: Staying Agile During Shifting Market Dynamics. [17:37] Let's return to today's interview with Daniel Eliot from NIST. [17:53] Daniel states that the Risk Management Framework is a repeatable seven-step process for managing security and privacy risks. It starts with preparation, categorizing, and understanding the information that your organization processes, stores, and transmits.  [18:20] Then you select controls, and implement those controls to protect the security and privacy of the systems. Then you assess, authorize, and monitor the controls. Are the selected controls producing the desired results? Are there changes to the organization that require new controls? [18:45] You follow the seven steps of the framework in order and repeat them in a cycle. Keep going through it. Every organization regularly changes. Technologies change. People change. That's why the framework has to be repeatable and flexible. [19:05] NIST published this Risk Management Framework Smal Enterprise Quick Start Guide as a tool to raise awareness within the Small and Medium Enterprise (SME) Community about what the Risk Management Framework is and how to get started with it. [19:26] This Quick Start Guide is not intended to guide you on your journey from start to finish for a comprehensive risk management implementation. It is a starting point. [19:41] The Guide has an overview of the steps of the Risk Management Framework, some foundational tasks for each of the RMF steps, some tips for getting started, some sample planning tables, and graphics to help people understand concepts that might be new to them. [20:02] NIST spent a lot of time defining key terminology, extracting terms out of the Risk Management Framework, and highlighting them in this Quick Start Guide. There are phrases and terms in the Risk Management Framework that some people new to it might not understand. [20:24] For example, “authorization boundary.” The Guide highlights and illustrates what these terms mean in the Risk Management Framework and adds questions for organizations to consider and use internally for discussion. The answers may be different for every organization. [21:12] This Guide is a derivative tool from the existing publication that went out for public comment. The Quick Start Guide did not go out for public comment but NIST has circulated Quick Start Guides to some small businesses they know to make sure it's hitting the right note. [21:56] Daniel monitors commentary and looks at how the Guide is received out in the world once it's published. In every Quick Start Guide, there is an opportunity for people to contact NIST if they have questions or if there is an error. NIST is always open to feedback. [23:03] In small businesses, Daniel finds the owner or operator is the Chief Risk Officer, the Janitor, the CISO, and the Chief Marketing Officer. Anyone can use the Risk Management Framework. It's a process. [23:25] Federal agencies, contractors to the federal government, and other sources that use or operate a federal information system typically use the suite of NIST Risk Management Standards and Guidelines to develop and implement a risk-based approach. [23:48] A lot of the audience for this Small Enterprise Quick Start Guide might be small universities, small municipalities, or small federal agencies implementing this Risk Management Framework. [24:27] We have time for one more break! The Spencer Educational Foundation's goal is to help build a talent pipeline of risk management and insurance professionals. That is achieved, in part, by a collaboration with risk management and insurance educators across the U.S. and Canada. [24:45] Whether you want to apply for a grant, participate in the Risk Manager on Campus program, or just learn more about Spencer, visit SpencerEd.org. [24:55] On September 12th, 2024, we look forward to seeing you at the Spencer Funding Their Future Gala at The Cipriani 42nd Street in New York City. Our recent guest from Episode 293, Lilian Vanvieldt-Gray, will be our honoree. [25:11] Lilian is the Executive Vice President and Chief Diversity, Equity, and Inclusion Officer at Alliant Insurance Services and she will be honored for her valuable contributions to supporting the future of risk management and insurance. [25:28] That was a great episode, so after you finish this one, please go back and listen to Episode 293. [25:34] Let's conclude our interview with Daniel Eliot of NIST. [26:10] Daniel introduces the U.S. AI Safety Institute, housed within NIST. It's tasked with advancing the science, practice, and adoption of AI safety across the spectrum of risks, including those to national security, public safety, and individual rights. [26:39] The efforts of the U.S. AI Safety Institute initially focused on the priorities assigned to NIST under President Biden's Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. [26:51] On July 26th, 2024, they released resources for a variety of aspects of AI technology. Two are new to the public. The first is an initial public draft of a guidance document intended to help software developers mitigate the risks of generative AI and dual-use foundation models. [27:19] The other is a testing platform intended to help AI system users and developers measure how certain types of attacks can degrade the performance of an AI system. These are two opportunities for the public to provide comments on these publications and tools. [27:49] There is a link to the call for comments in this episode's show notes. [28:03] At NIST, foundational publications go out for public comment. NIST wants to hear from U.S. citizens and people all over the world to get their perspectives on NIST's approach to what they're addressing. This is a community effort. Comment periods are important. [28:37] From Daniel's perspective of small business, he seeks the comments of small businesses on these publications. Authors need to hear from organizations, large and small. [28:53] These two new publications are open for public comment. [28:59] three releases are final publications. One is The AI Risk Management Framework Generative AI Profile, which helps organizations identify unique risks posed by generative AI. It includes actions for generative AI risk management. [29:34] A second publication is the Secure Software Development Practices for Generative AI and Dual Use Foundation Models. It addresses concerns about Generative AI systems being compromised with malicious training data that would adversely affect system performance. [30:16] The third publication is A Plan for Global Engagement on AI Standards. It's intended to drive worldwide development and implementation of AI-related consensus standards. Standards require global input from businesses, governments, non-profits, and academia. [30:57] These three final publications have been informed by public comment periods. They're ready to hit the ground running and people can put them into action. [31:15] Daniel is part of the Applied Cybersecurity Division of NIST. The U.S. AI Safety Institute is a different part of NIST. [31:44] Every once in a while, public comments receive spammy messages. [32:23] Daniel says all cybersecurity and privacy risk management comes back to governance and having policies and procedures in place, knowing your contractual and legal responsibilities. Organizations need policies that guide behavior for the appropriate use of AI in their business. [32:59] Individuals in companies have pasted confidential company information into publicly available AI systems. That creates a vulnerability. Have a policy around the use of these tools. [33:31] Criminals have used AI to upgrade phishing scams, reduce grammatical errors, and craft more convincing appeals. [35:00] NIST is raising awareness of different ways of identifying