Connect with us

Technology

UK government’s risk planning is weak and secretive, says Lords report | Politics

Voice Of EU

Published

on

Assessment and planning by the government relating to risks facing the UK are deficient and “veiled in secrecy”, a report has found.

The 129-page report, entitled Preparing for Extreme Risks: Building a Resilient Society, was produced by the House of Lords select committee on risk assessment and risk planning – a group appointed in October 2020.

James Arbuthnot, chair of the committee, said that while the UK’s risk assessment processes had been praised across the world before the pandemic, the impact of Covid suggested there may be problems.

“It had been advised that if there were to be a coronavirus pandemic, as a country we would suffer up to 100 deaths,” he said. “Over 140,000 deaths later, we realised that we could perhaps have been doing rather better in our assessment and our planning.”

The report – which draws on sources including oral evidence from 85 witnesses, including from the chief scientific adviser, Sir Patrick Vallance, during 29 sessions – looked at the country’s approach to assessing and preparing for a wide range of risks, from chemical warfare to the climate crisis and severe space weather.

“If you ask, what keeps me awake at nights, it is the growing possibility of major disruption due to more and more frequent cyber-attacks,” said Lord Rees, a committee member. “And even more, I worry on a timescale of tens of years about bioterrorism, bioengineered viruses and all that, which are going to be feasible.”

The report’s conclusions point to a number of shortcomings. Among them the committee highlighted a tendency for the government to focus on immediate problems rather than preparing for the long term.

“The likelihood of major risks actually occurring during the term of the government is low,” said committee member Lord Mair, noting as a result there is no incentive to prepare for them.

The committee also flagged concerns over the National Risk Register and the National Security Risk Assessment (NSRA), and called for better processes to categorise risks, including looking at how vulnerable the country would be to certain threats, and better modelling of how risks can cascade – with Arbuthnot noting as an example the impact of Covid on school exams.

Among other issues the report criticised a lack of transparency by the government. “The current risk management system is veiled in an unacceptable and unnecessary level of secrecy,” the report noted, adding that in turn has hampered the country’s preparedness, with frontline responders including local government and volunteer groups struggling to access the information they need.

It is not the first time the government has been accused of secrecy over risk assessment and planning: a report on Exercise Cygnus, the 2016 government simulation of how the country would handle a fictitious “swan flu”pandemic was only made public after a copy was leaked to the Guardian.

Among other actions, the latest report recommends:

  • The establishment of an Office for Preparedness and Resilience by the government, headed by a newly created post of government chief risk officer.

  • A presumption of publication by the government, and the publication of the content of the Official-Sensitive National Security Risk Assessment except where there is a direct national security risk.

  • The publication, every two years, by the government of a brochure on risk preparedness to inform the public on topics including what to do in an emergency.

“[It’s] much better to face some of these issues, having prepared for, and practised for, and exercised for them in advance rather than doing them first in the heat of battle,” said Arbuthnot

Arbuthnot added the Covid pandemic had offered the chance to “address a public that is ready to be addressed. And people have proved that they’re up to it.”

Prof David Spiegelhalter, chair of the Winton Centre for Risk and Evidence Communication at Cambridge University, and who contributed evidence to the report, welcomed its publication.

“It’s extraordinary that the National Risk Register does not get any public promotion or media coverage, and I welcome the committee’s recommendation to radically improve the communication with the public about the risks they face,” he said. “These vital issues deserve to be widely known and discussed.”

Source link

Technology

Molly Russell inquest: social media ‘almost impossible’ to keep track of, says teacher | UK news

Voice Of EU

Published

on

The headteacher of Molly Russell’s secondary school has told an inquest into the teenager’s death it is “almost impossible” to keep track of the risks posed to pupils by social media.

North London coroner’s court heard of the “complete and terrible shock” at Molly’s school after the 14-year-old killed herself in November 2017. Molly, from Harrow in north-west London, killed herself after viewing extensive amounts of online content related to suicide, depression, self-harm and anxiety.

Sue Maguire, the headteacher at Hatch End high school in Harrow, was asked how difficult it was for a school to stay on top of dangerous social media content.

She said: “There is a level where I want to say it is almost impossible to keep track of social media but we have to try, and we have to respond to the information as we receive it.”

Describing the school’s “shock” at Molly’s death, Maguire added that teachers had warned students about the “dangers of social media for a long time”.

She said: “Our experience of young people is that social media plays a hugely dominant role in their lives and it causes no end of issues. But we don’t present a stance that they should not use it. But it presents challenges to schools that we simply didn’t have 10 or 15 years ago.”

Oliver Sanders KC, representing the Russell family, asked Maguire whether the school was aware of the suicide and self-harm-related content available to students on sites such as Instagram.

Maguire said: “At the time, we were shocked when we saw it. But to say that we were completely shocked would be wrong because we had been warning young people about the dangers of social media for a long time.”

The deputy headteacher, Rebecca Cozens, who is also head of safeguarding at the school, told the inquest once young people had gone “down the rabbit hole” on social media, it was a “deep one”.

Asked by Sanders whether there was an awareness of the type of material Molly had engaged with, Cozens said: “I don’t think at that time an awareness of the depth of it and how quickly it would snowball … and the intensity then, when you’re going down that rabbit hole it is a deep one.”

On Monday a senior executive at Meta, the owner of Instagram, apologised after acknowledging that Molly had viewed content that breached the platform’s content guidelines. Elizabeth Lagone, the head of health and wellbeing policy at Meta, said: “We are sorry that Molly saw content that violated our policies, and we don’t want that on the platform.”

