Online learning opportunities from IEEE will help you capitalize on the record-high level of investments in technology being made worldwide.

One look at the rapid technological advancements taking place all around us in today’s digital society and the bottom line is clear:  technology doesn’t just fuel business anymore — it is the business.

Such was the conclusion drawn by Deloitte’s 2023 Global Technology Leadership Study, which surveyed nearly 1,200 chief information officers (CIOs), chief technology officers (CTOs), and other senior technology decision-makers worldwide.  While the average technology budget as a percentage of revenue for these companies was 3.64% in 2018, it increased to 5.49% in 2022. Deloitte expects that number to rise to 5.85% in 2024 – an unprecedented 60% increase in just about five years.

Deloitte experts attribute this significant increase in tech investment to pent-up demand for technology during the pandemic. Another factor they identified is the recent dispersion of leadership roles in the corporate tech space, which now authorizes a broader range of leaders beyond just the CIO (such as CTOs, Chief Digital Officers, and Chief Data Officers, to name just a few) to drive tech-related investments. 

A Post-Pandemic Infusion of Funds 

The pandemic, along with its subsequent supply chain issues and shipping delays, served as eye-opening reminders of how dependent many economies were on foreign suppliers for key technologies.  This realization became a major catalyst for the recent spike in tech investment.

In the U.S., for example, The CHIPS (“Creating Helpful Incentives to Produce Semiconductors”) and Science Act, enacted in August 2022, earmarked over US$50 billion for domestic research and manufacturing of semiconductors in America.  It also established a 25% tax credit for capital investments in semiconductor manufacturing.  Since then, the U.S. White House reports that companies have committed over US$231 billion of investments in semiconductor and electronics technology and manufacturing in an effort to boost America’s global competitiveness and make its supply chains more robust and resilient.

The European CHIPS Act, enacted in February 2022, similarly aims to strengthen Europe’s competitiveness and resilience in semiconductors and their various applications.  And there are many more investments as countries around the world consider their own role in the overall semiconductor landscape.

Other Technology Investments

The global rise in tech investments goes way beyond just semiconductors, however. For instance, through its recent investment in electric vehicle brand Ceer — a joint venture between PIF (the Public Investment Fund, a global sustainable investor), Taiwanese-based Foxconn, and BMW — and its new manufacturing plant in King Abdullah Economic City, Saudi Arabia is hoping to enter the electric vehicle (EV)/renewables space and diversify from oil into what it describes as “the industries of tomorrow.”

All of the aforementioned global tech investments aim to attract top talent and create workforce opportunities. However, experts warn that it’s a dream which may not be fully realized based on the current state of the talent pool.

“A lack of talent is a top issue constraining growth,” said the authors of the McKinsey Technology Trends Outlook 2023. This survey of 3.5 million job postings across a variety of tech fields found that there are up to twice as many job postings than qualified applicants for many of the skills in greatest demand. According to the report, this is especially true in such areas as artificial intelligence (AI), cloud computing, semiconductors, quantum technologies, space technologies, and electrification and renewables.

Invest In Your Company’s Growth and Success

With technology changing rapidly and investments in technology being made at record-high levels around the world, organizations need to fill the talent gap with targeted training in order to position their company and workforce for success in the evolving marketplace. Among the best and easiest ways to achieve that is through the broad range of online learning opportunities offered by IEEE.

A variety of studies confirm that online learning is cost-effective (often half the cost of traditional classroom training!), efficient, and convenient.  And according to separate studies by the Research Institute of America and the Association for Talent Development, it’s also associated with higher retention rates as well as greater employee engagement and productivity. Given all of the many advantages of eLearning, there’s never been a better time to invest in your company’s growth and success by participating in these and other online learning opportunities through IEEE.

