When the Biden administration announced its long-awaited policy on October 30th, Executive Order (EO) Regarding artificial intelligence (AI), the US has sought to set the agenda on AI, making an announcement ahead of a conference hosted by the UK. AI Safety Summit At historic Bletchley Park.
President Biden’s plan focuses on eight key areas, from consumer, patient, student, and worker safety, security, innovation, and privacy to AI rights. While the EO is a useful and ambitious first step, we cannot make real progress without Congressional funding.
That is the power of the executive branch. Given the current political climate, this can pose difficulties. Also, as we saw in his May 2021 presidential election of Biden, improve the country’s cybersecurity, this AI EO lays out a blueprint and timeline for action. As many deadlines approach, we will be better able to assess the guidance and activities taken.
Instead of providing a detailed analysis of the pros and cons of this EO, we offer three suggestions for businesses to incorporate components of this EO into their blueprint for safely deploying AI and preparing for potential AI regulations. I decided to do it. My recommendations are:
Establish an AI risk assessment and governance model
At the very least, treat AI like any other emerging technology. However, it is safe to say that AI will disrupt markets in unpredictable ways not seen in decades. Companies should engage in AI risk assessment. How will they leverage AI? What are the risks? Companies must decide whether to completely block, specifically “enable”, or openly allow access to AI applications. Companies will also need to embed AI into their existing governance models, and quickly if the risk of “shadow AI” looms. The EO establishes an AI Council to formulate, develop, communicate, engage and implement AI policy. Does your organization have this capability? The AI Council could provide a great cross-company subcommittee. The EO also mandates the creation of a Chief AI Officer (CAIO), which includes a high level of job responsibility. CAIO drives AI innovation within an organization, manages risk, and performs several other tasks. Many organizations don’t have her CAIO. However, take a look at your EO responsibilities and evaluate which ones make sense for your company to adopt. If a CAIO is an option, these responsibilities could be rolled up to her CTO or similar role. The mandate of the AI Council and CAIO could play a pivotal role in AI governance.
Stay in close touch with NIST and leverage its expertise
Over the next year, there will be a number of documents that companies can incorporate into their AI implementation blueprints. “Within x days” features heavily in his EO. As expected, the National Institute of Standards and Technology (NIST) will lead some important efforts. NIST has published AI Red Team Testing Guidance, a Secure Software Development Framework that Incorporates AI, an AI Risk Management Framework (NIST AI 100-1), and Guidelines for Evaluating the Effectiveness of AI Differential Privacy Assurance Protection. Create. The AI Risk Management Framework could be one of the most valuable documents to emerge from NIST from this exercise. Most organizations don’t have the subject matter expertise to generate this level of content, so take advantage of it. Don’t wait to establish an AI adoption policy. Mark your calendar for when these publications are released, review them, and update your organization’s blueprint and strategy accordingly.
Prepare for potential regulatory impacts
Make regulatory impact assessment part of your AI blueprint. This EO affects the federal government and all of its agencies, but its effects will ripple beyond Washington and into the private sector. As the EO states, companies deploying the “most powerful AI systems” that develop “underlying models” will have new testing and reporting requirements for cybersecurity teams to address. become. IaaS providers must apply “Know Your Customer” controls to prevent malicious foreign cyber attackers from using their AI models for nefarious purposes. Healthcare and financial services companies also need to be prepared because the EO includes a privacy component. Company defined in 19Key and emerging technologies“Each region will need to closely follow future guidance, not only for potential regulations, but also for innovation and recruitment purposes. Adding to this, the federal government is one of the world’s largest buyers. Procurement requirements often also apply to the private sector, which can pose challenges.” Make continuous monitoring the foundation of your AI blueprint and prepare if AI impacts your organization. is required.
Although AI is in its infancy, it has the potential to revolutionize the way companies do business. With a well-thought-out blueprint, CISOs are in a leading position to help businesses differentiate and succeed in the AI era.
Rick Holland, Vice President and CISO, Reliaquest