Resources for AI Risk Management | Solarwinds in the news
CyberInsights #93 - The AI Risk Master List | Solarwinds was detected 6 months before Mandiant detected it
The rush to manage AI…
As AI grows, countries and institutions are rushing to build up regulations and controls
It feels like I have been talking about AI risks forever. Ever since ChatGPT stormed into the picture, all we cybersecurity professionals can think of is the risks of AI. You don’t have to endure me for much longer though. Here is a comprehensive list of resources for AI risk management. I promise to shut up about AI after this. (At least for a bit 😈)
AI risks
AI Security Concerns in a Nutshell — by the German Federal Bureau of Information Security. A good document on the general concerns about AI risks.
NIST AI Risk Management Framework - The NIST has released a framework for managing AI risks (Been talking about this a lot…)
Avoiding AI Bias - by the World Economic Forum. A small article about how AI bias can creep into life.
Exploring the security risks of Generative AI - By Forbes
AI hacking village at Defcon - Some big LLM AI companies plan to open their models for red teaming.
AI regulations
Pro Innovation Approach for AI regulations - by the UK Government. Defining a framework for governing AI, while still trying to allow innovation.
Regulatory Framework for AI - European Commission
Responsible Innovation in AI - Whitehouse
Take Action:
Learn. Learn as much about generative AI as you can.
It’s moving faster than self-appointed AI security newsletter writers are writing about.
Remembering Solarwinds
Solarwinds was detected in the department of justice 6 months before Mandiant broke the news. They just didn’t know what they were dealing with…
Long time readers of CyberInsights will remember our little unassuming post about Solarwinds 2 years ago.
Then everyone promptly forgot about it. Till this piece of news from Wired.
It’s a detailed investigative piece on Solarwinds. The TL;DR is here:
The US DOJ was affected six months before, but did not know the attack was Solarwinds.
Mandiant suffered a Golden SAML attack. It was detected by a mobile device trying to authenticate without a phone number.
Mandiant discovered a server running Solarwinds make connection with a remote server. The same had been discovered in the DOJ attack as well.
One rogue dll in the Solarwinds Orion software was sending data to the attacker’s systems. The rogue dll was signed with Solarwinds digital certificate
An undeleted failed virtual machine helped identify the attack to Solarwinds
This was probably the first known instance of the build process being compromised.
Take Action:
Ignore the TL;DR and read the article in detail. It’s a very interesting investigative piece and gives you an idea of the magnitude of the Solarwinds breach. Any, hey, remember to protect your supply chain.