IEEE eLearning Offerings:

• The IEEE Learning Network — Access hundreds of educational courses through this online learning platform, which offers the latest continuing education in engineering and technology.  From instruction in 5G, the smart grid, and renewable energy to AI, next-generation IoT, current standards, and much more, the IEEE Learning Network (ILN) can help you advance your career, refresh your skills, or just keep you on top of the latest industry trends.
• The IEEE | Rutgers Online Mini-MBA for Engineers — Offered by IEEE in conjunction with New Jersey’s renowned Rutgers Business School, the IEEE | Rutgers Online Mini-MBA for Engineers is an outstanding and convenient program expressly designed for engineers and technology professionals.  The 12-week program covers key topics such as business strategy, managing new product development, analyzing financial statements, intellectual property strategy, sales and marketing, and leadership.  The course offers a robust combination of expert instruction, peer interaction, self-paced video lessons, interactive assessments, live office hours, and a hands-on capstone project experience.

For more information or to register for any or all of our comprehensive collection of online learning opportunities, visit https://innovate.ieee.org/educational-resources/. 

Resources

(9 August 2023).  “One Year after the CHIPS and Science Act, Biden-⁠Harris Administration Marks Historic Progress in Bringing Semiconductor Supply Chains Home, Supporting Innovation, and Protecting National Security.”  White House Briefing.

“European CHIPS Act.”  European Commission.

(26 July 2023).  “Saudi Arabia Drives Towards an Electric Future.”  Public Investment Fund (PIF) News.

“From Tech Investment to Impact:  Strategies for Allocating Capital and Articulating Value.”  Deloitte Insights.

Chui, Michael, Issler, Mena, Roberts, Roger, and Yee, Lareina.  (20 July 2023).  “McKinsey Technology Trends Outlook 2023.”  McKinsey Digital.

Roshi, Ludjon.  (25 February 2023).  “E-Learning Statistics 2023.”  Codeless.

Utah and Connecticut recently joined a growing number of U.S. states – including California, Colorado, and Virginia — passing data privacy laws. These regulations give citizens greater control over their data and empower them to hold organizations that violate the rules accountable. A number of federal governments, including the European Union, China, Brazil, have also passed similar laws.

While the U.S. does not currently have a federal data privacy law, federal regulators are still taking action. The U.S. Justice Department and the Federal Trade Commission recently settled a suit against Twitter over allegations that it misled people over how their phone numbers and email addresses would be used, slapping the social media company with a $150 million USD fine.

Meanwhile, a recent ruling in a $650 million USD class action lawsuit against Facebook found it violated the Illinois’ 2008 biometric privacy law over its handling of facial recognition data. As a result, the social media giant must pay over 1.4 million residents up to $397 USD.

These legal actions are only the beginning. According to CPO Magazine, legislators in at least 27 states in the U.S. have introduced data privacy bills in the last several months.

“By 2024, it’s likely that almost every state will have its own version passed into law,” writes Bill Tolson, Vice President of Global Compliance & eDiscovery at Archive360, in CPO Magazine. “This is getting little to no attention in the business world, and yet it requires serious effort to ensure compliance. Businesses getting prepared now are barely ahead of the curve; those that put it off till the laws hit the market will have to scramble to keep up.”

Data Privacy Professionals Are In High Demand

Data privacy professionals are quickly becoming some of the most in-demand technical professionals in the world today. A recent report from the recruitment company TRU Staffing Partners found a 30% increase in open data privacy jobs, due to a combination of the rise in remote work and the recent proliferation of data privacy laws. In addition to there not being enough data privacy professionals, the report also found a shortage of professionals with the right qualifications. According to CPO Magazine, some key findings from the report include:

• Qualified data privacy professionals have a competitive advantage in the current job market. Whereas it generally took up to six weeks for someone with the right qualifications to get hired after submitting their resume in 2019, it took roughly one week on average in 2021.
• Data privacy professionals typically have a minimum of two job offers at a time. When they are actively looking for a job, this increases to three.
• Privacy professionals have seen a 22% growth in pay (earning about $20,000 – $30,000 USD more in general annually for the same positions). Similar increases are anticipated by 2023.
• About 75% of these positions are in corporations, 20% are in consulting and software companies, and 5% are in the legal industry.

