Cyber security initiatives provide immense opportunities for governments to educate, train, create awareness, and promote cyber hygiene among businesses and the general public. Creating and promoting these initiatives are necessary steps governments take to ensure the cyber health of a nation. To ensure users are safe and confident, especially online, the UK government has created initiatives designed to meet the needs of various users such as small charity guide for charity organisations, small business guide for small businesses, get safe online for the general public, and cyber essentials for organisations, among many others. However, ensuring that these initiatives deliver on their objectives can be daunting, especially when reaching out to the whole population. It is, therefore, vital for the government to intensify practical ways of reaching out to users to make sure that they are aware of their obligation to cyber security. This study evaluates sixteen of the UK government's cyber security initiatives and discovers four notable reasons why these initiatives are failing. These reasons are insufficient awareness and training, non-evaluation of initiatives to measure impact, insufficient behavioural change, and limited coverage to reach intended targets. The recommendation based on these findings is to promote these initiatives both nationally and at community levels.
相關內容
網(wang)(wang)絡(luo)(luo)安全(quan)(quan)(quan)從其本(ben)質上來講(jiang)就(jiu)是(shi)(shi)網(wang)(wang)絡(luo)(luo)上的(de)信(xin)息安全(quan)(quan)(quan)。從廣義來說,凡是(shi)(shi)涉及到網(wang)(wang)絡(luo)(luo)上信(xin)息的(de)保密(mi)性(xing)、完整(zheng)性(xing)、可用性(xing)、真實性(xing)和可控性(xing)的(de)相(xiang)關技(ji)(ji)術(shu)(shu)(shu)和理(li)論(lun)都(dou)是(shi)(shi)網(wang)(wang)絡(luo)(luo)安全(quan)(quan)(quan)的(de)研究(jiu)領(ling)域。網(wang)(wang)絡(luo)(luo)安全(quan)(quan)(quan)是(shi)(shi)一門涉及計算機科學、網(wang)(wang)絡(luo)(luo)技(ji)(ji)術(shu)(shu)(shu)、通信(xin)技(ji)(ji)術(shu)(shu)(shu)、密(mi)碼(ma)技(ji)(ji)術(shu)(shu)(shu)、信(xin)息安全(quan)(quan)(quan)技(ji)(ji)術(shu)(shu)(shu)、應用數(shu)學、數(shu)論(lun)、信(xin)息論(lun)等多種學科的(de)綜合性(xing)學科。
The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase the susceptibility to cyberattacks, potentially leading to blackouts and physical damage. Understanding the involved risks, the interplay of communication and physical assets, and the effects of cyberattacks are paramount for the uninterrupted operation of this critical infrastructure. However, as the impact of cyberattacks cannot be researched in real-world power grids, current efforts tend to focus on analyzing isolated aspects at small scales, often covering only either physical or communication assets. To fill this gap, we present WATTSON, a comprehensive research environment that facilitates reproducing, implementing, and analyzing cyberattacks against power grids and, in particular, their impact on both communication and physical processes. We validate WATTSON's accuracy against a physical testbed and show its scalability to realistic power grid sizes. We then perform authentic cyberattacks, such as Industroyer, within the environment and study their impact on the power grid's energy and communication side. Besides known vulnerabilities, our results reveal the ripple effects of susceptible communication on complex cyber-physical processes and thus lay the foundation for effective countermeasures.
The ever increasing push towards reliance upon computerised technology in commercial, general, and military aerospace brings with it an increasing amount of potential cyber hazards and attacks. Consequently, the variety of attack vectors is greater than ever. Recognized Good Practice standards such as DO 326A and ED 202A attempt to address this by providing guidelines for cyber security on in-service aircraft, though implementation work for such initiatives is still in early stages. From previous work on in service aircraft, the authors have determined that one of the key challenges is that of the retrospective application of new regulations to existing designs. This can present significant requirements for time, money, and Suitably Qualified and Experienced Personnel resource, things which are often in already limited supply in military environments. The authors have previously explored efficient ways of approaching compliance, with promising results. There is still the need to consider this retroactivity challenge in tandem with other key factors affecting the application of CSA, in order to determine any more potential mitigating actions that could lower the barrier to effective and efficient implementation of secure approaches in the air domain. This work explores the interrelated challenges surrounding real-world applications of CSA and the beginnings of how these may be overcome.
