The Secure AI Act of 2024, introduced by Sens. Mark Warner, D-Va., and Thom Tillis, R-N.C., requires the National Institute of Standards and Technology to update the National Vulnerability Database (NVD) and the Cybersecurity and Infrastructure Security Agency to update the Common Vulnerabilities and Exposure (CVE) program, or create a new process, according to a summary of the bill. 

Additionally, the bill would charge the National Security Agency with establishing an AI Security Center that would provide an AI test-bed for research for private-sector and academic researchers, and develop guidance to prevent or mitigate “counter AI-techniques.”

“Safeguarding organizations from cybersecurity risks involving AI requires collaboration and innovation from both the private and public sector,” Tillis said in a press release. “This commonsense legislation creates a voluntary database for reporting AI security and safety incidents and promotes best practices to mitigate AI risks.” 

Under the legislation, CISA and NIST would have one year to develop and implement a voluntary database for tracking AI security and safety incidents, which would be available to the public. 

Similarly, NIST would only have 30 days after the enactment of this legislation to initiate a “multi-stakeholder process” to evaluate if the consensus standards for vulnerability reporting accommodate AI security vulnerabilities. After establishing this process, NIST would have 180 days to submit a report to Congress about the sufficiency of reporting processes. 

“By ensuring that public-private communications remain open and up-to-date on current threats facing our industry, we are taking the necessary steps to safeguard against this new generation of threats facing our infrastructure,” Warner said in the press release.

The post Bipartisan Senate bill on AI security would bolster voluntary cyber reporting processes appeared first on FedScoop.

New York Democrat Schumer’s plan, called the “Safe Innovation Framework for AI Policy,” outlines ways to “protect, expand, and harness AI’s potential” as Congress pursues legislation, his office said.

In a keynote speech at the Center for Strategic and International Studies in Washington, Schumer said there is “no choice but to acknowledge that AI’s changes are coming,” and pointed out the need for a strategy to support innovation.

He also highlighted the role of the federal government in AI regulation.

“How much federal intervention on the tax side and on the spending side must there be? Is federal intervention to encourage innovation necessary at all? Or should we just let the private sector develop on its own?” Schumer questioned during his remarks.

At the same time, a bipartisan group of lawmakers led by Reps. Ted Lieu, D-Calif. and Ken Buck, R-Colo., introduced legislation Tuesday that would create a blue-ribbon commission on artificial intelligence to develop a comprehensive framework for the regulation of the emerging technology.

The bicameral National AI Commission Act would create a 20-member commission to explore AI regulation, including how regulation responsibility is distributed across agencies, the capacity of agencies to address challenges relating to regulation, and alignment among agencies in their enforcement actions. 

“We must come up with a plan that encourages — not stifles — innovation in this new world of AI, and that means asking some important questions,” Schumer said Wednesday. “We are going to work very hard to come up with comprehensive legislation. Because this is so important, we are going to do everything we can to succeed.”

In April, Schumer met with the CEOs of AI giants like OpenAI, Microsoft, and Google to discuss the development and regulation of the technology. 

President Joe Biden and his administration have also expressed commitment to safeguarding Americans’ rights and safety with a focus on protecting user privacy and addressing bias and misinformation in AI. Biden earlier this week met with tech leaders and academics in the AI space in Silicon Valley.

The post Sen. Schumer introduces AI policy framework, calls for ‘comprehensive legislation’ appeared first on FedScoop.

The Promoting Rigorous and Innovative Cost Efficiencies for Federal Procurement and Acquisitions (PRICE) Act aims to increase small business participation in contracting by encouraging agencies to adopt new practices, modernize procedures and report cost savings.

Some agencies have proven reluctant to use the Small Business Administration‘s contracting programs to the detriment of women-owned, veteran-owned, minority-owned and disadvantaged small businesses in particular.

Lawmakers encouraged President Biden to sign the bill into law, two months after his administration announced a set of procurement reforms designed to meet its target of increasing the number of federal contracts going to small disadvantaged businesses 50% by 2025.

“Small businesses make up the foundation of our economy, and additional hurdles during the federal contracting process can hinder their growth,” Sen. Gary Peters, D-Mich., a bill sponsor along with Sen. Joni Ernst, R-Iowa, said in a statement. “I’m proud this bipartisan legislation has passed the House and urge President Biden to sign it into law as soon as possible so that small business owners in Michigan and across the nation can have a chance to provide innovative solutions to problems facing the federal government and the American people and compete on a level playing field to win federal contracts.”