As more governments pass regulations and organizations seek to fill their knowledge gap, now is the perfect time for technical professionals to learn the ins-and-outs of data privacy.

Growing Your Data Privacy Skills

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Ethical transparency is critical to an organization’s success and it must be included in digital environments. Successful digital environments require rigorous ethical standards that incorporate honesty, impartiality, protection, security, and privacy.

AI Standards: Roadmap for Ethical and Responsible Digital Environments provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. Contact an IEEE Content Specialist to learn more about how this program can benefit your organization. Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Bensinger, Greg. (30 May 2022). How Illinois Is Winning in the Fight Against Big Tech. New York Times. 

Casale, Elizabeth; Collum, Christopher; Shreve, James; Sosnicki, Luke. (27 May 2022). Utah and Connecticut enact comprehensive data privacy laws. thompsoncoburn.com. 

Gordon, Marcy. (25 May 2022). Twitter to pay $150M penalty over privacy of users’ data. ABC News.

Sauer, Megan. (25 May 2022). Some Facebook users are receiving $397 checks over data privacy violations—and these tech companies could be next. CNBC. 

Tolson, Bill. (20 May 2022). Data Privacy Conundrum: When Different States Play by Different Rules. CPO Magazine. 

Ikeda, Scott. (9 May 2022). Data Privacy Jobs Report Shows Demand for Privacy Pros at Record High Thanks to Complex Regulatory Requirements, Mass Migration to Cloud Services. CPO Magazine. 

A number of new laws – recently passed in Europe, China, the U.S., and Brazil – are presenting an urgent need for organizations to develop data privacy policies. Not only are these laws creating compliance concerns, they are also compelling organizations to start embracing data privacy as a core value.

How Can Organizations Establish Data Privacy Policies As A Core Value?

According to Kevin Shepherdson, CEO and Founder of Straits Interactive, a leading data privacy consultancy in Singapore, transformation around data privacy needs to start with an organization’s leadership. Senior leaders need to clarify that their organizations take data privacy seriously. They should provide the necessary resources to institute a data protection management program (DPMP). This also should include training their staff around such programs.

“We often see data breaches being described as ‘human error’, which is unacceptable to regulators and should not happen where there is sufficient staff training and strong ‘tone at the top,’” Shepherdson writes in CPO Magazine. “As important as initiating the DPMP is sustaining it. The organization must maintain compliance efforts by educating stakeholders about its data protection policies. This includes conducting regular data privacy audits and regular risk assessments.”

How Can Organizations Successfully Implement a Data Privacy Program?

Stu Sjouwerman, founder and CEO of KnowBe4, which develops security awareness training and simulated phishing platforms, offers the following four recommendations for organizations that want to implement a successful data privacy program, which he originally outlined in Security Magazine:

1. Be inclusive of every department in your organization: Data security impacts every facet of your organization. Each department likely processes data in its own way, so it’s important to include each department, process, and vendor in your data privacy plans.
2. Track your practices using documentation: Documenting your data privacy practices as you go along will give you valuable perspective into how your practices deliver value and risk. “Map out your entire data lifecycle (using data flow diagrams) and the process each department uses to collect, store, access, use and share consumer data,” writes Sjouwerman. “Outline the organization’s legal and contractual obligations and the process with which end users can manage their privacy rights.”.
3. Go Beyond Compliance: Organizations have a tendency to see legal and compliance obligations as “a checklist of items that need to be crossed.” According to Sjouwerman, this is a common mistake. Instead, he suggests looking at privacy as your users’ fundamental right. Your organization’s compliance practices must work to uphold this right.
4. Continuously re-assess your data privacy practices: No organization stays the same. Departments, processes, vendors, products, and people change over time. As such, it’s important to regularly assess your data privacy practices to ensure they are evolving with your organization. According to Sjouwerman, this involves undergoing a Data Protection Impact Assessment. He says this will help “identify risks proactively and reduce the likelihood of any impact to the organization or its customers.”

