Dr Edward McDonnell was also recently appointed to Ireland’s Enterprise Digital Advisory Forum, which will see him work with experts to advise on Irish AI strategy.
The director of Ireland’s Centre for Applied AI (CeADAR) has been appointed to the OECD Global Partnership Committee on AI (GPAI).
CeADAR head, Dr Edward McDonnell, is the first Irish person to be appointed to the GPAI. The committee is an international initiative that was formally launched in 2020. It aims to promote the development of AI that respects human rights and democratic values.
The body has 25 members, including the US, UK, Australia, Canada and the EU. Ireland is a member by virtue of its membership of the EU.
McDonnell will join a group of international experts from industry, government, civil society and academia to advance cutting-edge research and pilot projects focused on the responsible use of machine learning and AI.
He described his appointment as “a great honour”, adding that “my appointment to the GPAI presents CeADAR with a great opportunity to influence the work of the committee and bring our own perspective”.
“The GPAI is working to ensure that the transition to the future of work and computing remains fair while respecting human rights and the democratic values which we all share.
“This is a significant transition phase in human history and the efforts of the GPAI will be key to facilitating international collaboration and promoting the adoption of trustworthy AI,” he concluded.
The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure.
But many of them are unfixable, due to insecure protocols and architectural designs. And this highlights a larger security problem with devices that control electric grids and keep clean water flowing through faucets, according to some industrial cybersecurity experts.
“Industrial control systems have these inherent vulnerabilities,” Ron Fabela, CTO of OT cybersecurity firm SynSaber told The Register. “That’s just the way they were designed. They don’t have patches in the traditional sense like, oh, Windows has a vulnerability, apply this KB.”
In research published last week, Forescout’s Vedere Labs detailed 56 bugs in devices built by ten vendors and collectively named the security flaws OT:ICEFALL.
As the report authors acknowledged, many of these holes are a result of OT products’ being built with no basic security controls. Indeed, Forescout’s analysis comes ten years after Digital Bond’s Project Basecamp that also looked at OT devices and protocols and deemed them “insecure by design.”
A few hours after Forescout published its research, CISA issued its own security warnings related to the OT:ICEFALL vulnerabilities.
CVEs: The problem? Or the fix?
“Up until this point, CVEs haven’t been generated for these insecure-by-design-things, and there’s a reason for that,” Fabela said. “It’s bad for the industry.”
Once a CVE is generated, it sets into motion a series of actions by industrial systems’ operators, especially in heavily regulated industries like electric utilities and oil and gas pipelines.
First, they have to determine if the environment contains any affected products. But unlike enterprise IT, which usually has centralized visibility and control over IT assets, in OT environments, “everything is distributed,” Fabela noted.
If industrial and manufacturing environments do have any products impacted by the vulnerability, that triggers an internal review and regulatory process that involves responding to CISA and developing a plan to improve security.
One SynSaber customer sarcastically described OT:ICEFALL as “the gift that keeps on giving,” Fabela said. “He said, ‘Now I have this on top of all my other like, the real vulnerabilities’,” which present a slew of other problems when it comes to patching — such as having to wait until a planned maintenance outage that may be months out — if the manufacturer has a patch at all.
OT protocols don’t use authentication
For example: The current Modbus protocol, which is very commonly used in industrial environments, does not have authentication.
Forescout’s analysis details nine vulnerabilities related to unauthenticated protocols and disputes the argument that against assigning a CVE ID to a product with an insecurity OT protocol.
“On the contrary, we believe a CVE is a community recognized marker that aids in vulnerability visibility and actionability by helping push vendors to fix issues and asset owners to assess risks and apply patches,” the authors wrote.
While this makes sense from an IT security perspective, Fabela said it’s unrealistic from an OT perspective, and ultimately doesn’t make critical infrastructure any more secure.
Modbus, as a protocol that does not use authentication, could generate “thousands” of CVEs that “affect every product line in the world,” he Fabela. “You’re tying up the product security teams with the OEMs and you’re tying up the customers, the asset owners with CVE that they can’t do anything about.”
Basecamp researcher weighs in
Reid Wightman is a senior vulnerability researcher with OT security shop Dragos’ threat intel team. He’s also one of the original Project Basecamp researchers, and, more recently has done work on the ProConOs and MultiProg software vulnerabilities.
Forescout cited some of his research, and dedicated a section of the ICEFALL analysis to security flaws with the ProConOS runtime in PLCs.
In an email to The Register, Wightman noted that a lot of industrial controllers have the same set of problems that isn’t going away: “they allow unauthenticated code to run on the PLC.”
“This means that one malicious logic transfer to the PLC may permanently compromise the PLC,” he added, noting that, because the control logic is causing the change, it can happen outside of a normal firmware update. “It’s kind of a thing I’ve harped on since the Basecamp days, but may be worth repeating. Over and over again. Until the sun burns out, probably.”
Lately, one of Wightman’s “big, personal concerns” is that some vendors say they can use TLS and client certificates to secure controllers, presumably to avoid. In reality, this would just make the traffic more difficult to inspect, Wightman said.
