Latest news with #NationalInstituteofStandardsandTechnology
Techday NZ
3 days ago
- Business
- Techday NZ
Device Authority launches KeyScaler 2025 with AI automation
Device Authority has released KeyScaler 2025, an update to its IoT identity security platform that introduces enhanced automation, a redesigned user interface, and new support for industrial edge environments. KeyScaler 2025 has been developed in response to increasing security concerns related to unmanaged IoT devices, which remain a significant vector for cyberattacks. Industry research indicates that one third of data breaches involve an IoT device and more than half of these devices have critical vulnerabilities that are susceptible to exploitation. The new platform release emphasises alignment with the latest recommendations from the National Institute of Standards and Technology (NIST), aiming to simplify and secure the full lifecycle of unmanaged devices. A key component of this update is the integration of AI-supported automation throughout the platform, intended to allow for more effective and hands-off remediation of device vulnerabilities. An important element of KeyScaler 2025 is its newly designed user interface, which streamlines device onboarding and lifecycle management. The company states that the interface is both faster to operate and provides greater visibility and control over an organisation's IoT identity estate. Enhanced insight and accessibility are central themes for this release, with the intent of making lifecycle management of large device fleets more practicable for IT and security teams. KeyScaler 2025 introduces a new Edge Remote Access Controller, which provides policy-based, secure remote access to IoT and operational technology (OT) devices at the network edge. This is particularly pertinent for industrial adopters following the Purdue model for manufacturing, as it supports secure management of device identities within segmented industrial control system layers. Device Authority's Chief Executive Officer, Darron Antill, commented on the new release, explaining the rationale and expected impact: "KeyScaler 2025 is the result of listening to our customers and the market who are requiring even greater visibility, control and automated remediation of their unmanaged device security. Incorporating AI-powered features into the core platform and introducing new innovative approaches to Edge security management ensures that even the most vulnerable devices remain secure without the need for human intervention, therefore significantly reducing business risk. The platform's faster and simpler integrations and ease of deployment make this an even more frictionless experience and is a further step to helping organizations achieve complete end to end device and data trust." The integration of artificial intelligence is intended to reduce the requirement for manual intervention in the security management of IoT devices. By automating processes such as threat detection, response, and remediation, Device Authority states that organisations can achieve improved security outcomes and decrease business risk arising from unmanaged devices. The Edge Remote Access Controller is being positioned as a solution for the secure enforcement of access policies at the industrial edge. By managing and governing remote connectivity according to organisational policies, the tool is designed to provide compliance with diverse cybersecurity regulations and frameworks, including requirements set out under the EU Cyber Resilience Act as well as anticipated U.S. Department of Defense guidance for OT/IoT systems. Device Authority also highlights its automated and closed-loop protection model. This approach aims to mitigate the impact of human error, speed up incident response, and minimise regulatory risk by providing end-to-end visibility and control across potentially vast and complex device estates. According to Device Authority, major OT/IoT deployments can see device identities outnumbering human identities by a factor of 45 to 1. This rising proportion of nonhuman identities within enterprise environments has made the management and protection of such assets a growing priority for security professionals. KeyScaler 2025 and its associated tools, including KeyScaler-as-a-Service (KSaaS) and a discovery tool for nonhuman identities and vulnerabilities, are part of Device Authority's strategy to help organisations adapt to an increasingly connected and regulated landscape. The company emphasises the need for complete visibility and intelligent automated controls as the scale and importance of IoT deployments continue to grow.