phishing attacks besides looking for grammatical errors, such as looking at the links and the calls to action and other factors that show it is a phishing scam. AI is contributing to their increasing sophistication. [35:43] Daniel shares his tip for new risk professionals. Familiarize yourselves with the suite of resources that NIST has available for cybersecurity and privacy risk management. They have a broad variety of risk management frameworks and resources, like the Quick Start Guide. [36:42] There are online courses, extensive FAQs with answers, and archived talks from SMEs. Take advantage of these resources. Also, let NIST know what other resources might be helpful to you. The core of NIST guidance for any framework is good governance. [37:21] Understand your mission and requirements. Create and maintain policies for good behavior. Understand your supply chain dependencies and vulnerabilities. Good governance sets your organization up for success when implementing and monitoring risk-mitigating controls. [37:56] NIST offers consistent, clear, concise, and actionable resources to small businesses. Since 2018, they have maintained a website, NIST Small Business Cybersecurity Corner, with over 70 resources on the site, all tailored to small businesses. The Quick Start Guides are there. [38:32] The resources include short videos, tip sheets, case studies, and guidance organized by both topic and industry. All the resources are free and produced by federal agencies, such as NIST, FBI, CISA, as well as nonprofit organizations. It's a one-stop shop for this information. [39:04] The resources are regularly updated and expanded to keep the content fresh and relevant. The resource library has the Cybersecurity Basics Section, with eight basic steps businesses can inexpensively implement to reduce cybersecurity risks. [39:28] The Cybersecurity Framework Page highlights the CSF and small business resources related to the CSF. There is topical guidance on Multi-Factor Authentication, Ransomware, Phishing, Government Contracting Requirements, and Choosing a Vendor or Service Provider. [39:53] All the resources are available at NIST.gov/ITL/SmallBusinessCyber. The link is in this episode's show notes. The resources are there for you to use in your organization. [40:30] Justin says, “It has been such a pleasure to reconnect with you here on RIMScast! I always love it when you post on LinkedIn! I think you're great! You're keeping me informed. Happy National Cybersecurity Awareness Month to you!” [40:55] With developments in tech and AI, cybersecurity has taken a back seat, but Justin says it will come back pretty hard. Justin feels it will be sooner than four-and-a-half years for Daniel to return to RIMScast. [41:23] Whatever new technology comes out, cybercriminals are looking at it to see how they can exploit it. There will always be a cybersecurity component to it. [42:05] Daniel Eliot, thank you so much for rejoining us here on RIMScast! [42:10] Special thanks again to Daniel Eliot of NIST for rejoining us here on RIMScast. Lots of links are in this episode's show notes to aid small enterprise owners and risk professionals. [42:25] These resources are publicly available and complimentary, so by all means, use them and leverage them to ensure your organization's cyber resilience. I've got lots of links in this episode's show notes for more cybersecurity coverage from RIMS, as well. [42:44] It's RIMS plug time! The RIMS App is available to RIMS members exclusively. Go to the App Store and download the RIMS App with all sorts of RIMS resources and coverage. It's different from the RIMS Events App. Everyone loves the RIMS App! [43:18] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [44:02] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [44:20] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [44:36] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [44:58] Thank you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: DFW RIMS 2024 Fall Conference and Spa Event | Sept 19‒20 Chicagoland Risk Forum 2024 — Presented by RIMS Chicago Chapter — Sept. 19, 2024 RIMS Western Regional — Sept 29‒Oct 1, Oregon | Registration is open! RIMS Canada Conference 2024 — Oct. 6‒9 | Registration is open! Spencer Educational Foundation — Funding Their Future Gala 2024 | Sept. 12, 2024 RIMS ERM Conference 2024 will be in Boston, MA Nov. 18‒19 | Register Now RIMS ERM Award of Distinction — Nominations Open Through Aug. 30, 2024! RISKWORLD 2025 will be in Chicago! May 4‒7 Education Content Submissions for RISKWORLD 2025 NIST Risk Management Framework Small Enterprise Quick Start GuideCybersecurity Framework 2.0 Small Business Quick Start Guide NIST Small Business Cybersecurity Corner U.S. Artificial Intelligence Safety Institute New Guidance and Tools to mitigate AI Risks Managing Misuse Risk for Dual-Use Foundation Models Testing How AI System Models Respond to Attacks Users can send feedback to: dioptra@nist.gov RIMS DEI Council RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS Strategic & Enterprise Risk Center NEW FOR MEMBERS! RIMS Mobile App   RIMS Webinars: How to Successfully Deploy AI in Risk Management | Sponsored by Riskonnect | Aug. 27, 2024 Role of Insurance in Building Resilience Against an Active Assailant Attack | Sponsored by Merrill Herzog | Sept. 5, 2024 HUB Ready for Tomorrow Series: Pivot and Swerve — Staying Agile During Shifting Market Dynamics | Sept. 12, 2024 Leveraging Integrated Risk Management For Strategic Advantage | Sponsored by Origami Risk | Sept. 19, 2024 RIMS.org/Webinars   Upcoming Virtual Workshops: Leveraging Data and Analytics for Continuous Risk Management (Part I) 2024 — Aug 15 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes: “Daniel Eliot's 2020 RIMScast Debut: Cybersecurity Tips for Small Businesses” “300th Episode Spectacular with RIMS CEO Gary LaBranche” “Mid-Year Risk Update with Morgan O'Rourke and Hilary Tuttle” “Emerging Cyber Trends with Davis Hake” “Cybersecurity Awareness Month with Pamela Hans of Anderson Kill”   Sponsored RIMScast Episodes: “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL (New!) “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company (New!) “Partnering Against Cyberrisk” | Sponsored by AXA XL (New!) “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response “Cyberrisk Outlook 2023” | Sponsored by Alliant “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interviews featuring RIMS Risk Management Honor Roll Inductee Mrunal Pandit!   RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guests: Daniel Eliot, Lead for Small Business Engagement Small Business Cybersecurity CornerApplied Cybersecurity DivisionNational Institute of Standards and Technology U.S. Department of Commerce Linda Regner Dykeman, HUB International, Chief Marketing Officer for Canada   Tweetables (Edited For Social Media Use): I'm happy to be back at NIST, supporting the small business community. — Daniel Eliot   The industry has been able to produce some very strong profits over the last few years, after many years of unprofitability driven by weather events in the property line. — Linda Regner Dykeman   Follow the seven steps of the framework in order and repeat them in a cycle. Keep going through it. Every organization regularly changes. Technologies change. People change. That's why it has to be repeatable and flexible. — Daniel Eliot   There are phrases and terms associated with the Risk Management Framework that some people who are new to this might not understand. — Daniel Eliot   When talking about small businesses, the owner or operator is the Chief Risk Officer, the Janitor, the CISO, and the Chief Marketing Officer. — Daniel Eliot   An AI system is only as good as the information that's put into it. — Daniel Eliot    

