Two new vulnerabilities (Meltdown and Spectre) were introduced that are in the architecture of processors in nearly every computer and other devices using CPUs. Code to exploit these vulnerabilities in some cases is now publicly available and we can expect that more capable/modular code will be released soon. During this webcast, we'll walk through how the vulnerabilities work, what is being done to patch them, the performance impacts of patching, and probable exploit scenarios for the vulnerabilities.
New AI technology that mimics the human brain can help law enforcement and intelligence organizations rapidly identify patterns, objects and faces in large amounts of archived and live streaming video
Video is a critical element in crime prevention and investigation, yet current law enforcement systems are increasingly unable to cope. The sheer volume of surveillance material captured and stored every day is staggering, and set to rise dramatically. Adding more cameras to gather more information will only ever be useful if processes to search and analyze the mountain of data keep pace. As it stands vital information may be missed because the vast majority of video is simply never viewed.
Information technology firm Cisco estimates than in 2021 it would take more than 5 million years to watch the amount of video traffic across the globe – each month. Market researcher IHS forecasts that 127 million surveillance cameras and 400,000 body-worn cameras will ship this year, in addition to the estimated 300 million cameras already deployed. By 2020 it is predicted there will be more than 1 billion cameras operated by smart cities worldwide, providing 30 billion frames of video per day. Internet video surveillance traffic alone increased 71 per cent in 2016 according to Cisco, and is set to increase sevenfold by 2021. Globally, 3.4 per cent of all video traffic crossing the internet will be video surveillance.
Give that a major problem for surveillance operators is directed attention fatigue, where the brain naturally alternates between periods of attention and distraction, it would require a superhuman effort to identify and classify all these images. What is required is a system that is never distracted and can work in conjunction with people to reduce errors, which is what artificial intelligence-driven video systems promise.
AI in video surveillance can potentially deliver four times the performance of conventional video search – in contrast to human vigilance, which studies have shown can degrade by 95 per cent after about 20 minutes.
The cost of deep learning
Since 2012, when AI video analytics took off, the systems trained to recognize objects and facial IDs from different types of image have proved expensive to run and slow to compute, and require large datasets to generate results. These systems, which are based on convolutional neural networks (CNNs), employ an AI technique known as ‘deep learning’. They excel at churning through data but lack the ability to refine and react to streams of information gathered from the surrounding environment – which the human brain is extremely good at.
What’s more, CNNs exhibit limitations including poor noise immunity, particularly when random pixels appear in an image due to noisy sensors or lens contamination. They can serve false classifications if the network becomes confused – for example by someone wearing glasses, or if it cannot find a new face in a crowd without a large set of labelled images relating to that face being added to the database. The network parameters of CNNs need careful adjustment, and even then the accuracy rate for correct image classification may not be sufficient for video surveillance applications.
Spiking neural networks
A relatively new approach is the spiking neural network (SNN), which simulates and models the different aspects of the human brain’s operation much more closely than a CNN.
For instance, a police department that is looking for a suspect in live video streams does not have thousands of images of that suspect; nor does it have weeks to train a CNN system. In an SNN-based system, it can find patterns and people in videos in milliseconds and from a single image – which, importantly, can be as small as 24 x 24 pixels: it doesn’t need to be high definition. The system excels in recognition in low-light, low-resolution, noisy environments, making it ideal for the large amount of previously installed video surveillance systems.
Unlike current CNN technologies that require extensive pre-labelled datasets and expensive cloud-based training and acceleration, an SNN system can be implemented in software with traditional computer processors (CPUs) and trained on-premises. The one-shot technology learns in real time and requires only modest processing power – typically a Windows- or Linux-based x86 desktop computer or server – as well as consuming little energy.
This enables a greater number of law enforcement organizations to capitalize on the opportunities offered by AI. It means AI algorithms can be used with legacy systems without requiring expensive hardware or infrastructure upgrades, and it can be deployed in the field in highly secure environments that may not have cloud connectivity.
Tasks that seemed impossible for machines just a few years ago are becoming almost routine, and SNN technology has perhaps the greatest potential to bring valuable new capabilities into mainstream automated video surveillance today.
About the author:
Bob Beachler is Senior Vice President of Marketing and Business Development at BrainChip. He can be reached at: [email protected]
In 2016 almost 1.1 billion identities were stolen globally. This number is up dramatically from a reported 563.8 million identities stolen in 2015. In addition, the same Symantec Internet Security Threat Report placed the United States at the top of the list for both the number of breaches by country (1,023) and the number of identities stolen by country.
