Daily Tech Digest - March, 02, 2021

Looking For An AI Ethicist? Good Luck

Just like with the hunt for data scientists, the person in charge of driving the AI ethics strategy at a company ideally will have a long list of qualifications. According to Ammanath, who was a Datanami Person to Watch for 2020, an AI ethicist generally should have the following skills and capabilities: An understanding of AI tools and technology; An understanding of the business and the industry and the specific AI ethical traps that exist in them; Good communication skills and the ability to work across organizational boundaries; And regulatory, legal, and policy knowledge. There are additional skills that may be required, such as having experience with the philosophical, psychological, or sociological aspects of ethics; knowing how to structure a business and a team in an ethical manner; and even knowing how to mitigate the environmental impact of using AI. “The point is that you need to have a wide variety of skills,” Ammanath says. “It’s like finding that unicorn…Trying to find that person with credible experience and knowledge in all of these areas is practically impossible.” So where does that leave you? The odds are, unless you’re working at a very large enterprise, you won’t be able to find a person to fit this exact job description.

Building a Next-Generation SOC Starts With Holistic Operations

Today's reimagined SOCs bring together disparate teams to counteract intrusions, providing everyone with a coordinated, holistic, real-time view. This tactic empowers analysts to head things off, "shifting left" in the cyber kill chain to identify the full scope of the attack while it's happening and quickly block it as far upstream as possible (ideally using automated investigation and response). We see this as the only way for SOCs to address new threats in time to avert major business impacts. It's time to empower your SOC with multidomain, central teams. It's more than tools differentiating a reactive SOC from an agile, proactive, successful one. Modernizing security operations requires an operational model that drives cross-technology integration to match the attacker's modus operandi. Empowering your SOC to deploy speedy, effective countermeasures means dangerous attackers will be slowed or deterred, reducing damage to your business and saving valuable time and money. The proper template for a modernized SOC team operates seamlessly across domains with an end-to-end view. Consider your SOC's opposition: Sophisticated bad actors see the entire picture, know where they're going and who they're engaging, and understand how to exploit weaknesses.

Can we explain AI? An Introduction to Explainable Artificial Intelligence.

Why do we need to explain AI? This is a question that has no simple answer to it. Suppose you take the example of my project that I mentioned initially. In that case, the controller might want to understand our trust models. It is hard to believe something we do not understand. We have a problem when we cannot explain the decisions made by an algorithm. In assessing AI’s decisions, it is crucial to assess the factors that led to that decision. We will therefore be able to audit and challenge decisions or work to improve the factors. This is where the importance of xAI, or explainable AI, comes in, which addresses the need to be able to interpret a model of Machine Learning. This is because it is typical for the formulation of problems addressed by ML to be incomplete. Often, forecasting is not enough to address a problem. It is essential to know more than just “what,” but also “why,” “how.” It is not enough to know that a teacher has been poorly classified in one year; it is also essential to know the reason for improvement. Although AI is one of the most important and disruptive technologies of the century, it is subject to bias. Good model accuracy can be a trap.

Why IT Should Have a Separate Training Budget

Large IT organizations can fund their own training departments, complete with their own training directors. Often these individuals have experience in both IT and education -- and they do a great job. But in many other cases, there is no formal IT training function -- only an IT training budget. In these cases, the CIO, project managers and other IT leadership must step in. They identify the core skills that they need and the individuals whom they want to send to these trainings -- and what the training will cost. This strategy of collectively evaluating IT staff, with each manager coming forth with his or her staff training needs, works -- but it’s far from flawless. The major downside is that people who are not skilled in education or training might not make the right training choices -- either in courses or in the people they send. ... Hot projects and keeping systems running are IT priorities, not training. So, if there is a hot project, or a major performance issue with an existing system, training is quickly forgotten. The result is that training that was budgeted gets deferred or isn't used at all. This makes for a very tough fight for the CIO when the next budget review comes around. The CFO will undoubtedly challenge the IT training budget, saying that the budget was underused last year so should be re-funded at that lesser level.

Indian Vaccine Makers, Oxford Lab Reportedly Hacked

The Chinese state-backed hacking group APT10, also known as Stone Panda, has in recent weeks targeted the IT systems of two Indian pharmaceutical makers whose coronavirus vaccines are being used in the country's immunization program, the Reuters news service reports, citing a report from Tokyo, Japan-based cybersecurity firm Cyfirma. That company says that hackers identified gaps and vulnerabilities in the IT infrastructure and supply chain software of the pharmaceutical firm Bharat Biotech and the Serum Institute of India, or SII, one of the largest vaccine makers globally, Reuters reports. Cyfirma says the apparent motivation behind the hackers' efforts was an attempt to exfiltrate intellectual property of the pharmaceutical firms, according to Reuters. SII is making the AstraZeneca vaccine for many countries and will soon start bulk-manufacturing Novavax shots, the news service reports. Cyfirma, SII and Bhara Biotech did not immediately respond to Information Security Media Group's requests for comment. ... Meanwhile, last week, Forbes reported that U.K.-based Oxford University's Division of Structural Biology – known as Strubi - had been hacked, with equipment used to prepare biochemical samples targeted.

