Market forces clearly aren’t doing the job when it comes to cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA) chief Jen Easterly told an audience of hackers on Friday.

Easterly addressed the crowd at DEF CON 32 in Las Vegas alongside the conference’s founder, Jeff “Dark Tangent” Moss. A recurring theme: The modern software market does not prioritize security enough.

“Market forces aren’t working,” Easterly said.

“The reason we have the cybersecurity industry is because technology vendors have been able to create flawed or defective [products] for decades, right?” Easterly added. “Because it’s been all about incentives, [which] have been speed to market and features, not security.”

Easterly has long insisted CISA does not want to become a regulator and is a “voluntary agency,” meaning it relies on collaborative agreements with tech companies rather than regulations and fines. At DEF CON, Easterly pointed to the success of some voluntary CISA initiatives, such as its (nonbinding) secure by design pledge, though she also called for more accountability from software developers and for customers to start demanding secure software.

Read the rest here.—TM

Business agility is the overarching goal for many an org, and AI could be one of three keys to achieving it. The other two? Automation and low-code development. (Actually, there’s one more: caffeine. But you knew that.)

To discuss the finer points, Amazon Web Services (AWS) is hosting a webinar covering how AI, robotic process automation (RPA), and low-code/no-code platforms on AWS can help enhance efficiency and simplify tasks.

Guest industry leaders from Forrester and leading AWS partners will showcase how you can power your digital transformation with these three keys. Talk about unlocking boosted performance.

All you have to do? Register here.

A giant scan o’ the internet from Censys revealed 18,000 exposed, connected devices “likely to control industrial systems,” according to an August 7 report from the cybersecurity company.

In a deeper discussion with IT Brew, Censys Principal Researcher Emily Austin said the company found 430 internet-connected human-machine interfaces, the displays and interactive components that represent factory functions—94 of which were associated with wastewater and water-system facilities. Half of the water-specific HMIs “could be manipulated without any authentication”—a shocking finding, according to Austin, given the critical nature of the operations.

“It’s just a matter of what controls are available,” Austin said. “What has the operator made available in that control system, to be able to click around or change a value or start something or stop something, or acknowledge an alarm, which you could do remotely from anywhere that you can access the internet?”

Read more here.—BH

Some experts IT Brew has spoken with over the past few months have called for more tech regulation—but Texas Sen. Ted Cruz’s latest intervention in how the government manages AI was probably not what they were referring to.

Critics charge that the senator’s amendment was aimed at undoing protections in President Joe Biden’s October 2023 executive order laying down rules and restrictions on the emerging technology.

Cruz, the committee’s ranking member, proposed a number of amendments to The Future of AI Innovation Act, a bill sponsored by Sen. Maria Cantwell that passed the Senate Commerce Committee on July 31. The legislation establishes the National Institute of Standards and Technology’s AI Safety Institute.

“This Cruz amendment doesn’t just destroy the bill that Cantwell is trying to pass,” Brown University Professor of Data Science Suresh Venkatasubramanian tweeted. “It also guts the AI EO, the OMB guidance and any future action by the federal govt on AI.”

Keep reading here.—EH

Is your data in danger? It’s a spooky thought that’s all too real. According to Rubrik Zero Labs, 94% of IT and security leaders report that their organization experienced a significant cyberattack last year. Uncover the odds of an attack and find recommendations for improving your data risk with Rubrik’s latest white paper.