AI and Cybersecurity in Federal, State, and Local Governments

It is appropriate to remember that once data is shared, it can be difficult to control how it is used or who gets access to it. Depending on local laws that pertain to data privacy and security, governments could face huge fines and penalties for not adequately protecting citizen’s personal information. We are fostering industry support for SAIF with partners and customers, hosting SAIF workshops with practitioners and publishing AI security best practices. We partnered with Deloitte on a whitepaper on how organizations can use AI to address security challenges. As innovation moves forward, the industry needs security standards for building and deploying AI responsibly. That’s why we introduced the Secure AI Framework (SAIF), a conceptual framework to secure AI systems.

While AI has the potential to be used for increased security and compliance, there are also concerns that AI could be used to fuel security breaches and expose private information. Reactive AI is an early form of AI that doesn’t have a “memory.” When a specific input is fed through the algorithm, the output will always be the same. It can process large volumes of data but doesn’t take into account factors like historical data. With so much data and personal information on hand, businesses need to be able to ensure that the information will remain secure and protected. In addition, IT leaders benefit from Domino, with a single platform that delivers self-service access to tools and infrastructure that are secure and compliant. In addition to government-to-government cooperation, partnerships with international organizations such as the United Nations or Interpol could play a very important role.

What You Need to Know About CMMC 2.0 Compliance

Anything that uses AI to score or classify people based on personal characteristics, socio-economic status or behavior would also be illegal. Another framework that has gotten a lot of attention, although it has no legal power, is the White House Office of Science and Technology Policy’s AI Bill of Rights. The framework does not give specific advice but instead provides general rules about how AI should be employed and how it should be allowed or restricted from working with humans. For example, it states that people should not face discrimination based on the decision of an algorithm or an AI. The framework also asserts that people should know if an AI is being used to generate a decision. So, if someone is being considered for a loan, the bank they are applying to should disclose whether a human or an AI will make the final decision.

These vulnerabilities are not “bugs” that can be patched or corrected as is done with traditional cybersecurity vulnerabilities. From this understanding, we can now state the characteristics of the machine learning algorithms underpinning AI that make these systems vulnerable to attack. Third, the report contextualizes AI vulnerabilities within the larger cybersecurity landscape. It argues that AI attacks constitute a new vertical of attacks distinct in nature and required response from existing cybersecurity vulnerabilities. Given time, researchers may discover a technical silver bullet to some of these problems.

Championing Individuals’ Privacy Protection

In the implementation stage, they will encourage adoption of IT-reforms that will make attacks more difficult to execute. In the mitigation stage for addressing attacks that will inevitably occur, they will require the deployment of previously created attack response plans. Just as not all uses of AI are “good,” not all AI attacks are “bad.” While AI in a Western context is largely viewed as a positive force in society, in many other contexts it is employed to more nefarious ends. Countries like China and other oppressive regimes use AI as a way to track, control, and intimidate their citizens.

The second biggest threat predicted by the developer community, ransomware, was cited by just 19% of the survey participants. Data scientists, contractors and collaborators can access on-demand compute infrastructure and commercial and open source data, tools, models, and projects—across any on-prem, GovCloud and hybrid/multi-cloud environments. With Domino, agencies can improve collaboration and governance, while establishing AI standards and best practices that accelerate their missions. In response to these concerns, many governments have already taken steps to protect data privacy in an AI-driven landscape.

(i)  The initial means, instructions, and guidance issued pursuant to subsections 10.1(a)-(h) of this section shall not apply to AI when it is used as a component of a national security system, which shall be addressed by the proposed National Security Memorandum described in subsection 4.8 of this order. (e)  To improve transparency for agencies’ use of AI, the Director of OMB shall, on an annual basis, issue instructions to agencies for the collection, reporting, and publication of agency AI use cases, pursuant to section 7225(a) of the Advancing American AI Act. Through Secure and Compliant AI for Governments these instructions, the Director shall, as appropriate, expand agencies’ reporting on how they are managing risks from their AI use cases and update or replace the guidance originally established in section 5 of Executive Order 13960. The guidelines shall, at a minimum, describe the significant factors that bear on differential-privacy safeguards and common risks to realizing differential privacy in practice. (G)  identification of uses of AI to promote workplace efficiency and satisfaction in the health and human services sector, including reducing administrative burdens.

