The federal Transportation Security Administration (TSA) yesterday proposed a rule that would mandate some surface transportation owners and operators, including those running pipelines and railroads, to meet certain cyber risk management and reporting requirements.
The new rule would require:
Owner/operators of pipelines and/or railroads that have a higher cybersecurity risk profiles to establish and maintain a comprehensive cyber risk management program;
Owner/operators that are currently required to report significant physical security concerns to TSA to also report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency; and
Higher-risk pipeline owner/operators to designate a physical security coordinator and report significant physical security concerns to TSA.
"TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation's critical transportation infrastructure," TSA Administrator David Pekoske said in a release. "The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders. We look forward to industry and public input on this proposed regulation."
The notice came a week after a White House representative warned the trucking freight industry that the People’s Republic of China (PRC) has remained the most active and persistent cyber threat to the U.S. government, private sector, and critical infrastructure networks. The briefing came from a member of the administration’s Office of the National Cyber Director, in an address to attendees at the National Motor Freight Traffic Association (NMFTA)’s Cybersecurity Conference.
“In January, the National Cyber Director testified in front of Congress along with colleagues from CISA, NSA, and the FBI about this threat from the PRC, dubbed Volt Typhoon,” speaker Stephen Viña said in his remarks. “Volt Typhoon conducted cyber operations focused not on financial gain, espionage, or state secrets but on developing deep access to our critical infrastructure. This includes the energy sector transportation systems, among many others. A prolonged interruption to these critical services could disrupt our ability to mobilize in the event of a national emergency or conflict and can create panic among our citizens. Ultimately, if trucking stops, America stops.”
The launch is based on “Amazon Nova,” the company’s new generation of foundation models, the company said in a blog post. Data scientists use foundation models (FMs) to develop machine learning (ML) platforms more quickly than starting from scratch, allowing them to create artificial intelligence applications capable of performing a wide variety of general tasks, since they were trained on a broad spectrum of generalized data, Amazon says.
The new models are integrated with Amazon Bedrock, a managed service that makes FMs from AI companies and Amazon available for use through a single API. Using Amazon Bedrock, customers can experiment with and evaluate Amazon Nova models, as well as other FMs, to determine the best model for an application.
Calling the launch “the next step in our AI journey,” the company says Amazon Nova has the ability to process text, image, and video as prompts, so customers can use Amazon Nova-powered generative AI applications to understand videos, charts, and documents, or to generate videos and other multimedia content.
“Inside Amazon, we have about 1,000 Gen AI applications in motion, and we’ve had a bird’s-eye view of what application builders are still grappling with,” Rohit Prasad, SVP of Amazon Artificial General Intelligence, said in a release. “Our new Amazon Nova models are intended to help with these challenges for internal and external builders, and provide compelling intelligence and content generation while also delivering meaningful progress on latency, cost-effectiveness, customization, information grounding, and agentic capabilities.”
The new Amazon Nova models available in Amazon Bedrock include:
Amazon Nova Micro, a text-only model that delivers the lowest latency responses at very low cost.
Amazon Nova Lite, a very low-cost multimodal model that is lightning fast for processing image, video, and text inputs.
Amazon Nova Pro, a highly capable multimodal model with the best combination of accuracy, speed, and cost for a wide range of tasks.
Amazon Nova Premier, the most capable of Amazon’s multimodal models for complex reasoning tasks and for use as the best teacher for distilling custom models
Amazon Nova Canvas, a state-of-the-art image generation model.
Amazon Nova Reel, a state-of-the-art video generation model that can transform a single image input into a brief video with the prompt: dolly forward.
Grocers and retailers are struggling to get their systems back online just before the winter holiday peak, following a software hack that hit the supply chain software provider Blue Yonder this week.
The ransomware attack is snarling inventory distribution patterns because of its impact on systems such as the employee scheduling system for coffee stalwart Starbucks, according to a published report. Scottsdale, Arizona-based Blue Yonder provides a wide range of supply chain software, including warehouse management system (WMS), transportation management system (TMS), order management and commerce, network and control tower, returns management, and others.
Blue Yonder today acknowledged the disruptions, saying they were the result of a ransomware incident affecting its managed services hosted environment. The company has established a dedicated cybersecurity incident update webpage to communicate its recovery progress, but it had not been updated for nearly two days as of Tuesday afternoon. “Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols,” a Blue Yonder spokesperson said in an email.
The timing of the attack suggests that hackers may have targeted Blue Yonder in a calculated attack based on the upcoming Thanksgiving break, since many U.S. organizations downsize their security staffing on holidays and weekends, according to a statement from Dan Lattimer, VP of Semperis, a New Jersey-based computer and network security firm.
“While details on the specifics of the Blue Yonder attack are scant, it is yet another reminder how damaging supply chain disruptions become when suppliers are taken offline. Kudos to Blue Yonder for dealing with this cyberattack head on but we still don’t know how far reaching the business disruptions will be in the UK, U.S. and other countries,” Lattimer said. “Now is time for organizations to fight back against threat actors. Deciding whether or not to pay a ransom is a personal decision that each company has to make, but paying emboldens threat actors and throws more fuel onto an already burning inferno. Simply, it doesn’t pay-to-pay,” he said.
