About the Standards Blog
Linux Foundation Powers Up on IBM's OpenPOWERDan Meyer
–August 22, 2019 - The Linux Foundation is adopting the IBM-developed OpenPOWER Foundation in a move to further drive cross-vendor software support to boost hardware performance for data centers and hybrid cloud environments.
The adoption will see the project house IBM's open POWER microprocessor Instruction Set Architecture (ISA) and contributed Source Design Implementations to support data-driven hardware...[which] are targeted at intensive workloads like artificial intelligence (AI) and those hybrid cloud environments.
Those components are also part of IBM's Power Series chip architecture, which is not being donated to the Linux Foundation... Full Story
NIST Delays Action on Cyber-Related Standards Because of OMB Review
–August 21, 2019 - The National Institute of Standards and Technology (NIST) announced on Aug. 16 that it will delay action on several cybersecurity-related standards.
The delay is due to a review cycle the Office of Management and Budget's Office of Information and Regulatory Affairs (OIRA) has implemented to ensure the standards safeguard government data.
The announcement listed the standard publications that the delay impacted, including defense cybersecurity contractor and Defense Department standards. NIST's Guide for Developing System Security Plans is affected, and the Security and Privacy Controls for Information Systems and Organizations - which has reached its final public draft - is currently in review at OIRA.
Other processing standards and special publications are also affected by the delay... Full Story
NIST Releases Plan for Federal Engagement to Develop Technical Standards and Tools in AI
–August 20, 2019 - The National Institute of Standards and Technology (NIST) has released a plan for prioritizing federal agency engagement in the development of artificial intelligence (AI) standards. U.S. Leadership in AI: A Plan for Federal Engagement in Developing Technical Standards and Related Tools was prepared in response to the Executive Order: Maintaining American Leadership in Artificial Intelligence...NIST's plan acknowledges the importance of technical standards and their development,..It outlines four federal government engagement recommendations:
- Bolster AI standards-related knowledge, leadership, and coordination among Federal agencies to maximize effectiveness and efficiency
- Promote focused research to advance and accelerate broader exploration and understanding of how aspects of trustworthiness can be practically incorporated within standards
- Support and expand public-private partnerships to develop and use AI standards and related tools to advance reliable, robust, and trustworthy AI
- Strategically engage internationally to advance AI standards for U.S. economic and national security needs... Full Story
Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) DevicesPress Release
–August 18, 2019 - Global Cyber Alliance, working with its partners, today launched the Automated IoT Defence Ecosystem (AIDE), a first-of-its-kind cybersecurity development platform for Internet of Things (IoT) products. AIDE enables small businesses, manufacturers, service providers and individuals to identify vulnerabilities, mitigate risks and secure IoT devices against the growing volume of threats to this interconnected environment.
A complementary resource to the AIDE platform is the GCA ProxyPot, a custom IoT honeypot solution developed by GCA, which is capable of replicating one IoT device across multiple IP addresses and physical locations to identify global attack risks quickly, efficiently and accurately. Together, the AIDE and ProxyPot platforms allow for organisations and individuals to have greater visibility into the types and scale of threats facing the IoT devices deployed into various environments, including smart cities and other smart ecosystems... Full Story
More Knock-on Effects: The impact of the Trump Administration's addition of Huawei and 63 of its affiliates to the Export List continues to ripple across the standards and open source world. In this case, the threat of being shut out of the Android world has led Huawei to defensively come up with its own fork of the Android operating system. And, as the article below relates, to form its first open source development foundation. Both are examples of unintended, and perhaps unexpected, impacts. Specifically, leading China to become more self-sufficient and independent from the West, as compared to more integrated and invested in robust trade relationships, as well as dependent on Western technology.China to launch its first open-source foundation
–August 15, 2019 - [Note: page may take a long time to load] China's first open-source foundation will be launched in about a month or two, said Huawei after it released its open-source HarmonyOS on Friday.
The foundation, yet to be named, will be led by Huawei and is seen as a follow-up step for China to build a software developer ecosystem and a complete industry chain.
China's first open-source foundation will officially start operation in a month or two, Wang Chenglu, president of the Huawei Consumer Business Group software division, told the Global Times on Saturday... Full Story
The MIT Press releases a major report on all available open-source publishing software
–August 14, 2019 - Mellon-funded report Mind the Gap catalogs and analyzes all available open-source software for publishing and warns that open publishing must grapple with the dual challenges of siloed development and organization of the community-owned ecosystem...The number of open-source online publishing platforms has proliferated in the last decade, but the report finds that they are often too small, too siloed, and too niche to have much impact beyond their host organization or institution. This leaves them vulnerable to shifts in organizational priorities and external funding sources that emphasize new projects over the maintenance and improvement of existing projects. This fractured ecosystem is difficult to navigate, and the report concludes that if open publishing is to become a durable alternative to complex and costly proprietary services, it must grapple with the dual challenges of siloed development and organization of the community-owned ecosystem itself... Full Story
NIST Cybersecurity Framework Continues to ImproveEric Cosman
–August 13, 2019 - In February the National Institute of Standards and Technology (NIST) marked the fifth anniversary of its Cybersecurity Framework (CSF)...Since then there has been a regular series of updates and improvements, adding value to the Framework as a tool for improving security in the critical infrastructure...NIST has continued to enhance the value of the Framework by defining and developing supporting and interpretive information such as industry profiles. The institute has also provided a means for standards developers and other stakeholders to identify additional informative references for those applying the Framework.
ARC Advisory Group strongly encourages anyone responsible for defining, implementing or operating a program to address cybersecurity risk to learn more about the NIST Framework... Full Story
NIST Releases Draft Security Feature Recommendations for IoT DevicesPress Release
–August 9, 2019 - Appliances from refrigerators to thermostats are now available in models that interact with a wireless network, making them easier to control with a computer or smartphone. Because these devices can also put our security at risk, the National Institute of Standards and Technology (NIST) has released a guide to help us all adjust to a world where seemingly everything is connected - and potentially vulnerable.
The guide identifies a set of voluntary recommended cybersecurity features to include in network-capable devices, whether designed for the home, the hospital or the factory floor. Although the guide's subtitle is A Starting Point for IoT Device Manufacturers, its principles can be useful to anyone who links a device to the internet... Full Story
Wi-Fi WPA3 Standard Fails Again as New 'Dragonblood' Bugs FoundRichi Jennings
–August 8, 2019 - The Wi-Fi Alliance's WPA3 standard is under fire again. This time, researchers find more vulnerabilities that could lead to passcodes being cracked.
It's the same team that found the first five Dragonblood bugs - in April. Now they're adding two more, also concluding it's even easier than they thought to crack keys from side-channel leaks... Full Story
ISA Forms Global Cybersecurity AllianceLarry O'Brien
–August 7, 2019 - Last week the International Society of Automation (ISA) announced the formation of a new Global Cybersecurity Alliance (GCA) designed to "advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes." ISA is of course the developer of the ISA/ANSI 62443 series of automation and control system related cybersecurity standards that has also been adopted by the IEC. The GCA founding members include a list of well-known integrated automation suppliers and ICS cybersecurity suppliers including Claroty, Honeywell, Johnson Controls, Nozomi Networks, Rockwell Automation, and Schneider Electric... Full Story