Rethinking the artificial intelligence race

The way that AI systems are developed naturally creates doubts about their ability to function in untested environments, namely the requirement of large amounts of data inputs, the necessity that they be nearly perfect, and the effects of the preconceived notions of its creators. First, lack of, or erroneous, data is one of the largest challenges, especially when relying on machine learning techniques. To teach a computer to recognize a bird, it must be fed thousands of pictures to “learn” a bird’s distinguishing features, which naturally limits use in fields with few examples. Additionally, if even a tiny portion of the data is incorrect (as little as 3%), the system may develop incorrect assumptions or suffer drastic decreases in performance. Finally, the system may also recreate assumptions and prejudices—racist, sexist, elitist, or otherwise—from extant data that already contains inherent biases, such as resume archives or police records. These could also be coded in as programmers inadvertently impart their own cognitive biases into the machine learning algorithms they design. This propensity for deep-seated decision-making problems, which may only become evident well after development, will prove problematic to those that want to rely heavily on AI, especially concerning issues of national security.

How Leaders Can Help Their Teams Manage Stress in the New Year

Employees need to take vacations to reset and get their minds off of their work, but modern work policies don’t encourage time off the way they should. Plenty of companies offer generous or even unlimited amounts of vacation time, but workers are reticent to indulge lest they fall behind. The easiest solution to this issue is to simply mandate that workers take the time off they need. To combat the high-stress levels endemic to companies in their industry, game developer Supergiant Games instituted a policy stating that workers must take a minimum of 20 days off annually while still allowing for unlimited time away. A similar policy for your workplace will help employees cool off right when they need to the most. ... Your workers will never be able to achieve stress equilibrium if their boss can’t do it first. Being a great business leader isn’t just about telling people what they need to do; it’s about modeling those behaviors yourself. If you’re preaching stress reduction to your team while clocking in 11 hours a day, no one is going to be able to take your messaging seriously. Stress management starts with you, whether you like it or not.

Google Introduces Low Bitrate Speech Codec For Smoother Communication

Lyra is a novel method for compressing and transmitting voice signals. For this, the researchers applied traditional codec techniques and the latest machine learning methods on models trained on vast amounts of data. Lyra extracts features or distinctive speech attributes (list of numbers representing the speech energy in different frequency bands, called log mel spectrograms) from the input every 40ms and compresses before transmitting. At the receiving end, a generative model converts the features to a speech signal. Lyra’s new and improved ‘natural-sounding’ generative models maintain a low bitrate of codecs to achieve high-quality codecs, generally on par with state-of-art waveform codecs used in streaming platforms. However, one drawback of these generative models is computational complexity. To overcome this, Lyra uses a cheaper variation of WaveRNN, a recurrent generative model. Though it works at a lower rate, it generates multiple parallel signals in different frequencies. These signals are then combined to output a signal at the desired sample rate. Hence, Lyra works on cloud servers and mid-range phones with a processing latency of 90ms.

Cryptomining Botnet Uses Bitcoin Wallet to Avoid Detection

The initial infection starts with the exploitation of remote code execution vulnerabilities in Hadoop Yarn, Elasticsearch (CVE-2015-1427) and ThinkPHP (CVE-2019-9082). The payload delivered causes the vulnerable machine to download and execute a malicious shell script. "In older campaigns, the shell script itself handled the key functions of infection. The stand-alone script disabled security features, killed off competing infections, established persistence, and in some cases, continued infection attempts across networks found within the known host files," the report notes. But the newer instances of the shell script are written with fewer lines of code and use binary payloads for handling more system interactions, such as killing off competition, disabling security features, modifying SSH keys, downloading malware and starting the miners. Researchers note that the operators behind the campaign use cron jobs and rootkits for persistence and updates to distribution, ensuring infected machines will regularly check in and be reinfected with the latest version of the malware. These methods rely on domains and static IP addresses written into crontabs and configurations, and these domains and IP addresses routinely get identified and seized, the researchers say.

Saga Orchestration for Microservices Using the Outbox Pattern

There are two general ways for implementing distributed Sagas—choreography and orchestration. In the choreography approach, one participating service sends a message to the next after it has executed its local transaction. With orchestration, on the other hand, there’s one coordinating service that invokes one participant after the other. Both approaches have their pros and cons. Personally, I prefer the orchestration approach, as it defines one central place that can be queried to obtain the current status of a particular Saga (the orchestrator, or “Saga execution coordinator,” SEC for short). Since it avoids point-to-point communication between participants, (other than the orchestrator), it also allows for the addition of further intermediary steps within the flow, without the need to adjust each participant. Before diving into the implementation of such Saga flow, it’s worth spending some time to think about the transactional semantics that Sagas provide. ... From a service consumer point of view—e.g., a user placing a purchase order with the order service—the system is eventually consistent; i.e., it will take some time until the purchase order is in its correct state, as per the logic of the different participating services.

Quote for the day:

"In any leadership position, the most important aspect of your job will be getting your team to work together." -- Dale Brown

No comments:

Post a Comment