“If an attacker gets onto the engineering system, they may load a malicious payload using CVE-2022-31800/CVE-2022-31801 (or any of the similar problems that exist in almost every logic runtime) into the controller,” he added. “Only, now we have no way of telling whether they did it because the traffic is encrypted.”
So how do we fix the problem?
“I guess my answer would be: if your engineering system is compromised, throw away all of the controllers that it was allowed to talk to,” Wightman said. “And I doubt most end users would go to that level of paranoia.”
Which, again, points to the insecure-by-design nature of how these systems are engineered.
“Thankfully, we see no signs of any widespread abuse of these protocols or ‘features’ in spite of some of the bugs being well-known for years,” Wightman added. “I really do hope it stays that way.” ®
There were complaints of ‘a large number of hurdles’ to unsubscribe from Amazon Prime such as complicated menus, skewed wording, confusing choices and warnings.
Amazon has committed to making it easier for users to cancel their Prime subscription to comply with EU rules.
The tech giant will now let consumers in the EU and EEA unsubscribe from Amazon Prime with just two clicks, using a prominent cancel button.
This came following a dialogue with the European Commission and national consumer protection authorities. Complaints had been issued to the Commission by the European Consumer Organisation, the Norwegian Consumer Council and the Transatlantic Consumer Dialogue.
These consumer authorities noted “a large number of hurdles” to unsubscribe from Amazon’s service, such as complicated navigation menus, skewed wording, confusing choices and repeated nudging.
Amazon made initial changes last year, labelling the cancel button more clearly and shortening the explanatory text. This text will now been reduced further so consumers don’t get distracted by warnings and deterred from cancelling.
“Consumers must be able to exercise their rights without any pressure from platforms,” said EU commissioner for justice Didier Reynders.
“Opting for an online subscription can be very handy for consumers as it is often a very straightforward process, but the reverse action of unsubscribing should be just as easy. One thing is clear: manipulative design or ‘dark patterns’ must be banned.”
Amazon has committed to implementing the new changes on all its EU websites and for all devices. The tech giant will be monitored by the European Commission and national authorities to ensure it complies with EU consumer law.
“Customer transparency and trust are top priorities for us,” an Amazon spokesperson said.
“By design we make it clear and simple for customers to both sign up for or cancel their Prime membership. We continually listen to feedback and look for ways to improve the customer experience, as we are doing here following constructive dialogue with the European Commission.”
Amazon has had a number of dealing with the European Commission over the years regarding its business practices. The tech giant was hit with a Statement of Objections in 2020 based on its use of marketplace seller data.
The country was ordered to recoup €250m in back taxes. However, Amazon won its appeal against this ruling last year, as the EU’s general court said the European Commission didn’t provide the “requisite legal standard” to prove Amazon received favour from tax authorities.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
Why read books, in this day and age? “Haven’t we all secretly sort of come to an agreement, in the last year or two or three, that novels belonged to the age of newspapers and are going the way of newspapers, only faster?” wrote Jonathan Franzen, tongue firmly in cheek, in a 2010 essay. The comment feels trenchant a decade later, in an era marked by a saturation of streaming platforms, short-form video, podcasts and screen adaptations of said podcasts.
The proportion of non-readers in Australia has grown in recent years: results of the 2021 National Reading Survey found that 25% of people reported not reading a single book in the previous year – up from 8% in a 2017 survey.
Any bibliophile can easily rattle off a list of reasons for reading. Books enlighten and challenge us, they transport us to different worlds, they reflect essential truths about the human condition.
“People who read well and read a lot learn more, pick up more general knowledge … and can then be better critical consumers of what they read,” says Prof Pamela Snow, co-director of the Science of Language and Reading lab at La Trobe University.
So, within our busy lives, how do we better find the time for books? How can we get more out of the reading experience?
We commonly interact with texts in different modes. In skimming through an article, taking in a few lines – a headline and subheadings, for example – we might gain a general but shallow understanding of its meaning. We also scan texts for specific numbers, names, or ideas – a quantity in a recipe, say.
Then there’s deep reading, what the scholars Dr Maryanne Wolf and Dr Mirit Barzillai define as “the array of sophisticated processes that propel comprehension and that include inferential and deductive reasoning, analogical skills, critical analysis, reflection, and insight. The expert reader needs milliseconds to execute these processes; the young brain needs years to develop them.”
Reading on screens has turned us into adept text skimmers. An influential 2005 study that analysed how reading behaviour had changed over the previous decade – coinciding with the global rise of the internet – found that online reading was characterised by “more time spent on browsing and scanning, keyword spotting, [and] one-time reading … while less time is spent on in-depth reading, and concentrated reading”.
“Readers must engage in an active construction of meaning, in which they grapple with the text and apply their earlier knowledge as they question, analyse, and probe,” she and Barzillai have suggested. One technique for in-depth reading of narrative texts is RIDA: to Read, Imagine the scene, Describe it to yourself, and Add more mental detail by noting powerful imagery or salient passages.
