The US government’s cybersecurity agency CISA has rolled out a series of guidelines aimed at beefing up the safety and security of critical infrastructure against AI-related threats.
The newly released guidelines categorize AI risks into three significant types: the utilization of AI in attacks on infrastructure, targeted assaults on AI systems themselves, and failures within AI design and implementation that could jeopardize infrastructure operations.
The CISA guidelines advocate a four-part mitigation strategy that centers on a robust organizational culture centered around AI risk management.
The organization culture, CISA argues, must emphasize the importance of safety and security outcomes, promote radical transparency, and create structures that prioritize security as a core business directive.
The guidelines also call for a focus on mapping where organizations develop a deep understanding of each entity’s unique AI usage context and risk profile to tailor risk evaluation and mitigation efforts effectively.
The cybersecurity agency, which is housed in the Department of Homeland Security (DHS), is also pushing for the implementation of systems to assess, analyze, and continuously monitor AI risks and their impacts, utilizing repeatable methods and measurable metrics.
The guidelines calls on management to act decisively on identified AI risks to enhance safety and security, ensuring that risk management controls are implemented and maintained to optimize the benefits of AI systems while minimizing adverse effects.
 Digging a bit deeper, CISA is categorizing the threat into three distinct types:Advertisement. Scroll to continue reading.

Attacks Using AI:  The use of AI to enhance, plan, or scale physical attacks on, or cyber compromises of, critical infrastructure.
Attacks Targeting AI Systems: Targeted attacks on AI systems supporting critical infrastructure.
Failures in AI Design and Implementation: Deficiencies or inadequacies in the planning, structure, implementation, or execution of an AI tool or system leading to malfunctions or other unintended consequences that affect critical infrastructure operations.

 “Although these guidelines are broad enough to apply to all 16 critical infrastructure sectors, AI risks are highly contextual. Therefore, critical infrastructure owners and operators should consider these guidelines within their own specific, real-world circumstances,” the agency said.
Related: SecurityWeek AI Risk Summit — June 25-26, Half Moon Bay, CA
Related: Biden, Harris Meet With CEOs About AI Risks
Related: Security Experts Describe AI Technologies They Want to See
Related: First Major Attempts to Regulate AI Face Headwinds From All Sides