The incident closely followed an unrelated cybersecurity issue at the grocery giant Ahold Delhaize, which has been recovering from impacts to the Stop & Shop chain that it across the U.S. Northeast region. In a statement apologizing to customers for the inconvenience of the cybersecurity issue, Netherlands-based Ahold Delhaize said its top priority is the security of its customers, associates and partners, and that the company’s internal IT security staff was working with external cybersecurity experts and law enforcement to speed recovery. “Our teams are taking steps to assess and mitigate the issue. This includes taking some systems offline to help protect them. This issue and subsequent mitigating actions have affected certain Ahold Delhaize USA brands and services including a number of pharmacies and certain e-commerce operations,” the company said.
Editor's note:This article was revised on November 27 to indicate that the cybersecurity issue at Ahold Delhaize was unrelated to the Blue Yonder hack.
The new funding brings Amazon's total investment in Anthropic to $8 billion, while maintaining the e-commerce giant’s position as a minority investor, according to Anthropic. The partnership was launched in 2023, when Amazon invested its first $4 billion round in the firm.
Anthropic’s “Claude” family of AI assistant models is available on AWS’s Amazon Bedrock, which is a cloud-based managed service that lets companies build specialized generative AI applications by choosing from an array of foundation models (FMs) developed by AI providers like AI21 Labs, Anthropic, Cohere, Meta, Mistral AI, Stability AI, and Amazon itself.
According to Amazon, tens of thousands of customers, from startups to enterprises and government institutions, are currently running their generative AI workloads using Anthropic’s models in the AWS cloud. Those GenAI tools are powering tasks such as customer service chatbots, coding assistants, translation applications, drug discovery, engineering design, and complex business processes.
"The response from AWS customers who are developing generative AI applications powered by Anthropic in Amazon Bedrock has been remarkable," Matt Garman, AWS CEO, said in a release. "By continuing to deploy Anthropic models in Amazon Bedrock and collaborating with Anthropic on the development of our custom Trainium chips, we’ll keep pushing the boundaries of what customers can achieve with generative AI technologies. We’ve been impressed by Anthropic’s pace of innovation and commitment to responsible development of generative AI, and look forward to deepening our collaboration."
A growing number of organizations are identifying ways to use GenAI to streamline their operations and accelerate innovation, using that new automation and efficiency to cut costs, carry out tasks faster and more accurately, and foster the creation of new products and services for additional revenue streams. That was the conclusion from ISG’s “2024 ISG Provider Lens global Generative AI Services” report.
The most rapid development of enterprise GenAI projects today is happening on text-based applications, primarily due to relatively simple interfaces, rapid ROI, and broad usefulness. Companies have been especially aggressive in implementing chatbots powered by large language models (LLMs), which can provide personalized assistance, customer support, and automated communication on a massive scale, ISG said.
However, most organizations have yet to tap GenAI’s potential for applications based on images, audio, video and data, the report says. Multimodal GenAI is still evolving toward mainstream adoption, but use cases are rapidly emerging, and with ongoing advances in neural networks and deep learning, they are expected to become highly integrated and sophisticated soon.
Future GenAI projects will also be more customized, as the sector sees a major shift from fine-tuning of LLMs to smaller models that serve specific industries, such as healthcare, finance, and manufacturing, ISG says. Enterprises and service providers increasingly recognize that customized, domain-specific AI models offer significant advantages in terms of cost, scalability, and performance. Customized GenAI can also deliver on demands like the need for privacy and security, specialization of tasks, and integration of AI into existing operations.
The practice consists of 5,000 professionals from Accenture and from Avanade—the consulting firm’s joint venture with Microsoft. They will be supported by Microsoft product specialists who will work closely with the Accenture Center for Advanced AI. Together, that group will collaborate on AI and Copilot agent templates, extensions, plugins, and connectors to help organizations leverage their data and gen AI to reduce costs, improve efficiencies and drive growth, they said on Thursday.
Accenture and Avanade say they have already developed some AI tools for these applications. For example, a supplier discovery and risk agent can deliver real-time market insights, agile supply chain responses, and better vendor selection, which could result in up to 15% cost savings. And a procure-to-pay agent could improve efficiency by up to 40% and enhance vendor relations and satisfaction by addressing urgent payment requirements and avoiding disruptions of key services
Likewise, they have also built solutions for clients using Microsoft 365 Copilot technology. For example, they have created Copilots for a variety of industries and functions including finance, manufacturing, supply chain, retail, and consumer goods and healthcare.
Another part of the new practice will be educating clients how to use the technology, using an “Azure Generative AI Engineer Nanodegree program” to teach users how to design, build, and operationalize AI-driven applications on Azure, Microsoft’s cloud computing platform. The online classes will teach learners how to use AI models to solve real-world problems through automation, data insights, and generative AI solutions, the firms said.
“We are pleased to deepen our collaboration with Accenture to help our mutual customers develop AI-first business processes responsibly and securely, while helping them drive market differentiation,” Judson Althoff, executive vice president and chief commercial officer at Microsoft, said in a release. “By bringing together Copilots and human ambition, paired with the autonomous capabilities of an agent, we can accelerate AI transformation for organizations across industries and help them realize successful business outcomes through pragmatic innovation.”