Reps. Joe Neguse, D-Colo., and Maria Elvira Salazar, R-Fla., led the bill in the House.

Additionally, a coalition of groups including the Small Business Majority, Association of Procurement Technical Assistance Centers, GovEvolve, HUBZone Contractors National Council, Women Veterans Business Coalition, and the Montgomery Country Chamber of Commerce have announced support for the legislation.

“Small business participation in the federal marketplace is key to ensuring a strong industrial base, however small businesses find that agencies continue to be reluctant to utilize these programs,” said Michelle Burnett, executive director of the HUBZone Contractors National Council, in a statement. “The PRICE Act provides increased opportunities for HUBZone companies by encouraging the acquisition workforce to share innovative best practices to increase small business participation across the federal government.”

The post House sends contracting innovation bill to president’s desk for signing appeared first on FedScoop.

To be eligible undergraduate and graduate students studying AI or a related field would need to agree to work for the federal or a state, local or tribal government after completing their degree for a period equal to the length of the scholarship.

The AI Scholarship-for-Service Act comes as agencies struggle to enlist AI talent, despite the U.S. attempting to become a global leader in the space — ahead of top competitors like China.

“As advancements in artificial intelligence continue, the federal government must be prepared to promote ethical applications based on American values to counter competitors like the Chinese government, which prioritizes investments in this revolutionary technology,” said Sen. Gary Peters, D-Mich., one of the bill’s cosponsors. “Incentivizing professionals who are studying this emerging field to serve in the public sector will help our country remain competitive in the long term, strengthen our national security and ensure this technology is used ethically for the benefit of all Americans.”

The National Science Foundation would be expected to designate qualified institutions of higher education (IHE) for participation in the program.

Internship opportunities would also be made available, but employment preference would be given to students willing to work at executive agencies.

Recipients who fail to serve at least three years in the public sector would be made to repay the scholarship.

Peters, who cosponsored the bill with Sen. John Thune, R-S.D., previously introduced the bill in 2020, but it was never assigned to a committee.

The University of Michigan, Dakota State University, Carnegie-Mellon University, the Internet Association and BSA | The Software Alliance have all endorsed the legislation.

The post Senate bill looks to boost AI talent in government appeared first on FedScoop.

There are no high-profile IT-related provisions in the unclassified portions of the legislation, but several proposals would have noticeable effects on tech and workforce policies. In addition to long-awaited changes to the security clearance process, the bill would provide more opportunities for workers at private companies to take temporary posts in government; mandate roadmaps on IT environment upgrades; and authorize pay raises for cybersecurity and STEM specialists.

Congress last enacted an intelligence authorization bill in 2017, as part of a broader spending bill. This bill, officially titled the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act, passed in the House on July 17. The Senate’s version has been approved by that chamber’s Intelligence Committee.

Security clearances

The bill would cement the digitization of forms and use of other technology in the security clearance process, which still has just under a million people waiting to be screened. President Trump mandated background investigations be transferred to the revamped Defense Counterintelligence and Security Agency, and it is expected to be completely housed in the Pentagon by fall. Previously, the Office of Personnel Management was in charge of clearance investigations.

Background reinvestigations would be replaced with continuous evaluations techniques in “all appropriate circumstances,” according to bill text.

The bill would allow for more information sharing across agencies and with private sector partners for the security clearance process.

“There remains much work to be done, but this is a clear, positive step that will move these long-needed provisions closer to enactment,” David Berteau, president of the Professional Services Council, said in a statement.

Public-Private Partners 

The bill would increase the leeway the intelligence community has to rotate its employees across sectors. Detailing a public-sector intelligence employee to a private company would be considered a general work assignment, if the bill passes as written.

The so-called “talent exchange” would also allow for private-sector workers to enter into public-sector roles.

Other workforce provisions

The head of technology modernization in the intelligence community — a post currently held by John Sherman — would no longer be a presidential appointee under the bill. Instead, the director of national intelligence would have the authority to fill the position.

IC employees working in STEM- and cyber-related fields could get a bump in cashflow. Minimum pay rates for employees with IT expertise would be raised along with “increases in all rates of pay,” according to the bill.

The IT environment these workers operate in would need to get an extra look. The bill mandates reports and longterm roadmaps on the information environment utilized by intelligence agencies. Recently, Sherman confirmed that the Central Intelligence Agency is working on developing a multi-cloud, multi-vendor environment known as commercial cloud enterprise, or C2E.