With data privacy laws becoming more common, privacy policies are no longer a consideration – they are a necessity. Is your organization equipped with the knowledge to implement a successful data privacy program?

Data Privacy by Design

Privacy has emerged to be a critical aspect of our increasingly digitized world. Technological innovations are progressively becoming more intrusive into our personal lives attempting to extract sensitive personal information. This is often detrimental to an individual when any breach or spillage of data leads to a severe impact such as financial loss or identity theft.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program. It provides a framework on how to operationalize privacy in an organizational context. It also covers how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Resources

Sjouwerman, Stu. (22 March 2022). Data privacy in 2022: Four recommendations for businesses and consumers. Security Magazine.

Shepherdson, Kevin. (18 March 2022). Data Privacy in 2022: Navigating the Ever-shifting Terrain. CPO Magazine.

As the 2022 Winter Olympics began, so too did increased concerns over security. While no threats have been detected so far, the FBI has warned that various cyber criminals could try to take advantage of the Olympics. Their aim may be to “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals,” Tech Radar reported. 

Among the FBI’s major concerns is that these potential attacks could result in breaches to Olympic participants’ and workers’ personal information. The agency warned those involved to use a VPN and consistently monitor networks and endpoints. Furthermore, they should review security policies, user agreements, and patching procedures.

Organizations Fined Under the European Union’s General Data Protection Regulation (GDPR)

As we reported in a previous post, European agencies are issuing hefty fines on organizations they claim are failing to comply with the GDPR. In January, France’s data protection agency, the Commission Nationale de l’Informatique et des Libertés, fined Google and Facebook $210 million USD for allegedly violating the GDPR. Later, Austria’s Data Protection Authority found that the use of Google Analytics violates the GDPR. 

Given the widespread use of Google Analytics, this decision is expected to have a far-reaching and powerful impact. According to the International Association of Privacy Professionals (IAPP), the decision is the first of 101 complaints filed across EU nations by NOYB, an advocacy organization. 

The group alleges that the companies’ use of Google Analytics was not in line with the requirements for the Court of Justice of the European Union’s “Schrems II” ruling on data transfers. (Declared in July 2020, that decision invalidated the EU-U.S. Privacy Shield agreement. This is a framework for regulating transatlantic transfers of personal data for commercial use between the United States and the EU.)

According to the ruling, Google is collecting and transferring users’ personal data to the U.S. without shielding data from U.S. government surveillance. It also found that steps taken by the company to protect users, such as data encryption, were not enough. Some experts fear the decision could make legal data transfer between continents difficult, if not impossible. 

“In the absence of a breakthrough in Privacy Shield negotiations, data transfers – and consequently international trade – between the EU and U.S. face a bleak future,” says IAPP Senior Fellow Omer Tene. 

More Organizations Fined

The IAPP also reported that Belgium’s Data Protection Authority recently slapped IAB Europe, an association for the digital marketing and advertising ecosystem, with a €250,000 fine. The authority is claiming that IAB’s Transparency and Consent Framework (TCF), followed by many advertisers in the EU, does not comply with the GDPR. Among its accusations, the authority has claimed that IAB Europe acted as a data controller, which the organization denies. It also accused IAB Europe of failing to comply with a number of requirements under the GDPR. These include appointing a data protection officer, establishing a legal basis for processing, and performing a data protection impact assessment. IAB Europe has just two months to show that its framework is compliant with the rules. On 11 February, IAB Europe confirmed that it will appeal the ruling.

While data privacy laws can be confusing, one thing is clear: organizations that fail to comply with them can expect big penalties. Is your organization ready to deal with these new laws?