New York State’s Division of Financial Security and other government entities around the globe have been monitoring this increased cybercriminal threat and determining means to help protect the private information of individuals as well as the information technology systems of regulated organizations.
New York State’s Division of Financial Security released new cybersecurity requirements (23 NYCRR 500), directly affecting the way that financial data is managed going forward. Applicable to financial services companies operating in New York State, these regulations declare that, on an annual basis, financial firms are required to prepare and submit a Certification of Compliance with the NY DFS Cybersecurity Regulations to the superintendent, commencing on February 15, 2018.
The scope of this legislation describes measures related to: cybersecurity programs and policy, personnel, resources and training, penetration testing and assessments, audit trails, access privileges, application security, third parties, NPI (Non Public Information) encryption, data retention, incident response and notification.
Among other requirements, this regulation dictates that companies declare any cyberattack to the superintendent within 72 hours. In the past, many companies chose to not disclose information related to these hacking exposures because much of their cost stems from damage to brand reputation and the necessary steps required to rebuild the trust of their clients post-attack.
Similar to the NY DFS proposal, the Federal Reserve Board (FSD), the Office of the Comptroller of the Currency (OCC), and the FDIC issued an advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management and resilience standards for large banking organizations. Additionally, the states of Vermont and Colorado have released laws pertaining to cybersecurity and the improved protection and monitoring of data.
Two technologies specifically called out in the new NYS DFS Cybersecurity requirements, Multi-factor Authentication (MFA) and Risk Based Authentication (RBA), are key methods of complying with regulation and defending against attacks.
Multi-factor authentication is defined as using at least two factors to authenticate a person, generally a combination of:
- “Something I Have” — this could be a hardware token, a mobile soft token, etc.
- “Something I Know” — like a PIN code, a password, and
- “Something I Am” — such as a fingerprint or face recognition.
With MFA, the two factors are fully independent from each other (i.e. the failure of one factor would not compromise the other one).
Risk based authentication is the capacity to detect anomalies or changes in the normal use patterns of a person as part of the authentication process, require additional verification if an anomaly is detected to avoid any breach.
It is more efficient to avoid hacking and cyber-attacks in the first place by focusing attention on the security of the applications being accessed, both externally and internally. To learn more about these regulations and how similar standards will impact you, visit www.hidglobal.com/iam.
You need new ID badges, and you know that you’d like to be able to have these “smart cards” enable access to your building and/or your network – or perhaps even other systems like transit or cashless vending – but where do you start? What are your options for printing (and encoding) badges such as these? Are there other things to consider before making a purchase?
HID Global can help. The white paper, Top Ten Considerations for Choosing the Right Secure Issuance Solution, outlines the top ten things to look for when selecting a secure issuance provider to help you find a solution that meets your specific needs.
Please click here for your free copy of this white paper.
WikiLeaks is only one example (albeit a major one) in a chain of data leakage incidents in recent months. Looking back over the last year or so, you might also recall the posting of TSA screening manuals online, the unintentional release of numerous product specs, as well as many other incidents.
Why are we seeing so many leaks lately? Here are three reasons:
Reason 1: The need to share
Leakage is in no small part due to the fact that data sharing and collaboration have become a “must” in today’s increasingly mobile and global world. This more complex world makes it easier to share and collaborate, but also makes it exceedingly easy for information to leak.
Reason 2: Ease of use
This is the usual security-versus-connectivity paradox. You need to find the optimal solution that balances security and connectivity. You cannot lock down all documents in a vault and not share them with anyone. Nor can you indiscriminately send them via unprotected e-mail. A major reason why documents leak is that most existing solutions are extremely cumbersome to use. They involve installing servers, agents, defining policies and more. And, if something is hard to use, chances are people will not use it.
Reason 3: The right solution for the problem
There is a lot of confusion in the market today, with many different product categories available, such as data loss prevention (DLP), enterprise digital rights management (DRM), e-mail encryption, virtual data rooms and many others. For example, just because you’re using encrypted e-mail doesn’t mean your information will not leak, as this type of protection typically applies only when the document is in transit. As soon as it gets to its destination, it can be freely forwarded to an unauthorized party. It is important to make sure that your solution is solving the right problem.
So what can you do?