On this special episode, the CSIS Wadhwani Center for AI and Advanced Technologies is pleased to host Elizabeth Kelly, Director of the United States Artificial Intelligence Safety Institute at the National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce. The U.S. AI Safety Institute (AISI) was announced by Vice President Kamala Harris at the UK AI Safety Summit in November 2023. The institute was established to advance the science, practice, and adoption of AI safety in the face of risks including those to national security, public safety, and individual rights. Director Kelly will discuss the U.S. AISI's recently released Strategic Vision, its activities under President Biden's AI Executive Order, and its approach to the AISI global network announced at the AI Seoul Summit. 

Dr. Samantha Maragh is Leader of the Genome Editing Program and Co-Leader of the Biomarker and Genomic Sciences Group at the U.S. National Institute of Standards and Technology (NIST). She also represents the U.S. as a technical expert on nucleic acid measurements for the International Standards Organization (ISO) Technical Committee on Biotechnology (ISO TC 276). Scientists at NIST work to develop controls and standards to make sure that measurements, tools, and all of the systems that rely on them are correct. Samantha's work focuses particularly on genome editing, which has a variety of applications, including new treatments for diseases, agriculture, and more. When she's not working, Samantha loves cooking and enjoying food, especially seafood. For her, cooking is like science, but even more flexible and creative. Some of her other favorite pastimes include singing at her church on Sundays and playing puzzle games like Best Fiends. Samantha received her B.S. degree in Biology with a specialization in Cellular & Molecular Biology and a minor in chemistry from Loyola University. She went on to get her M.S. degree in Biotechnology: Molecular Targets & Drug Discovery from Johns Hopkins University and her Ph.D. in Human Genetics & Molecular Biology from Johns Hopkins School of Medicine. In 2019, Samantha received the Outstanding Young Scientist Award from The State of Maryland, The Maryland Academy of Sciences, and the Maryland Science Center. She was also selected as the recipient of the George A. Uriano Award in 2021 for her success in building the NIST Genome Editing Consortium as a public-private partnership. In 2022 she received the Measurement Science Excellence Award from the NIST Material Measurement Laboratory for leading the development of the first international standard for the field of genome editing published in 2021 and deploying the first inter-laboratory study for the genome editing field. In this interview, she talks more about her life and science.

In today's episode of the Daily Scoop Podcast, we delve into the ongoing impacts of the CrowdStrike IT failure. Last week's outage has left several federal agencies scrambling to restore services. At the U.S. Citizenship and Immigration Services, over 5,000 workstations were affected, though the agency's primary systems remain operational. The Organ Procurement and Transplantation Network also experienced disruptions but resolved issues within an hour. Further impacts were reported at the U.S. Patent and Trademark Office and the Department of Energy's Lawrence Berkeley National Lab. In legislative responses, House Homeland Security Committee Chairman Mark Green and Rep. Andrew Garbarino have requested CrowdStrike's CEO to testify regarding the outage's effects on federal operations. Additionally, the National Institute of Standards and Technology (NIST) is spearheading a new initiative to integrate artificial intelligence into manufacturing to enhance resilience. NIST plans to invest up to $70 million over five years in a new institute under Manufacturing USA, aiming to advance technology development, workforce education, and shared infrastructure. Wrapping up the episode, we revisit a panel discussion from the recent event, AWS Innovate Day, featuring Charles Worthington and Vinay Singh, the first chief AI officers at the Department of Veterans Affairs and the Department of Housing and Urban Development, respectively. They shared insights on the adoption of generative AI within federal agencies, emphasizing governance, risk management, and transparency. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

Controlled Unclassified Information (CUI) implementation and oversight is barreling toward government agencies and contractors alike. CUI aims to help companies better protect the numerous information that may be sensitive, but not classified. Victoria Pillitteri, manager of the security engineering and risk management group at the National Institute of Standards and Technology (NIST) joins the show to discuss CUI and new implementation guidance offered by NIST. Hosted on Acast. See acast.com/privacy for more information.