The post Security clearances, public-private rotations are prominent in House intelligence bill appeared first on FedScoop.

New legislation from Sens. Martin Heinrich, D-N.M., and Rob Portman, R-Ohio, would require the undersecretary of Defense for personnel and readiness to “promote and maintain digital engineering as a core competency of the Armed Forces,” the senators said in a news release. The proposed Armed Forces Digital Advantage Act would also create the role of “Chief Digital Engineering Recruitment and Management Officer of the Department of Defense,” which would report to the undersecretary.

“Whether it is Artificial Intelligence, 5G telecommunications services, or cloud computing, transformational digital technologies will present new opportunities and challenges for the Department of Defense,” Heinrich said. “That means we must prepare the Department with a proficient and capable workforce by recruiting in the near term and training for the long term.”

Beyond the goal of finding and retaining those people in general, the senators want to “protect them from pressures to rotate into unrelated roles,” the news release said.

The new recruitment and management officer would have a mandate to think creatively about where and how to reach out to potential recruits, including “mechanisms not typically pursued in military recruitment (ex. tech conferences and events like SXSW),” the news release said.

The official career tracks, meanwhile, would include “appropriate military occupational specialties (MOS) and meaningful opportunities for career development, talent management, and promotion within such career tracks.”

Portman and Heinrich created the AI Caucus earlier this year with the goal of emphasizing “responsible policy” for the technology’s use inside and outside of government.

The Pentagon has embraced the potential of AI in general. Its new Joint AI Center (JAIC) is considering not only the technology’s applications in warfare, but also how it could improve Pentagon management.

Portman is also a co-sponsor of bipartisan legislation intended to improve federal agencies’ use of AI.

The legislation is in line with one suggestion made by the tech executive-heavy Defense Innovation Board (DIB). The board voted to formally suggest that the Pentagon “establish a career track for computer scientists in the military” in January 2018. The DIB is an independent advisory council — it makes recommendations but cannot implement them.

The post Military would emphasize recruitment for tech skills under Senate AI Caucus leaders’ bill appeared first on FedScoop.

The intent is not only to help fill specific gaps in the workforce, but also to help agencies recruit and retain people by offering opportunities “to enhance their careers, broaden their professional experience, and foster collaborative networks by experiencing and contributing to the cyber mission beyond their home agencies,” the bill’s sponsors, Sens. Gary Peters, D-Mich., and John Hoeven, R-N.D., said in a news release.

The legislation — the Federal Rotational Cyber Workforce Program Act of 2019 — passed by unanimous consent. There is no companion bill in the House, but a congressional source told FedScoop that Senate sponsors have reached out to the other chamber about how to move the legislation forward.

Supporters see the bill as an extension of several initiatives from Congress and the White House, including the Federal Cybersecurity Workforce Assessment Act of 2015, which required the Office of Personnel Management (OPM) and other agencies to identify and describe their cyber-related jobs, and the Trump administration’s broad government reorganization plan from June 2018, which included proposals to alleviate shortages in the cybersecurity workforce.

Silicon Valley’s ability to attract much of the best cybersecurity talent is a chief concern, whether the focus is new graduates looking for their first jobs or current federal workers who are aware of the higher salaries and richer benefits packages in the private sector. A surplus of job openings around the country — most estimates say tens of thousands of cybersecurity positions are currently unfilled — complicates the situation even more for the government.

Rotations for cybersecurity workers would be limited to 180 days, with an option for a 60-day extension. Employees would have to return to their home agencies afterward and remain there for at least the same amount of time before being rotated out again.

OPM, the federal Chief Human Capital Officers Council and the Department of Homeland Security would have to develop an operation plan “that establishes the procedures and requirements for the program, including the employee application and selection process and agency management of cyber employees participating in the program,” according to the committee report that accompanied the bill.

The Government Accountability Office would have to report on the program, and the legislation would sunset after five years.

The Trump administration has moved ahead independently with efforts to help fill gaps in the cybersecurity workforce, notably the Federal Cyber Reskilling Academy, which aims to provide hands-on training to federal employees who are not currently working in IT. The program, created in late 2018, is already looking to fill its second cohort of trainees.

DHS also is developing a Cyber Talent Management System that will allow the department “to align prospective cybersecurity talent to the most pressing cybersecurity needs and will allow these technical professionals to accelerate their careers as rapidly as their aptitudes allow.”

