Today, the DOC’s Bureau of Industry and Security published a notice of proposed rulemaking (NPRM) in the Federal Register (89 FR 73612-73617) on “Establishment of Reporting Requirements for the Development of Advanced Artificial Intelligence Models and Computing Clusters”. This rulemaking would fulfill the requirements for §4.2(a)(i) of EO 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. This proposed rule would amend the BIS Industrial Base Surveys—Data Collections regulations by establishing reporting requirements for the development of advanced artificial intelligence (AI) models and computing clusters.
Public Comments
BIS is soliciting public comments on this rulemaking, including comments about the following topics:
Quarterly Notification
Schedule,
Information Collection
and Storage,
Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # BIS-2024-0047). Comments should be submitted by October 11th, 2024,
Commentary
BIS
notes that: “For similar reasons, the U.S. Government must minimize the
vulnerability of dual-use foundation models to cyberattacks.” Unfortunately,
the only cybersecurity reporting action that BIS is taking in this rulemaking
is including a requirement to “including the physical and cybersecurity
protections taken to assure the integrity of that training process against
sophisticated threats”. Anyone that follows cybersecurity news has to realize
that even well designed systems are subject to 3rd party researchers
finding and exploiting vulnerabilities that are unidentified by the vendor.
While design reviews such as the one required in this rulemaking are important,
a comprehensive cybersecurity program also requires a vulnerability disclosure
program and a cyber incident reporting program.
For more details about the requirements of this proposed regulation, including a potential fix to one of the problems identified in my commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bis-publishes-ai-reporting-requirements - subscription required.
Posts
No comments:
Post a Comment