Send us a Text Message.Standard reference materials — or SRMs — at the National Institute of Standards and Technology (NIST) serve as standards for many food, beverage, health, industrial and other products. There are over a thousand SRMs including peanut butter, house dust, dry cat food, soy milk, blueberries, stainless steel, fertilizer, and a DNA profiling standard. SRMs help make products safer and ensure that consumers are getting what they think they're getting. But how do they work exactly?In this episode of Tiny Matters, Sam and Deboki cover SRMs that are helping us accurately detect toxic substances like lead and pesticides in our house dust, fight seafood fraud, and keep PFAS out of our meat. Sam also travels to the NIST headquarters outside of Washington, DC to get a behind the scenes tour of how SRMs are made. She even gets a chance to snoop around the warehouse where SRMs are stored.Email us your science stories/factoids/news that you want to share at tinymatters@acs.org for a chance to be featured on Tiny Show and Tell Us!Tiny Matters has a YouTube channel! Full-length audio episodes can be found here. And to see video of Sam, Deboki, and episode guests, check out Tiny Matters YouTube shorts here. A video showing 'beef snow' and a bunch of other SRMs is here.Links to the Tiny Show & Tell stories are here and here. Pick up a Tiny Matters mug here! All Tiny Matters transcripts are available here.

This week, The Buzz presents a session from ACT-IAC's 2024 Emerging Technology and Innovation Conference. The National Institute of Standards and Technology (NIST) is responsible for developing and issuing guidance around the standards and measurements we use in all kinds of technological development in the US. In the modern era, this includes Artificial Intelligence. Since the release of the AI Executive Order in October 2023, NIST has issued four draft publications intended to help improve the safety, security and trustworthiness of AI systems. In this fireside chat, Raymond Holder, VP for Digital Growth at Maximus Federal, talks more about this work with Dr. Charles Romine, Associate Director for Laboratory Programs at NIST. Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.Learn more about membership at https://www.actiac.org/join.Donate to ACT-IAC at https://actiac.org/donate.Intro/Outro Music: Focal Point/Young CommunityCourtesy of Epidemic Sound

The National Institute of Standards and Technology (NIST) has taken steps to accelerate the processing of software and hardware vulnerabilities in the National Vulnerability Database by awarding a new contract to an outside vendor. This move aims to clear the backlog of unanalyzed vulnerabilities by the end of the fiscal year, demonstrating a commitment to cybersecurity.However, amidst this positive development, the closure of the Affordable Connectivity Program (ACP) poses a threat to internet access for nearly 60 million low-income Americans. The lack of funding has led to the discontinuation of the program, leaving many households in financial distress. Efforts to extend the program through bipartisan legislation have stalled, highlighting the importance of government support in ensuring equitable access to essential services.On the cybersecurity front, the dismantling of the 911 S5 proxy botnet, the world's largest, and the arrest of its administrator in Singapore, Yun-Hee Wang, showcases international efforts to combat cybercrime. The botnet, which conducted various illicit activities, underscores the ongoing challenges in cybersecurity and the need for robust measures to protect against such threats.Furthermore, the episode delves into the gender disparity in the cybersecurity workforce, with only 20-25% being female. Factors contributing to this gap include unconscious bias and a lack of female role models. The discussion emphasizes the importance of addressing these issues through strategies such as unconscious bias training, diversifying recruitment efforts, and providing support for women in cybersecurity roles to foster a more inclusive and diverse industry. Four things to know today00:00 NIST Accelerates Vulnerability Processing as ACP Closure Threatens Internet Access for Millions02:28 Live Nation Breach Highlights Growing Cybersecurity Concerns as 83% of Firms Plan Budget Increases04:11 Open Formats Transform Data Industry: Snowflake, Databricks, and the Future of Cloud Services05:26 CompTIA Data Highlights Cybersecurity Gender Disparity: Strategies for Recruitment and Retention Supported by:  https://coreview.com/msp/ All our Sponsors:   https://businessof.tech/sponsors/  Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

Join CJ Dietzman and Howard Miller, Alliant Cyber, as they welcome Ronald Ross, National Institute of Standards and Technology (NIST), to discuss the pivotal role of building cyber resilience within your organization. Learn what the future holds for NIST and the evolving threat landscape, as well as how NIST empowers businesses to strengthen their cyber defenses.

The National Institute of Standards and Technology (NIST) has recently launched the GenAI program with the goal of establishing benchmarks for generative AI technologies. This initiative is crucial for enhancing transparency in the AI field and ensuring the safe and reliable use of these technologies. The program will focus on evaluating generative AI technologies, releasing benchmarks, developing deepfake detection systems, and promoting the creation of software to identify the source of AI-generated information.In the podcast episode, it was highlighted that Microsoft, Google, and Amazon all experienced significant revenue growth in the first quarter of the year. Microsoft reported a 17% revenue growth, attributed to the momentum from CoPilot, its AI-powered chatbot. The growth rate remained steady compared to the previous quarter. Additionally, revenue from Activision, which Microsoft acquired in October, contributed to the overall growth. Azure Cloud Computing Service saw a 21% revenue growth, potentially boosted by new AI-powered services. Three things to know today00:00 NIST Launches GenAI Program to Set Benchmarks for Generative AI and Enhance Transparency03:50 White House Updates Critical Infrastructure Oversight with National Security Memorandum-2206:35 Microsoft, Google, and Amazon Leverage AI and Cloud for Substantial Q1 Revenue Growth  Supported by:  https://coreview.com/msp/https://skykick.com/mspradio/   All our Sponsors:   https://businessof.tech/sponsors/   Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

