The Office of Management and Budget (OMB) is seeking outside comment on its draft policy for implementing President Joe Biden’s executive order on AI. The draft calls for federal agencies to designate a chief AI officer and ensure proper testing and safeguards for procured AI solutions. The OMB is accepting comments until December 5. The guidance aims to help agencies manage the risks and harness the benefits of AI. It includes requirements for testing AI systems, creating chief AI officer positions, and implementing risk management practices. Agencies are encouraged to notify individuals impacted by AI-influenced decisions and offer a remedy process.
And I wanted to slip in the analysis by the team at AI Snake Oil for you. Their highlights: The order does not include licensing or liability provisions, which are seen as inimical to openness. It launches a public consultation process to understand the benefits and risks of foundation models with publicly available weights. The order also includes requirements for registering and reporting AI training runs that pose serious security risks. While the order falls short of a total commitment to keeping AI open, it emphasizes defending attack surfaces, promoting competition, and providing incentives for AI development.
And while I’m on the Fed, per reporting in the Washington Post, some industry groups suggest the need for a new office to oversee cyber rules due to the increasing number of conflicting cybersecurity regulations. The Office of the National Cyber Director received significant feedback on the issue, including problems caused by duplicative regulations and recommendations for harmonization. Various sectors, such as railroads and aviation, face challenges with conflicting reporting deadlines and requirements. The lack of clear leadership and coordination in harmonizing the rules is also highlighted. Recommendations include creating an office within the White House to evaluate and align cybersecurity requirements, establishing a federal clearinghouse, and pausing new regulations until existing rules are harmonized.
Why do we care?
If there’s a Chief AI Officer, you know there can also be a virtual chief AI officer.
The feedback I’ve been looking at seems quite positive on the AI developments, and more importantly, they’re moving forward relatively efficiently. Announced, open for comment, and looks like a balance of protections and allowing for innovations.
Should a White House office for cybersecurity be established, MSPs must be ready to navigate the new regulatory environment. Those offering compliance as a service, cyber policy consultancy, or even regulatory change management will need to watch.. and frankly, anyone in security needs to be delivering these.