Technological advances in the telecommunications industry have brought significant advantages in the management and performance of communication networks. The railway industry is among the ones that have benefited the most. These interconnected systems, however, have a wide area exposed to cyberattacks. This survey examines the cybersecurity aspects of railway systems by considering the standards, guidelines, frameworks, and technologies used in the industry to assess and mitigate cybersecurity risks, particularly regarding the relationship between safety and security. To do so, we dedicate specific attention to signaling, which fundamental reliance on computer and communication technologies allows us to explore better the multifaceted nature of the security of modern hyperconnected railway systems. With this in mind, we then move on to analyzing the approaches and tools that practitioners can use to facilitate the cyber security process. In detail, we present a view on cyber ranges as an enabling technology to model and emulate computer networks and attack-defense scenarios, study vulnerabilities' impact, and finally devise countermeasures. We also discuss several possible use cases strongly connected to the railway industry reality.
In the face of increasingly severe privacy threats in the era of data and AI, the US Census Bureau has recently adopted differential privacy, the de facto standard of privacy protection for the 2020 Census release. Enforcing differential privacy involves adding carefully calibrated random noise to sensitive demographic information prior to its release. This change has the potential to impact policy decisions like political redistricting and other high-stakes practices, partly because tremendous federal funds and resources are allocated according to datasets (like Census data) released by the US government. One under-explored yet important application of such data is the redrawing of school attendance boundaries to foster less demographically segregated schools. In this study, we ask: how differential privacy might impact diversity-promoting boundaries in terms of resulting levels of segregation, student travel times, and school switching requirements? Simulating alternative boundaries using differentially-private student counts across 67 Georgia districts, we find that increasing data privacy requirements decreases the extent to which alternative boundaries might reduce segregation and foster more diverse and integrated schools, largely by reducing the number of students who would switch schools under boundary changes. Impacts on travel times are minimal. These findings point to a privacy-diversity tradeoff local educational policymakers may face in forthcoming years, particularly as computational methods are increasingly poised to facilitate attendance boundary redrawings in the pursuit of less segregated schools.
Socially assistive robots are increasingly being explored to improve the engagement of older adults and people with disability in health and well-being-related exercises. However, even if people have various physical conditions, most prior work on social robot exercise coaching systems has utilized generic, predefined feedback. The deployment of these systems still remains a challenge. In this paper, we present our work of iteratively engaging therapists and post-stroke survivors to design, develop, and evaluate a social robot exercise coaching system for personalized rehabilitation. Through interviews with therapists, we designed how this system interacts with the user and then developed an interactive social robot exercise coaching system. This system integrates a neural network model with a rule-based model to automatically monitor and assess patients' rehabilitation exercises and can be tuned with individual patient's data to generate real-time, personalized corrective feedback for improvement. With the dataset of rehabilitation exercises from 15 post-stroke survivors, we demonstrated our system significantly improves its performance to assess patients' exercises while tuning with held-out patient's data. In addition, our real-world evaluation study showed that our system can adapt to new participants and achieved 0.81 average performance to assess their exercises, which is comparable to the experts' agreement level. We further discuss the potential benefits and limitations of our system in practice.