Organizations are currently facing a critical challenge in preparing for AI integration, as discussed in the podcast episode. A study has revealed that a staggering 92% of Windows machines in large organizations lack the necessary capabilities to effectively handle modern AI applications. This deficiency in AI readiness presents a significant obstacle for organizations seeking to leverage AI technologies to enhance their operations and maintain competitiveness in the digital landscape. There is a significant push for increased funding for the National Institute of Standards and Technology (NIST) to enhance AI safety oversight. Over 80 organizations, including leading AI companies, universities, and civil society groups such as Amazon, OpenAI, the ACLU, and MIT, are urging Congress to prioritize NIST's funding request of $47.7 million. This call for additional funding comes in response to years of funding challenges that have left NIST with limited resources and facilities, potentially jeopardizing its ability to oversee advanced AI systems effectively. Four things to know today00:00 As New Models Emerge, New Study Reveals 92% of Windows Machines in Large Organizations Are Not AI-Ready04:51 AI Leaders and Academics Push for Increased NIST Funding to Enhance AI Safety Oversight 07:10 Produce8 Introduces Advanced Work Analytics to Boost Efficiency in MSP Operations08:31 Google Partners with National Guard to Enhance Disaster Response with AI Technology Supported by:  https://atakama.com/mspradio/https://coreview.com/msp/   All our Sponsors:   https://businessof.tech/   Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Paul Christiano named as US AI Safety Institute Head of AI Safety, published by Joel Burget on April 16, 2024 on LessWrong. U.S. Secretary of Commerce Gina Raimondo announced today additional members of the executive leadership team of the U.S. AI Safety Institute (AISI), which is housed at the National Institute of Standards and Technology (NIST). Raimondo named Paul Christiano as Head of AI Safety, Adam Russell as Chief Vision Officer, Mara Campbell as Acting Chief Operating Officer and Chief of Staff, Rob Reich as Senior Advisor, and Mark Latonero as Head of International Engagement. They will join AISI Director Elizabeth Kelly and Chief Technology Officer Elham Tabassi, who were announced in February. The AISI was established within NIST at the direction of President Biden, including to support the responsibilities assigned to the Department of Commerce under the President's landmark Executive Order. Paul Christiano, Head of AI Safety, will design and conduct tests of frontier AI models, focusing on model evaluations for capabilities of national security concern. Christiano will also contribute guidance on conducting these evaluations, as well as on the implementation of risk mitigations to enhance frontier model safety and security. Christiano founded the Alignment Research Center, a non-profit research organization that seeks to align future machine learning systems with human interests by furthering theoretical research. He also launched a leading initiative to conduct third-party evaluations of frontier models, now housed at Model Evaluation and Threat Research (METR). He previously ran the language model alignment team at OpenAI, where he pioneered work on reinforcement learning from human feedback (RLHF), a foundational technical AI safety technique. He holds a PhD in computer science from the University of California, Berkeley, and a B.S. in mathematics from the Massachusetts Institute of Technology. Thanks for listening. To help us out with The Nonlinear Library or to learn more, please visit nonlinear.org

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: U.S. Commerce Secretary Gina Raimondo Announces Expansion of U.S. AI Safety Institute Leadership Team [and Paul Christiano update], published by Phib on April 16, 2024 on The Effective Altruism Forum. U.S. Secretary of Commerce Gina Raimondo announced today additional members of the executive leadership team of the U.S. AI Safety Institute (AISI), which is housed at the National Institute of Standards and Technology (NIST). Raimondo named Paul Christiano as Head of AI Safety, Adam Russell as Chief Vision Officer, Mara Campbell as Acting Chief Operating Officer and Chief of Staff, Rob Reich as Senior Advisor, and Mark Latonero as Head of International Engagement. They will join AISI Director Elizabeth Kelly and Chief Technology Officer Elham Tabassi, who were announced in February. The AISI was established within NIST at the direction of President Biden, including to support the responsibilities assigned to the Department of Commerce under the President's landmark Executive Order. ... Paul Christiano, Head of AI Safety, will design and conduct tests of frontier AI models, focusing on model evaluations for capabilities of national security concern. Christiano will also contribute guidance on conducting these evaluations, as well as on the implementation of risk mitigations to enhance frontier model safety and security. Christiano founded the Alignment Research Center, a non-profit research organization that seeks to align future machine learning systems with human interests by furthering theoretical research. He also launched a leading initiative to conduct third-party evaluations of frontier models, now housed at Model Evaluation and Threat Research (METR). He previously ran the language model alignment team at OpenAI, where he pioneered work on reinforcement learning from human feedback (RLHF), a foundational technical AI safety technique. He holds a PhD in computer science from the University of California, Berkeley, and a B.S. in mathematics from the Massachusetts Institute of Technology. Following up from previous news post: https://forum.effectivealtruism.org/posts/9QLJgRMmnD6adzvAE/nist-staffers-revolt-against-expected-appointment-of Thanks for listening. To help us out with The Nonlinear Library or to learn more, please visit nonlinear.org

This AI Matters episode dives deep into the intersection of technology and learning with our special guest, Mike Hruska. With a background in research for the National Institute of Standards and Technology (NIST), Mike brings a wealth of knowledge and experience to the table as a technologist and design thinking practitioner. Listen as Mike shares his perspective on the significant gap between the potential of educational technology and its actual impact on efficacy. Drawing from his expertise, the dialogue explores how this realization led him to delve into the intersection of technology, people performance, and learning. Download/Listen Now!   Missed an episode in the AI Matters series? AI in Action: Meta's Learning Content Management Revolution Navigating the AI Landscape: A Conversation with Vince Han AI Matters: An Exploration Into the World of AI and Workflow Learning Continue to tune in for our upcoming captivating discussions on the future of learning. Upcoming episodes include guests: Markus Bernhardt, Sarah Mercier, Josh Cavalier, Allen Koh, and Kevin Oakes.

