Fed Government Needs to Clarify Minimal Cybersecurity Standards

(Illustration: Shutterstock)

There’s a government and national responsibility in communicating the minimum standards for cybersecurity engineering, according to Chief of Missions for the Department of Defense’s (DoD) Joint Artificial Intelligence Center (JAIC) Col. Stoney Trent.

“Startups say that the risk management framework … they see this is just arduous, like ‘we don’t understand it, how can we possibly work with the government? We don’t even want to work with them,’” Col. Trent said at the Institute for Critical Infrastructure Technology briefing on Oct. 17. He added that he would tell those startups that they’re just willing to sell poorly designed products to companies that don’t have the cybersecurity expertise to inspect those products.

“Shame on you. Shame on the government, though, for not making it more clear about what is minimally necessary for cyber security engineering,” Col. Trent said. “We have a responsibility as a nation to communicate those minimal standards.”

Later in the briefing, Col. Trent talked about the obstacles in AI adoption for DoD—both technological and non-technological. Some of the technology based obstacles include:

  • Data- access and quality;
  • Dev/Test environment;
  • Legacy systems;
  • Testing tools and methods;
  • Security engineering; and
  • Resilient systems engineering.

The non-technological obstacles in AI adoption for DoD include:

  • Problem scoping;
  • Policy such as human resources, contracting, IP, data sharing, governance, program management; and
  • Educating a workforce.

Col. Trent added that these obstacles aren’t exclusive to AI adoption, but can also be generalized to other missions for the Defense Department while adding that the non-technological obstacles are harder and bigger to overcome.

Categories

Recent