The National Institute of Standards and Technology (NIST) is collaborating with the Digital Benefits Network and the Center for Democracy and Technology to adapt its digital identity guidelines for state and local benefits programs. The resources developed will help public sector organizations evaluate authentication and identity-proofing practices for the secure delivery of specific benefits. The project aims to address concerns about fraud, cybersecurity threats, privacy, data security, due process, and biases in systems that impact marginalized groups. Community engagement and public workshops will be used to gather input and feedback.
The Federal Communications Commission (FCC) has refused to suspend its Net Neutrality rules, setting up a court battle with Internet Service Providers (ISPs) who claim the rules violate the law and cause financial harm. The rules, scheduled to take effect on July 22, 2024, prohibit ISPs from blocking or throttling lawful content or accepting payment for prioritizing content. The FCC has also filed a motion to move the Net Neutrality litigation to the D.C. Circuit in Washington.
The Cybersecurity and Infrastructure Security Agency (CISA) is focusing on data stewardship as part of the “zero trust” push in federal agencies. CISA is working to understand, protect, and connect its cybersecurity data, applying strong security controls and data governance controls. CISA has identified chief data stewards responsible for managing specific datasets and combines data access controls with strong identity governance to move towards a zero-trust architecture. The goal is to improve data security while enabling access to support the mission and providing security.
CISA led its first tabletop exercise for AI cybersecurity, bringing together partners from the US and abroad. The exercise focused on understanding AI-related cybersecurity incidents, information-sharing, and collaboration between industry and government. CISA is developing an AI security incident collaboration playbook, set to be released at the end of 2024, to enhance incident response coordination. The exercise involved major technology companies, international cyber defense agencies, and US government partners.
The State Department is actively engaging the private sector in cyber diplomacy efforts as part of the Biden administration’s cybersecurity agenda. The department is working on crystalizing its private sector engagement and collaborating to understand international tech regulations and expand internet connectivity. The department is also figuring out how to allocate a new $50 million fund to help allied nations respond to hacks and expand internet access. In another development, federal officials, AI model operators, and cybersecurity companies conducted the first joint simulation of a cyberattack involving a critical AI system, highlighting the need for a different playbook to respond to such attacks.
Why do we care?
There’s a lot of resources and regulatory compliance to be aware of. Organizations, especially within the public sector, should follow CISA’s lead in implementing zero-trust architectures. This includes appointing data stewards and enhancing data governance to secure sensitive information effectively. I’m increasingly focused on that offering as valuable, particularly with it’s AI implications. From a planning perspective, one can consider that AI incident response changes will be a 2024 project based on CISA’s work this year.