The National Institute of Standards and Technology (NIST) has a long list of companies on a special artificial intelligence advisory group called the AI Safety Institute Consortium. Members advise NIST on a variety of matters. And among the latest members: The Human Factors and Ergonomics Society. For details, Federal Drive Host Tom Temin spoke the society's lead on outreach and government relations, President of SA Technologies, Dr. Mica Endsley. Learn more about your ad choices. Visit megaphone.fm/adchoices

The National Institute of Standards and Technology (NIST) has a long list of companies on a special artificial intelligence advisory group called the AI Safety Institute Consortium. Members advise NIST on a variety of matters. And among the latest members: The Human Factors and Ergonomics Society. For details, Federal Drive Host Tom Temin spoke the society's lead on outreach and government relations, President of SA Technologies, Dr. Mica Endsley. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The National Institute of Standards and Technology (NIST) seeks comments on the Draft Interagency Guidance Framework for Considering the Exercise of March-In Rights, which sets out the factors that an agency may consider when deciding whether to exercise Bayh-Dole march-in rights. The information received will inform NIST and the Interagency Working Group for Bayh-Dole (IAWGBD) […]

The National Institute of Standards and Technology (NIST) seeks comments on the Draft Interagency Guidance Framework for Considering the Exercise of March-In Rights, which sets out the factors that an agency may consider when deciding whether to exercise Bayh-Dole march-in rights. The information received will inform NIST and the Interagency Working Group for Bayh-Dole (IAWGBD) in developing a final framework document that may be used by a funding agency when making a march-in decision.This panel seeks to answer what the new framework is while also debating the pros and cons. This FedSoc Forum aims for participants to have a better understanding of this proposed policy change, be able to assess the impact should it be enacted, and be motivated to actively engage in the ongoing debate.

The National Institute of Standards and Technology (NIST) recently published a draft guidance framework for considering the exercise of march-in rights. Under the Bayh-Dole Act, government agencies can “march in” on patents resulting from government-funded research if the patent licensee is not sufficiently developing the patented invention, based on the consideration of various factors. The guidance would add price as one such factor. In this episode of Connected with Latham, partners Chris Schott and Reba Rabenstein and associate Danny Machado discuss the implications of using drug pricing as a factor in exercising march-in rights, the feasibility of the examples featured in the draft guidance, and what the draft guidance means in light of the 2024 election cycle.   This podcast is provided as a service of Latham & Watkins LLP. Listening to this podcast does not create an attorney client relationship between you and Latham & Watkins LLP, and you should not send confidential information to Latham & Watkins LLP. While we make every effort to assure that the content of this podcast is accurate, comprehensive, and current, we do not warrant or guarantee any of those things and you may not rely on this podcast as a substitute for legal research and/or consulting a qualified attorney. Listening to this podcast is not a substitute for engaging a lawyer to advise on your individual needs. Should you require legal advice on the issues covered in this podcast, please consult a qualified attorney. Under New York's Code of Professional Responsibility, portions of this communication contain attorney advertising. Prior results do not guarantee a similar outcome. Results depend upon a variety of factors unique to each representation. Please direct all inquiries regarding the conduct of Latham and Watkins attorneys under New York's Disciplinary Rules to Latham & Watkins LLP, 1271 Avenue of the Americas, New York, NY 10020, Phone: 1.212.906.1200

