It is not often one body of government truly agrees on anything, but when it comes to Artificial Intelligence (AI) and cybersecurity, there apparently is a peaceful co-existence.

That came to light when a bipartisan Senate bill released last week that would strengthen security measures around artificial intelligence, overhauling a series of actions including cyber vulnerability tracking and a public database for AI incident reports.

The Secure AI Act of 2024, introduced by Sens. Mark Warner, D-VA, and Thom Tillis, R-NC, would require the National Institute of Standards and Technology (NIST) to update the National Vulnerability Database (NVD) and the Cybersecurity and Infrastructure Security Agency (CISA) to update the Common Vulnerabilities and Exposure (CVE) program, or create a new process, according to a summary of the bill.

Additionally, the bill would charge the National Security Agency (NSA) with establishing an AI Security Center that would provide an AI test-bed for research for private-sector and academic researchers, and develop guidance to prevent or mitigate “counter AI-techniques.”

“As we continue to embrace all the opportunities that AI brings, it is imperative that we continue to safeguard against the threats posed by – and to — this new technology, and information sharing between the federal government and the private sector plays a crucial role,” Warner said.

Schneider Bold

“Safeguarding organizations from cybersecurity risks involving AI requires collaboration and innovation from both the private and public sector,” Tillis said.

Under the legislation, CISA and NIST would have one year to develop and implement a voluntary database for tracking AI security and safety incidents, which would be available to the public.

Similarly, NIST would have 30 days after the enactment of this legislation to initiate a “multi-stakeholder process” to evaluate if the consensus standards for vulnerability reporting accommodate AI security vulnerabilities. After establishing this process, NIST would have 180 days to submit a report to Congress about the sufficiency of reporting processes.

The bill passed in the Senate, but must also go through the House and then on to the President to sign into law.

ISSSource

Pin It on Pinterest

Share This