Jan 18 2024

Industry Partnerships Are Essential to Implementing the New AI Executive Order

Government needs to consult companies to accelerate the technology’s secure adoption, the former federal CIO says.

The private sector is an invaluable resource as government looks to answer questions about artificial intelligence bias, workforce impacts and adoption rates raised by recent guidance, says former federal CIO Suzette Kent.

AI is evolving quickly across commercial industries, and agencies not only need to keep pace but also must ensure that companies are holding up their end of the safety and security equation for the software they’re selling to the government, Kent says.

The Biden administration issued a sprawling executive order Oct. 30 promoting the safe, secure and trustworthy development and use of AI, complete with ambitious timelines. This includes a 90-day deadline for companies with dual-use foundation models to provide the government with safety measures, such as red-team test results.

“We need to be a world leader in AI, which is part of the reason for this: ensuring the use of one of the most powerful technology tools that we have seen in history for good,” says Kent, adviser to stackArmor’s AI Risk Management Center of Excellence.

Click on the banner to learn how platform engineering works.

Executive Order Formalizes AI Security Procedures 

The executive order and subsequent implementation guidance from the White House in many ways formalized “robust discussions” AI vendors were already having about privacy, safety and security standards, Kent says.

Companies including Adobe and Dell publicly acknowledge their credentialing and watermarking efforts, but that’s what makes this executive order atypical: AI adoption and security are already “off and running,” she says.

The executive order mentions interactions with other countries, but the global marketplace and ports of entry are where they’ll interact most frequently on AI.

“They will have experiences,” Kent says. “They won’t have ideas and concepts.”

That’s why government needs to invite commercial industry to the table to learn about AI and accelerate agencies’ adoption, she adds.

Suzette Kent
You have to understand not just the AI that you build but the AI that you buy that’s embedded in software.”

Suzette Kent Former Federal CIO

For instance, stackArmor works with agencies to map AI security standards to Federal Risk and Authorization Management Program and National Institute of Standards and Technology requirements to speed up the process by which companies receive authority to operate. That way, agencies have more AI solutions to choose from.

Industry Partnerships and Federal Funding Are Needed

Under the executive order, the Department of Homeland Security is expected to develop an AI risk management framework.

“You have to understand not just the AI that you build but the AI that you buy that’s embedded in software,” Kent says. “What’s missing is the tactical framework of how all those things exactly knit together.”

Agencies have AI pilots down, but they need industry’s help in establishing structure, controls and processes for maintaining software as they scale, she adds.

RELATED: Agencies should be part of the AI proof-of-concept process.

The entertainment sector undoubtedly requires different AI security standards than the health and national security sectors, which also needs to be addressed, the former federal CIO says.

Kent was pleased to see the executive order task agency deputy secretaries with AI oversight and propose steps to close the AI talent gap in government. The National Science Foundation is required to establish at least four new National AI Research Institutes, and agencies will need to reinvest in workforce training as the technology changes employees’ roles and responsibilities, Kent says.

For example, the Department of Veterans Affairs is using AI to turn doctors’ spoken words into folder notes, but that won’t eliminate the need for doctors — it will simply free them up for different tasks.

All of this will require a boost to agencies’ IT budgets.

“Make it a priority,” Kent says. “And fund it.”

ismagilov/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.