Across the Federal Government, my Administration will support programs to provide Americans the skills they need for the age of AI and attract the world’s AI talent to our shores — not just to study, but to stay — so that the companies and technologies of the future are made in America. The Federal Government will promote a fair, open, and competitive ecosystem and marketplace for AI and related technologies so that small developers and entrepreneurs can continue to drive innovation. However, in certain cases, it will be necessary to intervene earlier in the AI value chain, at the stages where decisions are made to develop and deploy highly capable systems.

FAQs about AI content for governments

Non-proliferation of certain frontier AI models is therefore essential for safety; but it is difficult to achieve. As AI models become more useful in strategically important contexts, and the costs of producing the most advanced models increase, AI companies will face strong incentives to deploy their models widely—even without adequate safeguards—to recoup their significant upfront investment. But even if companies agree not to distribute their models, bad actors may launch increasingly sophisticated attempts to steal them. The U.S. government still lacks many of the authorities needed to act on any concerning information it may receive. If the Department of Commerce were made aware that a model with significantly dangerous capabilities were to be deployed without adequate safeguards, it’s not clear what—if anything—the government could do to intervene.

• Many of the challenges ahead stem from the development and deployment of the most capable and generally capable models.
• Designing a well-balanced frontier AI regulation regime may be the most challenging regulatory task in the history of technological regulation.
• Upon reading your post, one thought that occurred to me is that we would benefit from a standardization of what components comprise of an AI system, as a key ingredient required for AI safety, security and trustworthiness in the supply chain.

While governments bear significant responsibility in protecting citizens’ data within an AI-driven government framework, individuals also play a vital role in protecting their information. Citizens need to be more conscious of their rights regarding their personal data’s collection, storage, usage, and disposal by government entities. By staying informed about relevant policies and taking proactive measures like regularly reviewing permissions granted for accessing personal information or using encryption tools when transmitting sensitive data online users can take control over their digital footprint. Our work with policymakers and standards organizations, such as NIST, contributes to evolving regulatory frameworks. We recently highlighted SAIF’s role in securing AI systems, aligning with White House AI commitments.

While there is still a long way to go in scaling the adoption of this technology, the potential benefits of implementing AI in government agencies are numerous. Agencies and policymakers can leverage artificial intelligence to conduct citizen-centric smart policymaking. AI tools provide advanced analytics on public data, allowing policymakers to identify emerging issues related to their regions and constituents. Let’s discuss some major AI applications that governments can leverage to improve public sector services. The public sector deals with large amounts of data, so increasing efficiency is key., AI and automation can help increase processing speed, minimize costs, and provide services to the public faster.

Google will continue to build and share Secure AI Framework resources, guidance, and tools, along with other best practices in AI application development. (ii)  Within 180 days of establishing the plan described in subsection (d)(i) of this section, the Secretary of Homeland Security shall submit a report to the President on priority actions to mitigate cross-border risks to critical United States infrastructure. (ii)   Within 240 days of the date of this order, the Director of NSF shall engage with agencies to identify ongoing work and potential opportunities to incorporate PETs into their operations. (iii)  Within 180 days of the date of this order, the Secretary of Transportation shall direct the Advanced Research Projects Agency-Infrastructure (ARPA-I) to explore the transportation-related opportunities and challenges of AI — including regarding software-defined AI enhancements impacting autonomous mobility ecosystems.

These tests should result in a decision as to the acceptable level of AI use within a given application. These tests should weigh the application’s vulnerability to attack, the consequence of an attack, and the availability of alternative non-AI-based methods that can be used in place of AI systems. Second, developing offensive AI attack capabilities would build important institutional knowledge within the U.S. military that could then be used to harden its own systems against attack. All successful work in developing offensive capabilities would double as an important case study in ineffective preventative techniques, and could be used to stress test or “red team” U.S. This experience will be essential in preparing for the next potential conflict given that the U.S. is unlikely to gain battlefield experience with AI attacks, both on the receiving and transmitting end, until it is already in a military conflict with an advanced adversary. In order to be prepared at this first encounter, it is important that the U.S., after crafting successful attacks against adversaries, turn these same techniques against itself to test its own resiliency to this new form of weapon.