Peters is ranking member of the Homeland Security and Governmental Affairs Committee, which approved the bill in March. That panel’s chairman, Ron Johnson, R-Wis., is a cosponsor, as is committee member Maggie Hassan, D-N.H.

The post Cybersecurity pros could work for multiple agencies under bill passed by Senate appeared first on FedScoop.

The Federal Network Protection Act— introduced Tuesday by Sen. Dianne Feinstein, D-Calif., — would amend federal statutes to provide the secretary of Homeland Security the ability to issue a binding operational directive without a requirement of notice “to any private entity.” The legislation comes as Moscow-based Kaspersky Lab and the U.S. government continue their legal fight over a federal law banning the cybersecurity’s company’s products from government networks.

Under current Federal Information Security Modernization Act (FISMA) statutes, the DHS secretary can issue a binding operational directive — effectively a compulsory order — to executive branch agencies in order to protect federal information systems from a suspected security threat.

BODs do not apply to national security systems, and the secretary is required by statute to provide notice to potentially affected third parties and consult, where appropriate, with federal contractors on the procedures under which a directive may be issued. The new bill would remove any requirement of that notice.

In a statement on her website, Feinstein did not mention any company by name, but said the bill was meant to curb increasing attempts of cyber-espionage by foreign nations, citing a Government Accountability Office figure that said attacks on federal systems had increased from 5,500 in 2006 to more than 77,000 in 2015.

“We’re seeing more and more attacks on federal computer systems by foreign agents, and we need to make sure we have all the tools and authorities necessary to block those attacks,” she said. “By clarifying what actions the Secretary of Homeland Security can take, we allow the department to act quickly in response to cyber threats.”

DHS banned Kaspersky Lab products from federal IT systems in September 2017, claiming its antivirus software posed a national security risk.

The company has since filed two lawsuits seeking to overturn the ban, due to provisions within the proposed 2018 National Defense Authorization Act that wrote the ban into law. Separately, the U.S. government is considering broader sanctions on the company’s products.

Feintstein’s bill has been referred to the Senate Committee on Homeland Security and Governmental Affairs.

The post Senator wants to allow DHS to ban software from federal IT without notice appeared first on FedScoop.

Under the proposal, the Pentagon chief management officer would be required by Jan. 1, 2021, to close DISA — DOD’s IT acquisition service —and transfer key services elsewhere within the Pentagon.

The Texas lawmaker’s Comprehensive Pentagon Bureaucracy Reform and Reduction Act looks to “promote efficiency and agility, reduce duplication and redundancy, and streamline bureaucracy across” the Defense Department’s 28 4th Estate support agencies. Thornberry hopes to include the legislation in the the fiscal 2019 National Defense Authorization Act.

The U.S. Cyber Command would absorb the Joint Force Headquarters — Department of Defense Information Network. That unit, which handles the Pentagon’s network defense, is currently led by DISA Director Vice Adm. Nancy Norton, who reports to Adm. Mike Rogers, head of Cyber Command, in that role.

Thornberry’s legislation isn’t specific about where DISA’s centralized IT acquisition responsibilities would be delegated within DOD, but it “may include the transfer of such services to the 10 military departments.”

Thornberry further targets the Pentagon’s IT operations, calling to limit department senior executive service CIO roles to just five starting in 2021. There are about 60 SES CIOs within the Defense Department, according to Thornberry.

The legislation would also shutter the Defense Technical Information Center, the Office of Economic Adjustment, the Test Resource Management Center, the Washington Headquarters Services, the Defense Human Resources Activity and the Defense Technology Security Administration, and possibly others, depending on reviews.

The post Mac Thornberry wants to eliminate DISA appeared first on FedScoop.

The Cyber Scholarship Opportunities Act would expand the NSF’s CyberCorps: Scholarship-for-Service program, which awards grants and scholarships to students in exchange for agreeing to take on cybersecurity jobs in federal, state or local government after they graduate.

The Senate Commerce Committee approved an amended version of the bill Wednesday, and supporters say they hope to find floor time for the legislation soon after the Senate returns from recess. Key supporters include Republican Roger Wicker of Mississippi and Democrat Tim Kaine of Virginia.

Shaun Waterman of CyberScoop has more on the bill.

The post NSF’s cybersecurity Scholarship-for-Service program would expand under Senate bill appeared first on FedScoop.