Senator Gary Peters (D-MI) has proposed draft legislation to establish a new interagency committee for streamlining and coordinating federal cybersecurity regulations. The aim is to reduce the regulatory burden on industries by making compliance easier. If passed, the Office of the National Cyber Director (ONCD) would lead this committee, with representatives from relevant regulatory agencies. The committee would identify and address inconsistencies and redundancies in current regulations, potentially implementing aligned changes within a year. While some fear the bill’s attempt to centralize authority in ONCD might face challenges from various congressional committees, industry advocates and experts underscore its necessity.

Senate chairman wants new White House-led panel to streamline federal cyber rules therecord.media

The National Institute of Standards and Technology (NIST) has contracted an external vendor to address the backlog of software and hardware vulnerabilities in the National Vulnerability Database (NVD). This backlog emerged after NIST announced cutbacks in February 2023, causing delays in the enrichment and processing of new vulnerabilities. NIST, working with the Cybersecurity and Infrastructure Agency (CISA), aims to resume previous processing rates within a few months and clear the backlog by the end of the fiscal year. NIST's funding decreased by 12% this year, affecting its capacity. To improve the NVD program sustainably, NIST is updating technology and processes and emphasizes the need for automation in vulnerability management. CISA has initiated the “Vulnrichment” effort to enhance the information available on vulnerabilities. Experts and former officials stress that restoring NVD functionality is crucial for maintaining cybersecurity defenses.

NIST expects to clear backlog in vulnerabilities database by end of fiscal year therecord.media

Epic has introduced an open-source AI validation tool suite for health systems to use in validating and monitoring machine learning (ML) models integrated into electronic health records (EHR). This tool automates key aspects of the model validation process, making it more accessible to health systems that may not have extensive data science resources. By enabling local clinicians to assess these models, health systems can ensure that the AI models are safe, effective, and appropriate for their specific patient populations. This decentralization empowers end-users to fine-tune models based on local knowledge and need for real-world healthcare environments, potentially establishing Epic as a central platform in healthcare technology.

Empowering individual health systems to validate AI models Byte to Bedside

Microsoft has raised concerns about an increase in cyber attacks targeting internet-exposed operational technology (OT) devices since late 2023. These attacks can compromise industrial processes by manipulating OT system parameters, leading to malfunctions and outages. Microsoft highlighted the importance of enhancing OT security to prevent exploitation, especially given the devices' vulnerability due to weak passwords and outdated software. Recent geopolitical tensions have further heightened risks, with advisories from Rockwell Automation and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urging protective measures. Additionally, the emergence of malware like Fuxnet demonstrates the destructive potential of such attacks on critical infrastructure.

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices The Hacker News