Concept-based interpretability methods aim to explain deep neural network model predictions using a predefined set of semantic concepts. These methods evaluate a trained model on a new, "probe" dataset and correlate model predictions with the visual concepts labeled in that dataset. Despite their popularity, they suffer from limitations that are not well-understood and articulated by the literature. In this work, we analyze three commonly overlooked factors in concept-based explanations. First, the choice of the probe dataset has a profound impact on the generated explanations. Our analysis reveals that different probe datasets may lead to very different explanations, and suggests that the explanations are not generalizable outside the probe dataset. Second, we find that concepts in the probe dataset are often less salient and harder to learn than the classes they claim to explain, calling into question the correctness of the explanations. We argue that only visually salient concepts should be used in concept-based explanations. Finally, while existing methods use hundreds or even thousands of concepts, our human studies reveal a much stricter upper bound of 32 concepts or less, beyond which the explanations are much less practically useful. We make suggestions for future development and analysis of concept-based interpretability methods. Code for our analysis and user interface can be found at \url{//github.com/princetonvisualai/OverlookedFactors}
A number of leading AI companies, including OpenAI, Google DeepMind, and Anthropic, have the stated goal of building artificial general intelligence (AGI) - AI systems that achieve or exceed human performance across a wide range of cognitive tasks. In pursuing this goal, they may develop and deploy AI systems that pose particularly significant risks. While they have already taken some measures to mitigate these risks, best practices have not yet emerged. To support the identification of best practices, we sent a survey to 92 leading experts from AGI labs, academia, and civil society and received 51 responses. Participants were asked how much they agreed with 50 statements about what AGI labs should do. Our main finding is that participants, on average, agreed with all of them. Many statements received extremely high levels of agreement. For example, 98% of respondents somewhat or strongly agreed that AGI labs should conduct pre-deployment risk assessments, dangerous capabilities evaluations, third-party model audits, safety restrictions on model usage, and red teaming. Ultimately, our list of statements may serve as a helpful foundation for efforts to develop best practices, standards, and regulations for AGI labs.
Decision-making algorithms are being used in important decisions, such as who should be enrolled in health care programs and be hired. Even though these systems are currently deployed in high-stakes scenarios, many of them cannot explain their decisions. This limitation has prompted the Explainable Artificial Intelligence (XAI) initiative, which aims to make algorithms explainable to comply with legal requirements, promote trust, and maintain accountability. This paper questions whether and to what extent explainability can help solve the responsibility issues posed by autonomous AI systems. We suggest that XAI systems that provide post-hoc explanations could be seen as blameworthy agents, obscuring the responsibility of developers in the decision-making process. Furthermore, we argue that XAI could result in incorrect attributions of responsibility to vulnerable stakeholders, such as those who are subjected to algorithmic decisions (i.e., patients), due to a misguided perception that they have control over explainable algorithms. This conflict between explainability and accountability can be exacerbated if designers choose to use algorithms and patients as moral and legal scapegoats. We conclude with a set of recommendations for how to approach this tension in the socio-technical process of algorithmic decision-making and a defense of hard regulation to prevent designers from escaping responsibility.
Recent years have witnessed significant advances in technologies and services in modern network applications, including smart grid management, wireless communication, cybersecurity as well as multi-agent autonomous systems. Considering the heterogeneous nature of networked entities, emerging network applications call for game-theoretic models and learning-based approaches in order to create distributed network intelligence that responds to uncertainties and disruptions in a dynamic or an adversarial environment. This paper articulates the confluence of networks, games and learning, which establishes a theoretical underpinning for understanding multi-agent decision-making over networks. We provide an selective overview of game-theoretic learning algorithms within the framework of stochastic approximation theory, and associated applications in some representative contexts of modern network systems, such as the next generation wireless communication networks, the smart grid and distributed machine learning. In addition to existing research works on game-theoretic learning over networks, we highlight several new angles and research endeavors on learning in games that are related to recent developments in artificial intelligence. Some of the new angles extrapolate from our own research interests. The overall objective of the paper is to provide the reader a clear picture of the strengths and challenges of adopting game-theoretic learning methods within the context of network systems, and further to identify fruitful future research directions on both theoretical and applied studies.
Predictions obtained by, e.g., artificial neural networks have a high accuracy but humans often perceive the models as black boxes. Insights about the decision making are mostly opaque for humans. Particularly understanding the decision making in highly sensitive areas such as healthcare or fifinance, is of paramount importance. The decision-making behind the black boxes requires it to be more transparent, accountable, and understandable for humans. This survey paper provides essential definitions, an overview of the different principles and methodologies of explainable Supervised Machine Learning (SML). We conduct a state-of-the-art survey that reviews past and recent explainable SML approaches and classifies them according to the introduced definitions. Finally, we illustrate principles by means of an explanatory case study and discuss important future directions.
小貼士
登錄享
相關主題
注冊地址: 北京市海淀區羊坊店路18號2幢3層301-191