In our world, without walls, we need to assume that documents must be shared across organizational boundaries and across different platforms, such as PCs and mobile devices. So, it is pointless to try to protect some nonexistent perimeter. Ultimately, the only solution is to embed security and controls into the documents themselves. New technologies allow document owners to maintain control and track files throughout the documents’ lifecycles. Such solutions allow users to control who views documents and who prints them, and even lets them wipe files completely at any time; even after they have been downloaded.
Adi Ruppin is vice president of marketing and business development for WatchDox, a provider of document protection, control and tracking solutions. Ruppin can be reached at:
Henry Bros. Electronics, Inc. (HBE), a turnkey provider of technology-based integrated electronic security solutions, announced on Dec. 16 that on December 15, after receiving the required stockholder approval, it completed the previously announced merger transaction with Kratos Defense & Security Solutions, Inc.
The affirmative vote of the holders of a majority of the outstanding shares of Henry Bros. common stock was required to approve the merger transaction with Kratos. According to the final vote tally of shares of Henry Bros. common stock, approximately 79 percent of the outstanding shares of Henry Bros. common stock, as of November 2, 2010, the record date for the annual meeting, was voted to approve the merger.
Under the terms of the merger agreement, Henry Bros.'s stockholders will receive $8.20 in cash, without interest and less any applicable withholding taxes, for each share of Henry Bros. common stock they hold.
As of December 16, 2010, the stock of Henry Bros. will no longer be quoted on The NASDAQ Capital Market.
Applied DNA Sciences announced on Dec. 22 that it has begun a “comprehensive redesign” of its Web site, which will begin with a reworked front page.
“Our company blog has similarly been reimagined to give flesh and blood detail to our story,” wrote James Hayward, the company’s chairman, president and CEO, in an e-newsletter.
Hayward invited visitors to the revamped Web site to read a wide variety of blog entries, and then contribute to the company’s redesign effort by indicating the types of information they would like to see. “More in-depth information on our fast-growing product line?” asked Hayward. “More success stories? More investor-oriented features and data?”
Hayward said a formal online reader survey will soon follow.
|ZBV Military Trailer|
American Science and Engineering, Inc., a supplier of X-ray detection solutions, announced on Dec. 22 the receipt of a $3.8 million order from an unidentified government customer for multiple ZBV Military Trailers.
The ZBV Mil Trailer is a ruggedized version of the company’s Z Backscatter Van (ZBV) built onto a standard military trailer. Security officials use the ZBV Mil Trailer for screening vehicles, containers and other cargo for terrorist threats and contraband, AS&E said in a recent press release.
“This first ZBV Mil Trailer order for this service branch of the Armed Forces comes as a direct result of its success with active fielded systems,” said Anthony Fabiano, AS&E’s president and CEO. “The ZBV Mil Trailer has demonstrated its effectiveness for inspecting vehicles and cargo for explosive threats and contraband in harsh terrain.”
HID Global, a provider of secure identity solutions, announced Dec. 6 that the company’s e-government RFID reader technology is being deployed in France, Germany, Italy, Netherlands and Spain to help create a more robust identity-checking infrastructure in Europe.
The company will be deploying its technology through leading system integrators in two additional countries during the first half of calendar 2011, according to a recent press release.
HID’s reader modules offer one of the world’s fastest solutions for biometric passport reading, and its reader technology is unique in supporting both Basic Access Control (BAC) and Extended Access Control (EAC) to deliver a combination of flexibility and future-proofing as Europe and the rest of the world move to more secure digital credential technologies, says HID Global.
Altogether, HID’s e-Government inlays, readers and printers are now used by ministries of interior and foreign affairs in over 27 e-passport programs and 31 ID/e-ID programs worldwide, making life easier for more than 120 million e-document holders.
“We understand how important it is to minimize delays while maximizing security at border crossings, and so we have focused on delivering best-in-class reader speed, accuracy and flexibility in our e-passports and other e-government solutions,” said Mark Scaparro, senior vice president of Identification Solutions with HID Global. “We offer one of the industry’s fastest and most reliable reader solutions plus seamless interoperability with all relevant standards and technologies. Being able to support both BAC and EAC standards in our readers has been one of the top requirements for our OEM partners in Europe, as demand continues to grow for secure and reliable e-passport and other e-government solutions, and as more countries migrate from a BAC- to EAC-enabled infrastructure.”
HID’s combination of BAC and EAC support makes it easier for countries to support existing requirements while migrating to the latest, more rigorous security standards. BAC is typically used for government identity verification and for such commercial applications as accelerated hotel check-in/checkout, self-serve airline check-in, and purchasing disposable mobile telephony credits.