Returning from winter break, this episode of the Cyberlaw Podcast covers a lot of ground. The story I think we'll hear the most about in 2024 is the remarkable exploit used to compromise several generations of Apple iPhone. The question I think we'll be asking for the next year is simple: How could an attack like this be introduced without Apple's knowledge and support? We don't get to this question until near the end of the episode, and I don't claim great expertise in exploit design, but it's very hard to see how such an elaborate compromise could be slipped past Apple's security team. The second question is which government created the exploit. It might be a scandal if it were done by the U.S. But it would be far more of a scandal if done by any other nation.  Jeffery Atik and I lead off the episode by covering recent AI legal developments that simply underscore the obvious: AI engines can't get patents as “inventors.” But it's quite possible that they'll make a whole lot of technology “obvious” and thus unpatentable. Paul Stephan joins us to note that National Institute of Standards and Technology (NIST) has come up with some good questions about standards for AI safety. Jeffery notes that U.S. lawmakers have finally woken up to the EU's misuse of tech regulation to protect the continent's failing tech sector. Even the continent's tech sector seems unhappy with the EU's AI Act, which was rushed to market in order to beat the competition and is therefore flawed and likely to yield unintended and disastrous consequences.  A problem that inspires this week's Cybertoonz. Paul covers a lawsuit blaming AI for the wrongful denial of medical insurance claims. As he points out, insurers have been able to wrongfully deny claims for decades without needing AI. Justin Sherman and I dig deep into a NYTimes article claiming to have found a privacy problem in AI. We conclude that AI may have a privacy problem, but extracting a few email addresses from ChatGPT doesn't prove the case.  Finally, Jeffery notes an SEC “sweep” examining the industry's AI use. Paul explains the competition law issues raised by app stores – and the peculiar outcome of litigation against Apple and Google. Apple skated in a case tried before a judge, but Google lost before a jury and entered into an expensive settlement with other app makers. Yet it's hard to say that Google's handling of its app store monopoly is more egregiously anticompetitive than Apple's. We do our own research in real time in addressing an FTC complaint against Rite Aid for using facial recognition to identify repeat shoplifters.  The FTC has clearly learned Paul's dictum, “The best time to kick someone is when they're down.” And its complaint shows a lack of care consistent with that posture.  I criticize the FTC for claiming without citation that Rite Aid ignored racial bias in its facial recognition software.  Justin and I dig into the bias data; in my view, if FTC documents could be reviewed for unfair and deceptive marketing, this one would lead to sanctions. The FTC fares a little better in our review of its effort to toughen the internet rules on child privacy, though Paul isn't on board with the whole package. We move from government regulation of Silicon Valley to Silicon Valley regulation of government. Apple has decided that it will now require a judicial order to give government's access to customers' “push notifications.” And, giving the back of its hand to crime victims, Google decides to make geofence warrants impossible by blinding itself to the necessary location data. Finally, Apple decides to regulate India's hacking of opposition politicians and runs into a Bharatiya Janata Party (BJP) buzzsaw.  Paul and Jeffery decode the EU's decision to open a DSA content moderation investigation into X.  We also dig into the welcome failure of an X effort to block California's content moderation law. Justin takes us through the latest developments in Cold War 2.0. China is hacking our ports and utilities with intent to disrupt (as opposed to spy on) them. The U.S. is discovering that derisking our semiconductor supply chain is going to take hard, grinding work. Justin looks at a recent report presenting actual evidence on the question of TikTok's standards for boosting content of interest to the Chinese government.  And in quick takes,  I celebrate the end of the Reign of Mickey Mouse in copyright law Paul explains why Madison Square Garden is still able to ban lawyers who have sued the Garden I note the new short-term FISA 702 extension Paul predicts that the Supreme Court will soon decide whether police can require suspects  to provide police with phone passcodes And Paul and I quickly debate Daphne Keller's amicus brief for Frances Fukuyama in the Supreme Court's content moderation cases Download 486th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Returning from winter break, this episode of the Cyberlaw Podcast covers a lot of ground. The story I think we'll hear the most about in 2024 is the remarkable exploit used to compromise several generations of Apple iPhone. The question I think we'll be asking for the next year is simple: How could an attack like this be introduced without Apple's knowledge and support? We don't get to this question until near the end of the episode, and I don't claim great expertise in exploit design, but it's very hard to see how such an elaborate compromise could be slipped past Apple's security team. The second question is which government created the exploit. It might be a scandal if it were done by the U.S. But it would be far more of a scandal if done by any other nation.  Jeffery Atik and I lead off the episode by covering recent AI legal developments that simply underscore the obvious: AI engines can't get patents as “inventors.” But it's quite possible that they'll make a whole lot of technology “obvious” and thus unpatentable. Paul Stephan joins us to note that National Institute of Standards and Technology (NIST) has come up with some good questions about standards for AI safety. Jeffery notes that U.S. lawmakers have finally woken up to the EU's misuse of tech regulation to protect the continent's failing tech sector. Even the continent's tech sector seems unhappy with the EU's AI Act, which was rushed to market in order to beat the competition and is therefore flawed and likely to yield unintended and disastrous consequences.  A problem that inspires this week's Cybertoonz. Paul covers a lawsuit blaming AI for the wrongful denial of medical insurance claims. As he points out, insurers have been able to wrongfully deny claims for decades without needing AI. Justin Sherman and I dig deep into a NYTimes article claiming to have found a privacy problem in AI. We conclude that AI may have a privacy problem, but extracting a few email addresses from ChatGPT doesn't prove the case.  Finally, Jeffery notes an SEC “sweep” examining the industry's AI use. Paul explains the competition law issues raised by app stores – and the peculiar outcome of litigation against Apple and Google. Apple skated in a case tried before a judge, but Google lost before a jury and entered into an expensive settlement with other app makers. Yet it's hard to say that Google's handling of its app store monopoly is more egregiously anticompetitive than Apple's. We do our own research in real time in addressing an FTC complaint against Rite Aid for using facial recognition to identify repeat shoplifters.  The FTC has clearly learned Paul's dictum, “The best time to kick someone is when they're down.” And its complaint shows a lack of care consistent with that posture.  I criticize the FTC for claiming without citation that Rite Aid ignored racial bias in its facial recognition software.  Justin and I dig into the bias data; in my view, if FTC documents could be reviewed for unfair and deceptive marketing, this one would lead to sanctions. The FTC fares a little better in our review of its effort to toughen the internet rules on child privacy, though Paul isn't on board with the whole package. We move from government regulation of Silicon Valley to Silicon Valley regulation of government. Apple has decided that it will now require a judicial order to give government's access to customers' “push notifications.” And, giving the back of its hand to crime victims, Google decides to make geofence warrants impossible by blinding itself to the necessary location data. Finally, Apple decides to regulate India's hacking of opposition politicians and runs into a Bharatiya Janata Party (BJP) buzzsaw.  Paul and Jeffery decode the EU's decision to open a DSA content moderation investigation into X.  We also dig into the welcome failure of an X effort to block California's content moderation law. Justin takes us through the latest developments in Cold War 2.0. China is hacking our ports and utilities with intent to disrupt (as opposed to spy on) them. The U.S. is discovering that derisking our semiconductor supply chain is going to take hard, grinding work. Justin looks at a recent report presenting actual evidence on the question of TikTok's standards for boosting content of interest to the Chinese government.  And in quick takes,  I celebrate the end of the Reign of Mickey Mouse in copyright law Paul explains why Madison Square Garden is still able to ban lawyers who have sued the Garden I note the new short-term FISA 702 extension Paul predicts that the Supreme Court will soon decide whether police can require suspects  to provide police with phone passcodes And Paul and I quickly debate Daphne Keller's amicus brief for Frances Fukuyama in the Supreme Court's content moderation cases Download 486th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Good Day and welcome to IAQ Radio+ episode 718 this week we welcome Dr. Pawal Wargocki, Dr. Wenjuan Wei and Dr. Corinne Mandin for a discussion about Deep Energy Retrofits and IEQ; A TAIL from Europe. With the large focus on making our building stock less energy intensive what will happen to indoor environmental quality? We talk to a stellar group of academics about how to determine what deep energy retrofits will do to IEQ. Pawel Wargocki is professor at the Technical University of Denmark. He graduated from the Warsaw University of Technology in Poland. He received his Ph.D. from the Technical University of Denmark in 1998, where he has been teaching and performing research ever since. He has more than 25 years of experience in research on human requirements in indoor environments. He is best known for his seminal work demonstrating that poor indoor environmental quality affects the performance of office work and learning. Other work influenced requirements for ventilation and air cleaning. Recent research includes studies on human emissions, sleep quality, the development of IEQ rating schemes, and the performance of green buildings. He has collaborated with leading research institutions, universities, and industrial partners worldwide, such as the National University of Singapore, Jiaotong University in Shanghai, Syracuse Center of Excellence, United Technologies, and Google. He was President and long-standing board member of the International Society of Indoor Air Quality and Climate (ISIAQ), President of the ISIAQ Academy of Fellows (previously Academy of Indoor Air Sciences), Vice President of the Indoor Air 2008 conference, and Chair of ASHRAE committees. He has received several awards for his work, including the Rockwool Award for Young Researchers, ASHRAE Ralph Nevins Award, ISIAQ's Yaglou Award, and the Indoor Air Journal Best Paper Awards. Corinne Mandin earned her PhD in environmental chemistry from the University of Rennes, France. From 2013 to 2022, she coordinated the French Indoor Air Quality Observatory, a research program dedicated to indoor environmental quality created by the French government. In 2022, she joined the French institute for radiation protection and nuclear safety (IRSN) where she leads the epidemiology research group. Her research interests include human exposure to chemical and physical risk factors, both in living spaces and occupational settings, and related health effects. She is the Immediate Past President of the International Society for Indoor Air Quality and Climate (ISIAQ). Dr. Wenjuan Wei is a research scientist at the Scientific and Technical Centre for Building (CSTB, France, since 2018). She received her Ph.D. in Civil Engineering from Tsinghua University (2009-2014). She was a guest researcher at the National Institute of Science and Technology (NIST, USA, 2011-2012), and a post-doctoral researcher at CSTB (2016-2018). During her post-doctoral appointment, she was Marie Skłodowska-Curie Fellow of the European Commission's Marie Skłodowska-Curie Actions and PRESTIGE Fellow of Campus France. Dr. Wei is a specialist in indoor environmental quality (IEQ). She received the Yaglou Award of the ISIAQ Academy in 2022 and is the co-chair of the ISIAQ Scientific and Technical Committee 32 addressing environmental/climate impacts. Her research interests include the emission and transport of (semi) volatile organic compounds (S)VOCs, indoor heat and pollutant exposures, and IEQ index. She has participated in several European and French research projects, such as Horizon-ALDREN and Horizon-PARC. She is co-supervising 2 PhD theses. She has published 43 peer-reviewed journal articles, and her h-index is 22.

