Is Arsenal about to be banned in the UK?

Welcome to the May edition of CyberInfo with Dr. Iretioluwa. I bring more AI news, why "arsenal" is illegal in the UK, CyBlack's 2024 Virtual Innovation Summit and more.

May 14, 2024

EU 🤝🏿NIST: NIST, like the EU, joins the AI regulation party

In April, I mentioned that the EU proposed the first-ever legal framework to address the risks of using AI. The National Institute of Standards and Technology (NIST) is sorta “doing an EU”. In April this year, NIST released GenAI, a new program for evaluating generative AI (GenAI) technologies.

Now let’s delve (pardon my AI!) into the story.

What’s even GenAI?

GenAI is an advanced computing technique that generates images, videos, audio, text, and 3D models from trained data. ChatGPT, Microsoft Copilot, and Midjourney are popular GenAI tools commonly used to solve complex problems and generate unique images, audio, and videos.

The sheer convenience, quick responsiveness, and accuracy of GenAI apps have increased their popularity. ChatGPT, for instance, gained over 1 million users within 5 days of launching in November 2022. Barely a year later, Sam Altmam (OpenAI CEO) declared that ChatGPT has 100 million weekly active users. OpenAI (the parent company of ChatGPT) had 180.5 million users and 1.6 billion visits between September 2022 and August 2023.

A graph showing the growth of AI tools between September 2022 and August 2023. The source of the graph is Writerbuddy — The growth of GenAI tools between September 2022 and August 2023. Source: Writerbuddy

Businesses are joining the GenAI train to improve efficiency at a reduced cost. For instance, in March this year, global market intelligence firm IDC revealed that one-fifth of organizations plan to use a chatbot assistant other than Microsoft’s Copilot in 2 years. Likewise, cybersecurity professionals are using the tools to shrink the threat environment, as Deep Instinct revealed that over 6 in 10 organizations use GenAI tools to gain a competitive advantage.

A graph showing the growing adoption of GenAI tools in the next 2 years. IDC is the source of the graph. — The IDC survey shows the adoption of GenAI in the next 2 years. Source: IDC

What’s the issue with GenAI? 🤔

As you probably know, AI is a double-edged sword: it improves collaboration and solves complex problems, but the AI industry is a free-for-all market for security users and bad actors.

Deep Instinct revealed the doubleness of GenAI tools in 2023. On one hand, the survey shows that nearly three-fourths (70%) of security professionals believe GenAI is “positively impacting employee productivity and collaboration.” In another breath, nearly half of security professionals view GenAI as a “disruptive threat.”

Organizations largely believe GenAI tools make them vulnerable to privacy violations, sophisticated phishing attacks, and deep fakes. Speaking of deep fakes, in 2019, the CEO of a UK-based energy firm lost $243,000 after bad actors used AI voice technology to spoof the voice of his German boss. It's no wonder more organizations using GenAI tools reported growing attacks in the past 12 months.

Vulnerability concerns with GenAI tools. Deep Instinct 2023 report about DevSecOps is the source of the report. — Vulnerability concerns with GenAI tools. Source: Deep Instinct

Doing an EU: What is the NIST GenAI?

The NIST GenAI is expected to improve the safety, security, and trustworthiness of AI systems. It'll produce methods to separate between human-generated content and AI-generated materials in various channels (text, audio, image, video, and code). The NIST GenAI will also make it easy to detect the source of fake or misleading information.

The pilot phase of the NIST GenAI program focuses on building systems that can differentiate between human-created and AI-generated texts. To improve GenAI evaluation criteria, NIST is collaborating with the research community to submit “generators” (AI systems that generate content) or “discriminators” (AI systems for identifying AI-generated content).

NIST scheduled May 1 (first round) and August 2024 (second round) as the registration dates for the pilot phase. The final results of the study will be released in February 2025.

Besides the GenAI program, NIST released the following draft documents to manage AI-related risks:

AI Risk Management Framework AI Profile: Generative Artificial Intelligence Profile (NIST AI 600-1).
Secure Software Development Practices for Generative AI and Dual-Use Foundation Models, or the NIST Special Publication (SP) 800–218A.
Reducing Risks Posed by Synthetic Content (NIST AI 100-4).

Arsenal is getting banned in the UK. Here’s why

The UK is cracking down on weak passwords to improve cyber resilience. Starting in April this year, default and easily guessable passwords are illegal on all internet-facing devices, including mobile phones and the Internet of Things in the UK.

The UK made the decision after NordPass, a password manager company, discovered that “123456” and “password” were the most used passwords in the UK in 2023. Sadly for football fans, “arsenal,” “chelsea,” and “liverpool” are some of the most commonly used passwords and will now be banned.

Default passwords typically take less than a second to guess. This means a significant portion of UK citizens are vulnerable to cyber breaches because of poor password hygiene.

Indeed, in 2021, consumer rights group Which? discovered that a home with smart devices will face approximately 12,000 hacking attacks in a week, with over a third of the attempted hacks using weak default usernames and passwords as their malicious entry point.

A table showing the most used passwords in the UK in 2023. NordPass' Top 200 Most Common Passwords is the source of the table. — *The most common passwords in the UK in 2023. Source: NordPass*

The new law expects every manufacturer of internet-connected devices to dissuade UK citizens from using default passwords on their devices. The law is part of the Product Security and Telecommunications Infrastructure Act (PSTIA) objective to secure internet-connected products in the UK.

While the UK is the first country to ban weak passwords, California was the first state to do so in 2018.

Showcase at CyBlack Virtual Innovation Showcase 2024

An image showing the call for submission for CyBlack's Virtual Innovation Showcase 2024 (2nd edition). The summit cover academic and start-up innovations. The submission deadline is June 24, 2024

CyBlack, a non-profit cybersecurity organization, is calling for submissions for the 2024 Virtual Innovation Showcase. The 2024 edition is focused on spotlighting the most innovative research projects and startup ideas from the black community.

The summit is open to members and non-members of CyBlack. The proposed rewards are cash prizes, grants, networking, and mentorship opportunities. The submission deadline is July 24, 2024, while the live event will be held on September 28th, 2024. Check this link for more details about the submission guidelines.

Registration for Cybarik GRC Academy is on

Cybarik, an organization that provides consulting and cybersecurity training services, is accepting applications for its upcoming 3-month long GRC cohort. The application deadline is May 24, 2024, and the training fee is £600 (or its equivalent in your local currency). Click this link to register.

The training will provide the following benefits:

hands-on learning and virtual in-class training
interview preparations and mentorships
free career guidance and interview preparations
free GRC work tools and certificate of completion.
UK work reference.

Also, explore the job titles here if you’re actively searching for a GRC role to build a career in.

That will be all for May. See you in June!

CyberInfo with Dr. Iretioluwa