Data Privacy Engineering

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program. It provides a framework on how to operationalize privacy in an organizational context. It also covers how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Ethical transparency is critical to an organization’s success and it must be included in digital environments. Successful digital environments require rigorous ethical standards that incorporate honesty, impartiality, protection, security, and privacy.

AI Standards: Roadmap for Ethical and Responsible Digital Environments provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. Contact an IEEE Content Specialist to learn more about how this program can benefit your organization. Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Fadilpasic, Sead. (2 February 2022). FBI warns Beijing Winter Olympics could be a big target for cyberattacks. TechRadar.

Bryant, Jennifer. (2 February 2022). Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations. IAPP.

Bryant, Jennifer. (20 January 2022). Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’. IAPP.

(11 February 2022). IAB Europe to Appeal Belgian Data Protection Authority Ruling. IAB Europe.

Since 2020, waves of ransomware attacks have battered both private and government sectors. To combat this, the U.S. government has released a strategy aimed at pushing federal agencies to boost their cyber security efforts. 

According to CNN, the plan aims to integrate a “zero-trust” approach to cyber security, a philosophy which dictates that a network should trust nothing outside its confines. Under this approach, federal employees will have to go through numerous layers of security to sign into agency networks. It will also require organizations to keep a complete inventory of electronic devices on their networks.

The plan, announced in a memo by the Office of Management and Budget at the end of January, comes on the heels of a cyber security executive order signed by U.S. President Joe Biden in May 2021. Agencies will have until the end of 2024 to meet these requirements. 

The U.S. government is also taking steps to secure the country’s water supply, which, according to The Washington Post, spans 150,000 water utilities. As reported by ZDNet, the Industrial Control Systems Cybersecurity Initiative — Water and Wastewater Sector Action Plan will set up a leadership task force from across the water utility industry, launch incident monitoring pilot programs, enhance information sharing, and offer technical support to water systems that need assistance. 

Survey Finds Three Major “Perception” Gaps Between Security-Focused Executives

The private sector is also taking steps to prioritize cyber security. However, according to the Global Cybersecurity Outlook 2022, which surveyed more than 120 global cyber leaders, there are some differences in how security-focused executives perceive cyber security matters within their organizations. According to the World Economic Forum, these “perception gaps” include: 

1. How much cyber security is prioritized in business decisions:
While 92% of surveyed business executives thought cyber security is “integrated into enterprise risk management strategies,” only 55% of security-focused executives agreed.

2. Obtaining cyber security support from leadership:
While 84% of respondents said cyber resilience is seen as a business priority in their organization that is supported and directed by leadership, only 68% saw it as a major component of their risk management. Many leaders charged with cyber security reported they were not being consulted on business decisions. This disconnect could become a problem that could detrimentally affect security. 

3. Recruiting and retaining cyber security professionals:
59% of respondents said it would be challenging to respond to a cyber security incident due to their teams lacking skills. As such, most respondents saw recruiting and maintaining talent as their biggest challenge. However, business executives seemed “less acutely aware” of the gap between the skills possessed by staff and the skills needed. 

Given these findings, executives should take steps to ensure they are incorporating the perspectives of their cyber security leadership in business decisions, and should also ensure they are prioritizing cyber security in all aspects of their decision making. 

Improving Cyber Security in Your Organization

Are you facing perception gaps that are hindering your cyber security practices? What are your cyber security resolutions for the coming year and beyond? Having the proper tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact an IEEE Account Specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

Resources

Lyngaas, Sean. (26 January 2022). White House attempts to strengthen federal cybersecurity after major hacks. CNN.

Bissell, Kelly and Pipikaite, Algirde. (18 January 2022). What you need to know about cybersecurity in 2022. World Economic Forum.