Forbes
4 days ago
- Business
- Forbes
How Leaders Can Choose The Right AI Auditing Services
AI related law concept shown by robot hand using lawyer working tools in lawyers office with legal ... More astute icons depicting artificial intelligence law and online technology of legal law regulationsNow that the 'big four' accounting firms— Deloitte, PwC, Ernst & Young, and KPMG— are beginning to offer AI audit services, what do leaders need to know about choosing the right AI audit services and about responsible AI (RAI)? The first step would be understanding key vulnerabilities from implementing AI systems, and how to mitigate such risks. It is important to understand the unintended consequences from black box AI systems and lack of transparency in deployment of such AI. In consumer facing industries, unintended consequences of deploying black box AI systems without due attention to how such systems are trained and what data is being used to train such systems can result in harm to consumers, such as price discrimination or quality discrimination. Disparate impact laws allow individuals to sue for such unintentional discrimination. Next, leaders need to understand frameworks to manage such risks. The National Institute of Standards and Technology offers an AI risk management framework, which outlines a comprehensive risks. Management frameworks help leaders to better manage risks to individuals, organizations, and society associated with AI, like standards in other industries that mandate transparency. When rightly used, AI audits can be effective in examining whether an AI system is lawful, ethical, and technically robust. However, there are vast gaps in how companies understand these principles and integrate them into their organizational goals and values. A 2022 study by the Boston Consulting Group and the Sloan Management Review found that RAI programs typically neglect three dimensions—fairness and equity, social and environmental impact mitigation, and human plus AI—because they are difficult to address. Responsible AI principles cannot be in a vacuum but need to be tied to a company's broader goals for being a responsible business. For example, is top management intentionally connecting RAI with its governance, methods, and processes?Have Clear Goals For AI Audits Standard frameworks used in procurement of technology typically focus on performance, cost, and quality considerations. However, evaluating tools also requires values such as equity, fairness, and transparency. Leaders need to envision values such as trustworthiness and alignment with organizational mission, human-AI teaming, explainability and interpretability in deploying AI. A study by researchers Yueqi Li and Sanjay Goel found significant knowledge gaps around AI audits. These gaps stem from immature AI governance implementation and insufficient operationalization of AI governance processes. A cohesive approach to AI audits requires a foundation of ethical principles integrated into AI governance. To take one example, a financial institution could explicitly mandate fairness as a criterion in AI-enabled decision-making models. For that we would first need a clear and consistent criterion of fairness, and one that can be supported by the principle of law and by a settled body of trade and commerce practice. Second, we need clear standards that can establish if norms of fairness are violated, which could be used as a stress test to determine whether AI based models are indeed fair. Auditing predictions of automated business decisions using fairness criteria will allow companies to establish if their policies are disadvantageous to some groups more than the others. If a bank is interested in predicting who to lend to, adding fairness as a criterion does not mean that the bank would have to stop screening borrowers altogether. It would necessitate that the bank does avoid metrics that would constitute a more stringent burden on some groups of borrowers (holding different groups of people to different standards). Business person holding AI box for technology and Artificial Intelligence concept. Internet of ... More Thinking and data analysis. Algorithmic stress tests before deploying black box AI models allow us to visualize different scenarios that not only help in establishing the goals of the fairness audit. It may also allow decision makers to specify different performance criteria (both from a technical perspective but also from a business objective performance). Such stress tests would allow vendors to quantify legal and operational constraints in the business, history of practices in the industry, and policies to protect confidential data, to name a few. Companies such as Microsoft and Google have used AI 'red teams' to stress test their Cross-functional Leadership Can Leverage With AI The above-mentioned BCG/SMR survey identified a key role for leaders, with most organizations that are in the leading stage of RAI maturity have both an individual and a committee guiding their RAI strategy. Increasingly, practitioners are also calling for Institutional Review Boards for the use of AI. Low frequency, but high business impact decisions, such as the choice of credit rating models, needs a systematic process to build consensus. An RAI champion, working with a cross-departmental team, could be entrusted with such a responsibility. The institutional review board needs to map algorithmic harms into an organization's risk framework. Smaller organizations can rely on best practice checklists developed by auditing bodies and industry standards organizations. Recognizing when a human decision maker is needed and when automated decisions can be employed will be increasingly important as we learn to navigate the algorithmic era. It is equally important to understand how business processes demarcate the boundaries between judgement exercised by a human actor and what is automated. The IRB can consider questions such as who should set these boundaries, is it the responsibility of division heads or mid-level managers. The AI ethics team and the legal team need to consider what are the policy implications of such boundaries and the legal implications of such a Foundation for AI Audits Three key aspects need to be understood before leaders embark on AI audits: Define goals: Understand AI audit is not about the technology itself, but how AI is intertwined with organizational values Establish AI governance: Before undertaking AI audits, we need a comprehensive AI governance framework in place. Establish cross-functional teams: Algorithmic risks need to be understood in the context of the organization's own risk profile. Cross-functional teams are key to build this understanding AI is increasingly intertwined with almost every aspect of business. Leaders should be cognizant of the algorithmic harms from the lack of transparency and oversight in AI, alongside the considerable benefits of digital transformation. Establishing the right governance frameworks and auditing AI will ensure transparency in AI model development, deployment, and use.
