Let’s do some legislation and regulation.
The Biden administration plans to hold the software industry accountable for insecure software by pursuing a liability framework. The goal is to shift the security burden from technology users to the companies that build it. The administration aims to incentivize long-term investment in cybersecurity and resilience rather than open the industry to lawsuits. The Office of the National Cyber Director has engaged software developers and plans to expand outreach to include consumer advocates and critical infrastructure providers. The pursuit of software liability was included in the cybersecurity posture report.
A bipartisan group of senators has published a 31-page “road map” for regulating artificial intelligence (AI), calling for increased federal spending in AI research and development and legislation to address AI harms, protect elections, and mitigate risks in sectors like healthcare and housing. While AI companies continue to advance their technologies, the senators aim to pursue a piecemeal approach, focusing on urgent AI issues and passing bills as they become ready. The senators are confident that some AI bills can pass the Senate by the end of the year, with ongoing work on AI regulation expected in the next Congress.
A Senate study proposes allocating at least $32 billion annually for AI programs in the United States, covering areas such as infrastructure, national security risk assessments, and AI research and development. The report outlines various recommendations, including cross-government collaboration, AI hardware and software funding, AI grand challenges, and cybersecurity in elections. While the document serves as a roadmap rather than a detailed policy proposal, it highlights the importance of investing in AI to maintain competitiveness with other countries.
For context, according to a Politico poll, most Americans support AI data regulations. The poll found that 60% of respondents believe AI companies should not be able to train on public data freely, and nearly three-quarters think companies should compensate the creators of that data. Additionally, 78% of respondents believe there should be regulations on using public data to train AI models.
A House bill calls on the Cybersecurity and Infrastructure Security Agency (CISA) to establish an internal task force that addresses safety and security concerns related to artificial intelligence (AI). The task force, required to be formed within one year of the bill’s enactment, will coordinate with federal agencies and provide recommendations for changes to agency security initiatives and programs.
The National Institute of Standards and Technology (NIST) has issued final guidance updates aimed at helping organizations protect and secure controlled unclassified information. The updates clarify previous guidance and provide assessment procedures and examples. In the coming months, NIST plans to revise other publications related to controlled unclassified information.
NIST also plans to make further changes to the NICE framework, which defines cyber workforce roles, to strengthen the federal cyber workforce. The changes will include updating and adding existing roles, such as risk analysis and program management. NIST also plans to incorporate AI into the framework’s skills definitions.
Why do we care?
The Biden administration’s push to hold the software industry accountable for insecure software represents a significant shift in cybersecurity policy. By shifting the security burden from end-users to software developers, this initiative aims to incentivize long-term investment in cybersecurity and resilience. For MSPs, this could mean working with more secure and reliable software, reducing the incidence of vulnerabilities that need to be managed. However, it also means that MSPs will need to stay abreast of compliance requirements and ensure that the software they deploy meets new security standards. I’m all for it – vendors have responsibility for what they build, and codifying that is required.
The bipartisan Senate “road map” for regulating AI and proposed $32 billion annual investment in AI programs highlight the importance of AI in national policy. Watch this space. Will we get all the things?