When it comes to personal data, individuals and governments alike are becoming more privacy conscious, and it’s not hard to see why. Cyber attacks ensnaring government and private organizations, such as those launched against SolarWinds and Colonial Pipeline, are becoming more frequent. Meanwhile, organizations are increasingly storing data in the cloud, where potential hackers have more opportunities to steal it. (Since 2020, about half of all corporate data has transitioned to cloud storage, a trend that is expected to accelerate, according to the statistics portal Statista). Furthermore, many websites and apps secretly collect users’ data. According to Pew Research, 79% of U.S. consumers say they are worried about how organizations are using their information, such as sharing it with advertisers and other third-parties without their knowledge. 

Regulators Are Taking Action

In Europe, the General Data Protection Regulation (GDPR) now dictates how governments must protect their citizens’ privacy and hands greater control of personal data over to individuals. While there is no federal law in the U.S. that protects data privacy, a number of states have begun hammering out their own laws to fill the void. As of last year, the California Consumer Privacy Act requires organizations to give Californians greater control over their personal data. In March, Virginia passed a similar law dubbed the Consumer Data Protection Act. Other states have passed similar measures. (See the full list here). 

A group of U.S. senators recently proposed a bill to protect consumer data privacy, signaling that the country may soon pass federal legislation affecting all 50 states. If passed, the Social Media Privacy Protection and Consumer Rights Act would require websites to give users greater control over their data and let them opt out of data tracking and collection. It would also require companies to list their terms of service in easy to understand language. They would also be obligated to notify users within 72 hours if their data is hacked. 

“This legislation will protect and empower consumers by allowing them to make choices about how companies use their data and inform them of how they can protect personal information,” Senator Amy Klobuchar, one of the bill’s sponsors, told The Verge in a statement. 

How Can Your Organization Prepare for Data Privacy Regulations?

Knowing that data privacy regulations are on the horizon, some major technology companies are already shifting their privacy models. Last month, Apple announced the release of a new option for iPhone users that lets them opt out of being tracked across apps. Only about 3% of users chose to be tracked, revealing that data privacy is valuable to a vast majority of users. Similarly, Google recently announced new privacy controls that include allowing users to erase the last fifteen minutes of their search history and reminders for mobile users that their location is being tracked. 

While data privacy laws are evolving, there are measures organizations can start taking now to prepare:

• Make sure your organization is complying with all applicable industry regulations concerning data privacy and communicate to your users how you are doing this. 
• Proactively communicate with your users. If there is an issue or breach affecting their data, immediately explain the problem. The explanation should include all details related to the incident, as well as any steps users need to take to resolve the issue. To provide additional reassurance, explain how your organization plans to avoid such issues going forward. 
• Give your users greater control over their data. For example, adopting client-side encryption–where data is encrypted on the user’s device–is a way to help keep personal data private. Additionally, if your organization experiences a major security breach, the intruders will not be unable to decipher client-side encrypted data. Not only will this help protect users’ privacy, it will also maintain their trust. 

It’s no longer a question of whether data privacy laws are coming, but when. By taking steps to protect users’ privacy and giving them greater control over their data now, your organization can quickly adapt to regulations and build loyalty among users. 

Data Privacy Training for Your Organization

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Resources

Magnuson, Beth. (29 May 2021). Data privacy vs. innovation: The new rules of the road. Venture Beat. 

Kelly, Makena. (20 May 2021). Senators roll out bipartisan data privacy bill. The Verge. 

Taylor, Josh. (19 May 2021). ‘Privacy by design’: Google to give people more power over their personal data.  The Guardian. 

Carder, James. (17 May 2021). Data Protection in a Post-COVID World: How Organizations Can Prepare For a Security-First Future. CPO Magazine.

As artificial intelligence (AI) systems are built on larger and larger quantities of data, the potential threat that they can pose to the public also grows. For example, automated systems could be equipped with biased algorithms that discriminate against women and minority groups. Additionally, AI-based software, such as facial recognition technology, can jeopardize the privacy of millions of people. To get ahead of the problem, governments are beginning to regulate rapidly advancing AI. Organizations that develop these systems will eventually be required to comply. 