If it feels like TikTok has been around forever, that’s probably because it has, at least if you’re measuring via internet time. What’s now in question is whether it will be around much longer and, if so, in what form?
Starting in 2017, when the Chinese social video app merged with its competitor Musical.ly, TikTok has grown from a niche teen app into a global trendsetter. While, of course, also emerging as a potential national security threat, according to U.S. officials.
On Wednesday, President Joe Biden signed legislation requiring TikTok parent ByteDance to sell to a U.S. owner within a year or to shut down. It’s not clear whether that law will survive an expected legal challenge or that ByteDance would agree to sell.
Here’s how TikTok came to this juncture:
March 2012
ByteDance is founded in China by entrepreneur Zhang Yimin. Its first hit product is Toutiao, a personalized news aggregator for Chinese users.
July 2014
Startup Musical.ly, later known for an eponymous app used to post short lipsyncing music videos, is founded in China by entrepreneur Alex Zhu.Advertisement. Scroll to continue reading.
July 2015
Musical.ly hits #1 in the Apple App Store, following a design change that made the company’s logo visible when users shared their videos.
2016
ByteDance launches Douyin, a video sharing app for Chinese users. Its popularity inspires the company to spin off a version for foreign audiences called TikTok.
November 2017
ByteDance acquires Musical.ly for $1 billion. Nine months later, ByteDance merges it with TikTok.
Powered by an algorithm that encourages binge-watching, users begin to share a wide variety of video on the app, including dance moves, kitchen food preparation and various “challenges” to perform, record and post acts that range from serious to satirical.
February 2019
Rapper Lil Nas X releases the country-trap song “Old Town Road” on TikTok, where it goes viral and pushes the song to a record 17 weeks in the #1 spot on the Billboard Hot 100 chart. The phenomenon kicks off a wave of TikTok videos from musical artists who suddenly see TikTok as a critical way to reach fans.
TikTok settles federal charges of violating U.S. child-privacy laws and agrees to pay a $5.7 million fine.
September 2019
The Washington Post reports that while images of Hong Kong democracy protests and police crackdowns are common on most social media sites, they are strangely absent on TikTok. The same story notes that TikTok posts with the #trump2020 tag received more than 70 million views.
The company insists that TikTok content moderation, conducted in the U.S., is not responsible and says the app is a place for entertainment, not politics.
The Guardian reports on internal documents that reportedly detail how TikTok instructs its moderators to delete or limit the reach of videos touching on topics sensitive to China such as the 1989 Tiananmen Square protests and subsequent massacre, Tibetan independence or the sanctioned religious group Falun Gong.
October 2019
U.S. politicians begin to raise alarms about TikTok’s influence, calling for a federal investigations of its Musical.ly acquisition and a national security probe into TikTok and other Chinese-owned apps. That investigation begins in November, according to news reports.
December 2019
The Pentagon recommends that all U.S. military personnel delete TikTok from all phones, personal and government-issued. Some services ban the app on military owned phones. In January, the Pentagon bans the app from all military phones.
TikTok becomes the second-most downloaded app in the world, according to data from analytics firm SensorTower.
May 2020
Privacy groups file a complaint alleging TikTok is still violating U.S. child-protection laws and flouting a 2019 settlement agreement. The company “takes the issue of safely seriously” and continues to improve safeguards, it says.
TikTok hires former Disney executive Kevin Mayer as its chief executive officer in an apparent attempt to improve its U.S. relations. Mayer resigns three months later.
July 2020
India bans TikTok and dozens of other Chinese apps in response to a border clash with China.
President Donald Trump says he is considering banning TikTok as retaliation for China’s alleged mishandling of the COVID-19 pandemic.
August 2020
Trump issues a sweeping but vague executive order banning American companies from any “transaction” with ByteDance and its subsidiaries, including TikTok. Several days later, he issues a second order demanding that ByteDance divest itself of TikTok’s U.S. operations within 90 days.
Microsoft confirms it is exploring acquisition of TikTok. The deal never materializes; neither does a similar overture from Oracle and Walmart. TikTok, meanwhile, sues the Trump administration for alleged violation of due process in its executive orders.
November 2020
Joe Biden is elected president. He doesn’t offer new policy on TikTok and won’t take office until January, but Trump’s plans to force a sale of TikTok start to unravel anyway. The Trump administration extends the deadlines it had imposed on ByteDance and TikTok and eventually lets them slide altogether.
February 2021
Newly sworn-in President Joe Biden postpones the legal cases involving Trump’s plan to ban TikTok, effectively bringing them to a halt.
September 2021
TikTok announces it has more than a billion monthly active users.
December 2021
A Wall Street Journal report finds TikTok algorithms can flood teens with a torrent of harmful material such as videos recommending extreme dieting, a form of eating disorder.
February 2022
TikTok announces new rules to deter the spread of harmful material such as viral hoaxes and promotion of eating disorders.
April 2022
“The Unofficial Bridgerton Musical,” a project created by two fans of the Netflix show as a TikTok project, wins the Grammy for Best Musical Theater Album.
TikTok becomes the most downloaded app in the world, beating out Instagram, according to SensorTower data.
June 2022
BuzzFeed reports that China-based ByteDance employees have repeatedly accessed the nonpublic information of TikTok users, based on leaked recordings from more than 80 internal TikTok meetings. TikTok responds with a vague comment touting its commitment to security that doesn’t directly address the BuzzFeed report.
TikTok also announces it has migrated its user data to U.S. servers managed by the U.S. tech firm Oracle. But that doesn’t prevent fresh alarm among U.S. officials about the risk of Chinese authorities accessing U.S. user data.
December 2022
FBI Director Chris Wrap raises national security concerns about TikTok, warning that Chinese officials could manipulate the app’s recommendation algorithm for influence operations.
ByteDance also said it fired four employees who accessed data on journalists from Buzzfeed News and The Financial Times while attempting to track down leaks of confidential materials about the company.
February 2023
The White House gives federal agencies 30 days to ensure TikTok is deleted from all government-issued mobile devices. Both the FBI and the Federal Communications Commission warn that ByteDance could share TikTok user data with China’s authoritarian government.
March 2023
Legislators grill TikTok CEO Shou Zi Chew at a six-hour congressional hearing where Chew, a native of Singapore, attempts to push back on assertions that TikTok and ByteDance are tools of the Chinese government.
January 2024
TikTok said it was restricting a tool some researchers use to analyze popular videos on the platform.
March 2024
A bill to ban TikTok or force its sale to a U.S. company gathers steam in Congress. TikTok brings dozens of its creators to Washington to tell lawmakers to back off, while emphasizing changes the company has made to protect user data. TikTok also annoys legislators by sending notifications to users urging them to “speak up now” or risk seeing TikTok banned; users then flood congressional offices with calls.
The House of Representatives passes the TikTok ban-or-sell bill.
April 2024
The Senate follows suit, sending the bill to President Biden, who signs it.

Apr 29, 2024NewsroomMobile Security / Hacking
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year.
The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.
“In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes,” Google’s Steve Kafka, Khawaja Shams, and Mohet Saxena said.
“To help safeguard user privacy at scale, we partnered with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting 790K+ apps.”

In comparison, Google fended off 1.43 million bad apps from being published to the Play Store in 2022, alongside banning 173,000 bad accounts over the same time period.
In addition, the Mountain View-based firm said it strengthened its developer onboarding and review processes, requiring them to furnish more identity information and complete a verification process when setting up their Play Console developer accounts.
This, the company noted, enables it to better understand the developer community and root out bad actors from gaming the system to propagate malicious apps.
The development comes as Google is taking a series of steps to secure the Android ecosystem. Last November, it moved the App Defense Alliance (ADA), which it launched in November 2019, under the Linux Foundation umbrella, with Meta and Microsoft joining as the founding steering members.
Around the same time, the company also rolled out real-time scanning at the code level to tackle novel Android malware and an “Independent security review” badge in the Play Store’s Data safety section for VPN apps that have undergone a Mobile Application Security Assessment (MASA) audit.

On the user-facing side of things, Google has also taken the step of taking down approximately 1.5 million applications from the Play Store that do not target the most recent APIs.
Google’s ongoing fight to tackle malicious actors on Android coincides with a lawsuit filed by the company in the U.S. against two China-based fraudsters who are alleged to have engaged in an international online consumer investment fraud scheme and tricked users into downloading fake apps from the Play Store and other sources and ultimately stealing their funds.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.