Physical books, rather than devices like smartphones, tend to support more focused reading, says Baron, though she says the choice of medium is ultimately a matter of personal preference.
Screens themselves are not inherently detrimental to our ability to focus, says the head of the visual and cognitive neuroscience laboratory at the University of Melbourne, Prof Trichur Vidyasagar.
“People often have the belief, particularly concerned parents, that if you spend too much time on screen devices your concentration may get poorer. That’s not necessarily true,” he says. “If used correctly and not at the cost of other useful activities, they can greatly benefit learning.”
The key is the internet’s boundless potential for distraction. “When you use the screen, there are so many hyperlinks, so many sites, stories, and rabbit holes to go into,” Vidyasagar says. The temptation to multitask – “an illusory myth,” he says – can be hard to resist. “If you think you’re multitasking, what you’re actually doing is switching between two tasks at a rapid rate, and your performance in both goes down.”
“When you read a [physical] book it’s quite different – you can’t get distracted as easily.”
Research in university students has found that comprehension is generally higher for print reading. “There is something about reading digitally that seemingly increases the speed at which students move through the text and this processing time translates into reduced comprehension,” one study found. “The findings are especially true when you’re talking about longer materials,” Baron says, adding as a caveat that research tends to focus on academic rather than leisure reading.
Results seem to differ slightly for dedicated e-reader devices. One study, in which participants read a 28-page mystery story by Elizabeth George either in print or on a Kindle, found no differences in most standard comprehension measures. The print readers, however, were better at reconstructing the plot and chronological aspects of the story – potentially because “the physical substrate of paper provides material placeholders” for events within the story.
Rediscovering joy and meaning
Dr Judith Seaboyer, formerly a senior lecturer in literary studies at the University of Queensland, who retired last May, recently went through a fiction dry spell. “There’s so much good stuff to listen to [on the radio], so much good journalism out there to read, and I was finding that I wasn’t reading novels any more.”
“As somebody … who’s done a PhD in contemporary literary fiction, and taught it for over 20 years – you think I’d know [reading books] is worth doing.”
What broke Seaboyer out of her slump was reading new work by an author she loves – Ali Smith’s Companion Piece. Synthesising ideas and making comparisons across multiple texts is also a known strategy for deepening reading comprehension, so some might find it helpful to dig into multiple books by the same author.
Seaboyer’s advice is to read with curiosity and to carefully consider an author’s choices, which can lead to a deeper understanding of language, characters and plot. “Jot things down, annotate your book, write things in the margin,” she says. “Some publishers are putting out reading guides now – that’s often quite useful.”
Nabokov believed that “One cannot read a book: one can only reread it”. For him, revisiting books – like the process of regarding a painting – meant the mind first “takes in the whole picture and then can enjoy its details”.
“You [might] remember that you really loved reading Austen,” Seaboyer says. “It’s interesting to be thinking as you read … now that I’m older and wiser, am I seeing any of this any differently than I did when I was 18?”
“There are ways to be kind to yourself, to allow yourself the opportunity not to understand something the first time through, or to say … maybe there’s a different book I should read first,” Baron says. “It’s like reading James Joyce: if you want to start with Ulysses, good luck. If you start with A Portrait of the Artist as a Young Man, you’ll have a better shot at working your way in.”
If reading solely for pleasure, abandoning books that are not bringing enjoyment could, in fact, increase reading time. Of frequent readers surveyed in 2021 – those who consumed at least one book a month – 54% reported not finishing a book if they disliked it. As a result, they “move[d] on more quickly to the next book for greater enjoyment … and have fewer and shorter gaps between books”.
For those wanting to read more – for relaxation or self-improvement – Baron suggests committing to short but regular periods of reading, similar to time set aside for exercise or meditation.
The speed question
Some people are naturally fast readers – celebrated academic Harold Bloom claimed to be able to read 1,000 pages an hour in his prime. Most adults, according to 2019 analysis, read English nonfiction silently at a rate of between 175 and 300 words a minute, and fiction at a rate of 200 to 320.
While speed reading techniques or apps may seem alluring for the time poor, they’re unlikely to work without compromising understanding.
“Fast readers are not necessarily better at reading comprehension,” Vidyasagar says.
There are no shortcuts to reading faster. Becoming a better reader requires persistence and “dealing with the frustration at not seeing overnight results”, Snow says. “It’s like any skill – learning a musical instrument, learning to drive a car.”
A 2016 review of the science of reading found that reading can be improved in the same way all other skills are developed: through practice. “The way to maintain high comprehension and get through text faster is to practise reading and to become a more skilled language user.”
“If two goals of reading might be to learn for the long haul, and to think – that may be part of enjoyment, that may be part of learning – then what’s the hurry?” Baron says. “Why are we feeling like the White Rabbit?”
For Seaboyer, reading a good book is akin to a meditative experience . The “wonderful, immersive process that is deep reading” reliably brings her pleasure. “Something else is picking you up, and moving your mind and body and soul into a different space so you can think about the world differently.”