Last week an executive at Pinterest, another platform Molly interacted with heavily before her death, said the site was not safe when the teenager used it.

The senior coroner, Andrew Walker, told the Russell family he would deliver his conclusions by the end of the week.

  • In the UK, the youth suicide charity Papyrus can be contacted on 0800 068 4141 or email pat@papyrus-uk.org, and in the UK and Ireland Samaritans can be contacted on freephone 116 123, or email jo@samaritans.org or jo@samaritans.ie. In the US, the National Suicide Prevention Lifeline is at 800-273-8255 or chat for support. You can also text HOME to 741741 to connect with a crisis text line counsellor. In Australia, the crisis support service Lifeline is 13 11 14. Other international helplines can be found at befrienders.org

Source link

Continue Reading

Technology

Microsoft to kill off old access rules in Exchange Online • The Register

Voice Of EU

Published

on

Microsoft next month will start phasing out Client Access Rules (CARs) in Exchange Online – and will do away with this means for controlling access altogether within a year.

CARs are being replaced with Continuous Access Evaluation (CAE) for Azure Active Directory, which can apparently in “near-real time” pick up changes to access controls, user accounts, and the network environment and enforce the latest rules and policies as needed, according to a notice this week from Microsoft’s Exchange Team.

That might be useful if suspicious activity is detected, or a user account needs to be suspended, and changes to access need to be immediate.

“Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023,” the advisory read. “We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules.”

CARs is used by Microsoft 365 administrators to allow or block client connections to Exchange Online based on a variety of characteristics set forth in policies and rules.

“You can prevent clients from connecting to Exchange Online based on their IP address (IPv4 and IPv6), authentication type, and user property values, and the protocol, application, service, or resource that they’re using to connect,” according to a Microsoft document from earlier this year.

For example, access can be granted to Exchange resources from specific IP address, and all other clients blocked. Similarly, the system can filter access to Exchange services by department or location, or based on usernames.

Microsoft announced the replacement CAE in January, touting its ability to act fast on account revocation, disablement, or deletion; password or user location changes; the detection of nefarious activity; and other such updates, according to a blog post at the time by Alex Simons, corporate vice president of product management for the Windows giant’s identity and network access division.

“On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy,” Simons wrote. “With CAE, we have introduced a new concept of zero trust authentication session management that is built on the foundation of zero trust principles – verify explicitly and assume breach.”

With this zero-trust focus, session integrity – rather than a set session duration – is what dictates a user’s authentication lifespan, we’re told.

CAE not only aims to give enterprises greater and more immediate control over access and events, but users and managers may appreciate the speed at which changes are adopted, Microsoft claims.

“Continuous access evaluation is implemented by enabling services, like Exchange Online, SharePoint Online, and Teams, to subscribe to critical Azure AD events,” Microsoft added earlier this month. “Those events can then be evaluated and enforced near real time. Critical event evaluation doesn’t rely on Conditional Access policies so it’s available in any tenant.”

Critical events can include a user account being deleted or disabled, a user password is changed or reset, or multifactor authentication is enabled for a user. There also are other events, such as when an administrator explicitly revokes all refresh tokens for a user or a rogue insider is detected by Azure AD Identity Protection.

Finally, for workload identities, CAE enforces token revocation for workloads, among other things, according to Microsoft. ®

Source link

Continue Reading

Technology

EU proposes new liability rules around AI tech to protect consumers

Voice Of EU

Published

on

The current EU rules around product liability are more than 40 years old, meaning they do not cover harm caused by drones and other AI tech.

The European Commission has outlined a set of new proposals to enable people who are harmed by AI tech products to seek and receive compensation.

The proposals were published today (28 September). They are designed to comply with the EU’s 2021 AI Act proposal, which set out a framework for trust in AI-related technology.

Today’s AI Liability Directive aims to provide a clear and comprehensive structure for all Europeans to claim compensation in the event they are harmed by AI tech products, such as drones and robots.

The EU’s directive includes rules for businesses and consumers alike to abide by. Those who are harmed by AI products or tech can seek compensation just as they would if they were in harmed any other way.

The rules will make it easier for people who have been discriminated against by AI technology as part of the recruitment process, for example, to pursue legal action.

An example of harm that may be caused by tech products is data loss. Robots, drones, smart-home systems and other similar digital products must also comply with cybersecurity regulations around addressing vulnerabilities.

The directive builds on existing rules that manufacturers must follow around unsafe products ­– no matter how high or low-tech they are.

It is proposing a number of different strategies to modernise and adapt liability rules specifically for digital products. The existing rules around product liability in the EU are almost 40 years old, and do not cover advanced technologies such as AI.

European commissioner for internal market, Thierry Breton, said that the existing rules have “been a cornerstone of the internal market for four decades”.

“Today’s proposal will make it fit to respond to the challenges of the decades to come. The new rules will reflect global value chains, foster innovation and consumer trust, and provide stronger legal certainty for businesses involved in the green and digital transition.”

Vice-president for values and transparency, Věra Jourová, said that for AI tech to thrive in the EU, it is important for people to trust digital innovation.

She added that the new proposals would give customers “tools for remedies in case of damage caused by AI so that they have the same level of protection as with traditional technologies”. The rules will also “ensure legal certainty” for the EU’s internal market.

As well as consumer protection, the proposals are designed to foster innovation. They have laid down guarantees for the AI sector through the introduction of measures such as the right to fight a liability claim based on a presumption of causality.

The AI Liability Directive will need to be agreed with EU countries and lawmakers before it can become law.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!