In Europe, a law known as the General Data Protection Regulation (GDPR) oversees data privacy for EU citizens and residents. While the United States has yet to pass specific AI regulations, the country is expected to begin rolling out state and federal regulations in the coming years. One example is the Algorithmic Accountability Act, which would mandate that organizations examine and repair potentially harmful flaws in computer algorithms. Similar to the General Data Privacy Regulation (GDPR), the Algorithmic Accountability Act would make impact assessments mandatory for automated decision and information systems that are high risk. 

Additionally, many businesses are taking steps to establish their own AI standards. These efforts ensure their systems are ethical and safe, as well as protect them from potential liability. 

Here are four expert-recommended principles organizations can consider for their AI standards.

What Should AI Standards Include?

Transparency:

Huma Abidi, senior director of AI software products at Intel, recommends that AI developers define and create clear, quantifiable standards. These should include processes that can be measured in terms of quality and robustness. She told Venture Beat that ethical AI systems should be “fair, transparent, [and] explainable.”

One example is a paper titled “Datasheet for Datasets.” The paper focuses on a standardized process for machine learning. It documents datasets, which state that “every dataset [should] be accompanied with a datasheet.” This datasheet documents its motivation, composition, collection process, recommended uses, and so on.” Another example is a machine learning documentation project called “Model Cards for Model Reporting.” The paper explains: “Model cards also disclose the context in which models are intended to be used, details of the performance evaluation procedures, and other relevant information.”

According to Abibi, these “basic principles” should be built into workflows.

“My point is that like any other software product, you want to make sure it’s robust and all that. However, for AI, you especially—besides having standards and processes—you need to add these additional things,” she told Venture Beat.

A cautious, iterative approach to AI development:

According to Rashida Hodge, VP of North America Go-to-Market, Global Markets, at IBM, businesses should develop cautious, iterative approaches to AI development. The process should include a lifecycle that forces organizations to return to it regularly as the data evolves. They should tailor their AI models to any changes as necessary.

“Just like how we as humans process information and process nuance, as we read more information, as we go visit a different place, we have different perspectives. And we bring nuance to how we make decisions; we should look at AI applications in the exact same way,” Hodge told Venture Beat.

Oversight:

Organizations should avoid siloing their analytics teams. This can inadvertently lead to “analytic city states” that make streamlining technology and ideas challenging. Scott Zoldi, Chief Analytics Officer at FICO recommends organizations appoint a single chief analytic officer. This officer would be responsible for creating and enforcing organizational standards.

“You can safely build more houses when you don’t have to draft a new building code for every house. Likewise, you shouldn’t have to worry about rolling the dice as to which artist will be building your model,” Zoldi wrote in Enterprise AI News.

Professionalization:

It’s important that everyone in an organization is aware of how their job impacts AI development, even if their role is small. As discussed in a previous post, “tactics of professionalization” is one way organizations can standardize AI development broadly across their enterprises. According to these principles, AI developers should set up committed multidisciplinary teams. They should train all their employees and clearly define who within the organization is accountable for the consequences of their AI systems.

Establishing AI Standards for Your Organization

Artificial intelligence continues to spread across various industries, including healthcare, manufacturing, transportation, and finance among others. It’s vital to keep in mind rigorous ethical standards designed to protect the end-user when leveraging these new digital environments. AI Standards: Roadmap for Ethical and Responsible Digital Environments, is a new five-course program from IEEE that provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. 

Contact an IEEE Content Specialist to learn more about how this program can benefit your organization.

Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Colaner, Seth. (3 January 2020). Evolve: Operationalizing diversity, equity, and inclusion in your AI projects. Venture Beat. 

Brumfield, Cynthia. (8 December 2020). New AI privacy, security regulations likely coming with pending federal, state bills. CSO.

Lucini, Fernando. (24 September 2020). Getting AI results by “going pro.” Accenture Research Report.

Zoldi, Scott. (6 November 2020). It’s Time To Set Industry Standards for AI. Enterprise AI.