Today, we sit down with Dr. Meredith Evans Seeley to discuss environmental contaminants, microplastics, and ocean conservation. As a National Research Council postdoctoral fellow and research biologist at the National Institute of Standards and Technology (NIST), Dr. Seeley is on a mission to better understand “legacy and emerging contaminant pollution” in an effort to help preserve and protect our oceans. Microplastics are among the most unique environmental contaminants to research. With years of experience as a scientist in this field, Dr. Seeley is constantly refining her approach to microplastic chemistry, marine science, plastic analysis methods, and more… Click play now to learn about: Why microplastics are so diverse and difficult to study.  How sublethal stress can impact the health and well-being of aquatic animals.  The ways that scientists can determine how long a piece of plastic has been in the environment.  The best ways to analyze and measure microplastics on a tangible scale. You can learn more about Dr. Seeley and her work here! Episode also available on Apple Podcast: http://apple.co/30PvU9

In this extended interview, Dave Bittner sits down with Natasha Eastman from the Cybersecurity and Infrastructure Security Agency (CISA), Bill Newhouse from the National Institute of Standards and Technology (NIST), and Troy Lange from the National Security Agency (NSA) to discuss their their recent joint advisory on post-quantum readiness and how to prepare for post-quantum cryptography. You can find the joint advisory here: Quantum-Readiness: Migration to Post-Quantum Cryptography Quantum computing: A threat to asymmetric encryption. Learn more about your ad choices. Visit megaphone.fm/adchoices