The Hill
18-06-2025
- Science
- The Hill
Calls for facial recognition alternatives are unsustainable
Despite being penned by House Homeland Security Committee Chairman Mark Green (R-Tenn.), Friday's opinion piece urging 'an alternative' to facial recognition technology offers a bizarre string of statements that do not make the case. Each biometric modality (fingerprint, iris, face, etc.) offers advantages that could make it the most effective for a specific purpose. But there are data-backed reasons facial recognition technology is widely adopted — including the ability to use existing hardware (cameras) and photos, rather than requiring specialized equipment and data collection processes. With rapid improvement through machine learning and neural networks, the leading technologies are now over 99 percent accurate across demographics according to National Institute of Standards and Technology data. Customs and Border Protection selected face recognition for its programs and has since verified more than 697 million travelers of all nationalities and ethnicities. More than 2 million U.S. air travelers use facial recognition technology every day to verify IDs at Transportation Security Administration checkpoints. Much is made about the risk of fraudsters getting the software to falsely match, but the figures cited are from research limited to unlocking personal phones, and conducted before Face ID was introduced on iPhones in 2017. Since then, presentation attack detection capabilities have been integrated into iPhones as well as higher security biometric applications. Fake videos, printed photos and masks are not a concern in an in-person setting where human detection of spoofing efforts would be immediate. The potential for fraud is with remote, online verification, where presentation attack detection measures are commonly combined with matching software. Homeland Security's Science and Technology Directorate is testing these technologies, showing so far, the leading presentation attack detection technologies detect spoofing attempts 100 percent of the time. Across the nation, facial recognition technology is successfully leveraged in law enforcement to find missing children, fight human trafficking and stop dangerous criminals. It's unclear how facial recognition technology alternatives would work, when the only evidence from a crime scene may be security video, recordings from by-standers or online media. We agree, China's use of technology 'to control its citizenry' is unacceptable. But this shouldn't deter U.S. agencies from leading the way in responsible use of (non-Chinese) technology under established privacy rules, bounded by the Constitution and subject to congressional oversight. Jake Parker is senior director of government relations for the Security Industry Association (SIA). He came to SIA with more than 12 years of experience on Capitol Hill, most recently as legislative director for Rep. Tom Latham (R-Iowa), a senior member of the House Appropriations Committee.
Yahoo
12-06-2025
- Business
- Yahoo
Patton Unveils Second-Generation, US-Made, Commercial-Grade, FIPS-140 Ultra-Secure SIP Phone with Enhanced NG911 Compliance
US-designed and manufactured, Patton's new commercial SIP-Phone is ultra-secure, FIPS 140-2 validated, and NG911-enabled. Providing POE and Fiber-to-the-Desk, the Tone Commander TC7110 delivers network and source-of-supply security. Patton... Let's Connect! GAITHERSBURG, Md., June 12, 2025 (GLOBE NEWSWIRE) -- Patton—world leader and US manufacturer of secure telephony, UC, and networking gear—announces today the new Tone Commander TC7110 ultra-secure SIP phone is now available for pre-order. Tone Commander products are designed and manufactured in the USA, ensuring source-of-origin and supply-chain security. 'The TC7110 combines security, flexibility, and ease-of-use in a modern SIP phone platform,' said Robert R. Patton, CEO of Patton. 'This launch reinforces our commitment to delivering trusted, U.S.-manufactured communications solutions to public and private sectors.' Innovation. Patton has incrementally innovated the original Tone Commander military-grade SIP-Phone. Enhancements to the commercial grade version include Gigabit, PoE, and fiber connectivity, modern E911 features sets, and updated security modules. Secure FIPS-140-2/3 Encryption. The TC7110 offers robust SIP support with TLS and SRTP encryption using FIPS-140-2/3 validated crypto modules. FIPS 140 is the U.S. standard that defines security requirements for hardware, software, and firmware that perform cryptographic functions. The standard is managed by the National Institute of Standards and Technology (NIST), overseen and validated by the Cryptographic Module Validation Program (CMVP). Enhanced NG911. NG911 system enhancements include Specific Location Information Server (LIS) interactions via RFC 5985 (HTTP Enable Location Delivery HELD protocol), storing and relaying location by reference and location by value. The system includes geodetic coordinates (latitude, longitude, and ellipsoidal height) and E911 Gateway functions within the NG911 environment. E911 Compliance. The TC7110 supports legislated E911 standards including Kari's Law for direct 911 calling and Ray Baum's Act for specific location information. Additional E911 protocols supported include: Automatic Location Information (ALI) Automatic Number Identification (ANI) Compliance with the National Emergency Number Association (NENA) regulations RFC 5962 – Location Object represented in a SIP Header (PIDF-LO) Key Features of the TC7110 SIP Phone: Security – TLS and SRTP encryption with FIPS-140-2/3 validated crypto and IPv4/IPv6 support. Customizable Interface – Ten programmable, desi-less multifunction keys and 320x240 color display. Cloud Orchestration – Automatically provision, manage, monitor, secure, alert, troubleshoot, analyze and optimize services using the Patton Cloud. Remotely and securely access and control phones, LANs, and over-the-top (OTT) services. Flexible Power Options – Supports Power over Ethernet (PoE) and includes external power supply. For more information about the Tone Commander IP Phone TC7110, go to In related news, Patton recently announced the new Tone Commander TC7910 secure SIP Phone that offers three switched gigabit Ethernet ports. About Patton Patton is a world-renowned manufacturer of networking and communications technology, offering a wide range of solutions including VoIP, Ethernet extension, wireless, and fiber optic products. Founded in 1984 and headquartered in Gaithersburg, MD, Patton has a strong global presence and a reputation for delivering reliable and innovative solutions to a diverse customer base. Let's Connect! Media Contact: Glendon Flowers | +1 301 975 1000 | press@ A video accompanying this announcement is available at in to access your portfolio
Yahoo
12-06-2025
- Science
- Yahoo
Here's how to generate a truly random number with quantum physics
Very little in this life is truly random. A coin flip is influenced by the flipper's force, its surrounding airflow, and gravity. Similar variables dictate rolling a pair of dice or shuffling a deck of cards, while even classical computing's cryptographic algorithms are theoretically susceptible to outside influence or bias. 'True randomness is something that nothing in the universe can predict in advance,' explained Krister Shalm, a physicist at the National Institute of Standards and Technology (NIST). So how does someone achieve true randomness? For that, you need to peer into the quantum realm. The task once required years of study and access to vast research facilities, but thanks to an ingenious new project from Shalm and his colleagues, now anyone can access a 'factory for random numbers.' And it's free to use. Designed by NIST in collaboration with the University of Colorado Boulder, the Colorado University Randomness Beacon (CURBy) is a first-of-its-kind system that relies on headspinning quantum mechanics concepts to offer truly random number generation. More specifically, CURBy's foundation rests on a task known as the Bell test. Named after the famed physicist John Stewart Bell, the test measures pairs of entangled photons with properties that remain correlated even after separating across huge distances. While the outcome is always random when measuring a single particle, a pair's properties are more correlated than classical physics dictates. This allows experts to verify the randomness at a quantum level. Albert Einstein previously described this 'quantum nonlocality' as 'spooky action as a distance,' and he wasn't a fan of the idea. Unfortunately for him, NIST proved its existence back in 2015. Three years later, they developed methodologies to use Bell tests in order to construct the world's first true randomness generators. These initial random results necessitated months of refinement and only ran for a few hours in total. Even then, the physicists and engineers only generated 512 bits of true randomness. Since then, researchers expanded and automated their experiment, thus offering random numbers whenever needed.'We really wanted to take that experiment out of the lab and turn it into a useful public service,' said Shalm. Their finalized protocol served up randomness 7,454 times over its first 40 days of existence. Researchers then recorded 7,434 cases of randomness—a success rate of 99.7 percent. But how do you actually generate true randomness? For that, you need a system that relies on a bespoke nonlinear crystal to generate entangled photon pairs. The particles then speed away in an optical fiber to separate laboratories at opposite ends of a hallway at NIST. Once they reach the two labs, researchers measure their subsequent polarizations. This relay race is then repeated a headspinning 250,000 times per second. All that data needs to be processed, so NIST sends off its millions of quantum coin flips to a specially designed computer program built by engineers at UC Boulder. The program then translates the measurements into 512 random bits of binary code that can then be parsed by anyone. But utilizing CURBy is much simpler than the dizzying quantum computations required to generate true randomness. All a user needs to do is head to its website and key in the list of items you want shuffled. CURBy then will rearrange the entries based on any given day's quantumly determined randomness. The outcome is decades in the making, and would have certainly given Einstein something to think about. 'I am at all events convinced that [the Creator] does not play dice,' he famously wrote to Max Born in 1926 regarding the concepts of quantum theory. 'If God does play dice with the universe, then you can turn that into the best random number generator that the universe allows,' Shalm said.