Currently, 200 million digitally “connected vehicles” are traversing the world’s roadways, according to a recent white paper from the 5G Automotive Association (5GAA). By 2024, real-time traffic updates will be possible thanks to road infrastructure that will be digitally connected. By 2026, advanced vehicle-to-vehicle (V2V) capabilities will help bring automated vehicles another step closer to reality.

Today’s vehicles contain more software than ever before, as well as a constellation of automotive systems in their power locks, brakes, windows, entertainment, steering, and other features. Future vehicles will come equipped with advanced autonomous capabilities and driver-assistance systems (ASAD) that will make them even more complex. 

These developments are happening rapidly. According to the research firm Frost & Sullivan, over 18 million new autonomous vehicles will be road-ready by the end of the decade. However, without appropriate regulations and advanced security features, these vehicles can become easy prey for hackers. With this in mind, many governments and automakers have already begun to take cyber security seriously. 

Standards and Regulations

The United Nations Economic Commission for Europe (UNECE) is in the process of developing automotive cybersecurity regulations. Known as WP.29, the regulation would enhance cyber security and software updates in vehicles. It will be mandatory for all vehicle manufacturers in the European Union beginning July 2024. While manufacturers in Korea and Japan have agreed to comply with WP.29 within their own timelines, manufacturers in North America won’t be required to adhere to them.

Additionally, the International Organization for Standardization (ISO) is working on ISO/SAE 21434, a standard that aims to establish “cyber security by design” from the initial phase of a vehicle’s design. The organization is also working to establish ISO 24089, a standard that would regulate software updates in vehicles.

Five Top Cyber Security Threats for Automakers

In order to ensure their designs are safe from cyber security threats, vehicle manufacturers have five main concerns they will need to consider, according to Security Intelligence. These include:

1. Complexity: Future vehicles will come equipped with interconnected architectures containing embedded telecommunications that will make them challenging to secure.
2. Attacks on the power grid: Recently, research has demonstrated that it would be possible for hackers to disrupt the power grid or trigger a blackout by attacking multiple electric vehicles that are charging at the same time. To prevent this, standards will need to be developed that require vehicles to undergo testing and come equipped with cyber security features.
3. Mobile devices: Increasingly, mobile phones are being used to control the various functions and features of connected vehicles such as windshield wipers, locks, and heat/air-conditioning. These devices pose a range of security threats, such as when a user inadvertently downloads malware, fails to update their operating system, or has a faulty password. If a hacker manages to take control of their phone, it wouldn’t be difficult for them to take control of the vehicle.
4. Untrained employees: In order to ensure cybersecurity is secure across all facets of a vehicle’s design, every employee engaged in the design process must be adequately trained in cyber security.
5. Securing financial features: Since many hackers will likely be motivated to steal financial information from drivers, special attention must be given to financial security features such as payment for fuel, tolls, and subscriptions.

Change is often difficult, but vehicle manufacturers will need to adjust to international regulations and standards in order to gain the public’s trust. By getting a head start in the process now, they can ensure their vehicles are safe when they’re ready to hit the roads.

Protecting Vehicles

As the automotive industry continues to work on intelligent and autonomous vehicles, there is a need to better comprehend the safety and security of this connected technology. Automotive Cyber Security: Protecting the Vehicular Network is a five course program that aims to foster the discussion on automotive cyber security solutions and requirements for not only intelligent vehicles, but also the infrastructure of intelligent transportation systems.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization. 

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Dhami, Indy. (2 October 2020). Top 5 Threat Vectors in Connected Cars and How to Combat Them. Security Intelligence. 

Grau, Alan. (28 September 2020). Cybersecurity is Imperative for Connected Cars. Electronic Design.

Kohler, Arndt. (24 September 2020). Automotive Cybersecurity: New Regulations in the Auto Industry. Security Intelligence. 

O’Halloran, Joe. (10 September 2020). Connected vehicle association makes call for wireless spectrum to develop use cases. ComputerWeekly.com.