For greater security, EAC is used to enable biometric matching during e-passport and eID document issuance and at automated border-crossing locations, including airports in Finland, France, Germany, Portugal and the U.K. While more than 30 European countries have completed their e-passport migration to EAC, experts confirm that only a fraction of these countries has a reader infrastructure in place today and deployments will accelerate rapidly.
According to Acuity Market Intelligence, e-passport market revenues will grow at a compounded annual growth rate of 31.5 percent to nearly $7 billion annually by the end of 2014. The firm reported in its April study entitled, The Global e-Passport and e-Visa Industry Report, that e-Passports accounted for 57 percent of all passports issued and 28 percent of all passports in circulation during 2009, and that 88 percent of all passports issued in 2014 will be electronic passports.
“Ten years ago, the e-passport was a concept circulating among forward thinking individuals and small groups of associated industry, government and non-government agencies,” said Acuity Principal, C. Maxine Most. “In the wake of the terrorist attacks on the World Trade Center in 2001 and the subsequent transit attacks in Madrid in 2004 and London in 2005, the e-passport idea rapidly transformed into a foundation for global security. Today, e-passports have not only become mainstream but have also created a multi-billion dollar industry poised to fundamentally change the global travel and border control infrastructure.”
The latest EAC standards mandate that passports contain individual private keys to resist counterfeiting, and require inspecting parties to prove that they are entitled to extract sensitive data such as the fingerprint using digital signatures and a Public Key Infrastructure (PKI). For additional security, HID Global uses advanced encryption techniques to protect against unauthorized access to the chip data. The option of field-upgradeable firmware or a read-only memory (ROM) mask is also available, upon request, depending on platform.
HID Global offers a variety of RFID reader board modules that OEM partners can use to develop customized solutions. The read/write readers support all ISO 14443-4 A/B elements, making them suitable for all existing and yet-to-be-developed ISO chips and chip operating systems. The option of on-board or external design with single or dual antennas optimizes configuration flexibility and performance.
HID Global’s RFID readers are part of the world’s broadest portfolio of e-documents, e-passport and e-national ID solutions, says the Dec. 6 release. The company has a history of industry innovation, including developing and helping to drive deployment of the widely used wire-transfer and wire-embedding technologies for extended contactless e-document durability, and creating patented, thin and flexibleceFLEX inlays that increases e-document resiliency.
|Core Insight Enterprise|
Core Security Technologies, a provider of IT security test and measurement software solutions, announced on Dec. 13 the official release of its Core Insight Enterprise. Following a successful beta program, which included more than a dozen Fortune 500 firms and top-level U.S. Government agencies, the launch realizes Core Security’s vision of enabling customers to continuously identify and prove real-world exposures to critical assets across the entire organization through automated testing of network systems, Web applications, and users in one completely integrated solution, says the company in a press release it issued on Dec. 10.
With Core Insight, customers gain real visibility into their security standing, real validation of their security controls and real metrics to more effectively secure their organizations. The solution employs groundbreaking technology that proactively replicates the steps attackers would take to breach valuable information assets.
Unlike other solutions, Core Insight Enterprise starts with customers identifying which systems and data they want most to protect. Insight then automatically calculates paths of attack and then begins to exploit multiple layers of defense until the security of critical assets is either confirmed or breached. Assessment results are delivered via a dashboard and reports that present metrics regarding the efficacy of security controls in terms relevant to the business.
Core Insight Enterprise provides IT security leaders with an automated and continuous view of IT security risk for the very first time.
“Using Core Insight Enterprise to test across our IT infrastructure on a continual basis has given us an entirely new way of looking at whether or not our most critical IT systems and electronic data are protected from real-world attacks,” said Larry Whiteside, chief information security officer of the Visiting Nurses Service of New York. “Just as importantly, it tells us how well our existing defenses are functioning and what type of return we’re getting from our previous security investments.”
“Core Insight Enterprise changes how enterprises should view security,” said Charles Kolodgy, research vice president for Security Products at IDC. “It makes security goal oriented by allowing security professionals to determine if their critical assets are vulnerable.”
Core Insight builds upon the expanding demand and established innovation of Core Impact, a penetration testing software product, now in its 11th version, said the company. While Impact is the software application of choice among thousands of security testing professionals, Core Insight creates the opportunity to test and measure exposures in a comprehensive and realistic manner.