Category Archives: Cybersecurity

Biden-Harris Administration Announces Key AI Actions 180 Days Following President Biden’s Landmark Executive Order

Six months ago, President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI). Since then, agencies all across government have taken vital steps to manage AI’s safety and security risks, protect Americans’ privacy, advance equity and civil rights, stand up for consumers and workers, promote innovation and competition, advance American leadership around the world, and more.
 

Federal agencies reported that they completed all of the 180-day actions in the E.O. on schedule, following their recent successes completing each 90-day, 120-day, and 150-day action on time. Agencies also progressed on other work tasked by the E.O. over longer timeframes.
 
Actions that agencies reported as complete include the following:
 
Managing Risks to Safety and Security:
Over 180 days, the Executive Order directed agencies to address a broad range of AI’s safety and security risks, including risks related to dangerous biological materials, critical infrastructure, and software vulnerabilities. To mitigate these and other threats to safety, agencies have:
 

  • Established a framework for nucleic acid synthesis screening to help prevent the misuse of AI for engineering dangerous biological materials. This work complements in-depth study by the Department of Homeland Security (DHS), Department of Energy (DOE) and Office of Science and Technology Policy on AI’s potential to be misused for this purpose, as well as a DHS report that recommended mitigations for the misuse of AI to exacerbate chemical and biological threats. In parallel, the Department of Commerce has worked to engage the private sector to develop technical guidance to facilitate implementation. Starting 180 days after the framework is announced, agencies will require that grantees obtain synthetic nucleic acids from vendors that screen.
     
  • Released for public comment draft documents on managing generative AI risks, securely developing generative AI systems and dual-use foundation models, expanding international standards development in AI, and reducing the risks posed by AI-generated content. When finalized, these documents by the National Institute of Standards and Technology (NIST) will provide additional guidance that builds on NIST’s AI Risk Management Framework, which offered individuals, organizations, and society a framework to manage AI risks and has been widely adopted both in the U.S. and globally.
     
  • Developed the first AI safety and security guidelines for critical infrastructure owners and operators. These guidelines are informed by the completed work of nine agencies to assess AI risks across all sixteen critical infrastructure sectors.
     
  • Launched the AI Safety and Security Board to advise the Secretary of Homeland Security, the critical infrastructure community, other private sector stakeholders, and the broader public on the safe and secure development and deployment of AI technology in our nation’s critical infrastructure. The Board’s 22 inaugural members include representatives from a range of sectors, including software and hardware company executives, critical infrastructure operators, public officials, the civil rights community, and academia. 
     
  • Piloted new AI tools for identifying vulnerabilities in vital government software systems. The Department of Defense (DoD) made progress on a pilot for AI that can find and address vulnerabilities in software used for national security and military purposes. Complementary to DoD’s efforts, DHS piloted different tools to identify and close vulnerabilities in other critical government software systems that Americans rely on every hour of every day.

 
Standing up for Workers, Consumers, and Civil Rights
The Executive Order directed bold steps to mitigate other risks from AI—including risks to workers, to consumers, and to Americans’ civil rights—and ensure that AI’s development and deployment benefits all American. Agencies reported that they have:

  • Developed bedrock principles and practices for employers and developers to build and deploy AI safely and in ways that empower workers. Agencies all across government are now starting work to establish these practices as requirements, where appropriate and authorized by law, for employers that receive federal funding.
     
  • Released guidance to assist federal contractors and employers comply with worker protection laws as they deploy AI in the workplace. The Department of Labor (DOL) developed a guide for federal contractors and subcontractors to answer questions and share promising practices to clarify federal contractors’ legal obligations, promote equal employment opportunity, and mitigate the potentially harmful impacts of AI in employment decisions. DOL also provided guidance regarding the application of the Fair Labor Standards Act and other federal labor standards as employers increasingly use of AI and other automated technologies in the workplace.
     
  • Released resources for job seekers, workers, and tech vendors and creators on how AI use could violate employment discrimination laws. The Equal Employment Opportunity Commission’s resources clarify that existing laws apply the use of AI and other new technologies in employment just as they apply to other employment practices.
     
  • Issued guidance on AI’s nondiscriminatory use in the housing sector. In two guidance documents, the Department of Housing and Urban Development affirmed that existing prohibitions against discrimination apply to AI’s use for tenant screening and advertisement of housing opportunities, and it explained how deployers of AI tools can comply with these obligations.
     
  • Published guidance and principles that set guardrails for the responsible and equitable use of AI in administering public benefits programs. The Department of Agriculture’s guidance explains how State, local, Tribal, and territorial governments should manage risks for uses of AI and automated systems in benefits programs such as SNAP. The Department of Health and Human Services (HHS) released a plan with guidelines on similar topics for benefits programs it oversees. Both agencies’ documents prescribe actions that align with the Office of Management and Budget’s policies, published last month, for federal agencies to manage risks in their own use of AI and harness AI’s benefits.
     
  • Announced a final rule clarifying that nondiscrimination requirements in health programs and activities continue to apply to the use of AI, clinical algorithms, predictive analytics, and other tools. Specifically, the rule applies the nondiscrimination principles under Section 1557 of the Affordable Care Act to the use of patient care decision support tools in clinical care, and it requires those covered by the rule to take steps to identify and mitigate discrimination when they use AI and other forms of decision support tools for care.
     
  • Developed a strategy for ensuring the safety and effectiveness of AI deployed in the health care sector. The strategy outlines rigorous frameworks for AI testing and evaluation, and it outlines future actions for HHS to promote responsible AI development and deployment.


Harnessing AI for Good
President Biden’s Executive Order also directed work to seize AI’s enormous promise, including by advancing AI’s use for scientific research, deepening collaboration with the private sector, and piloting uses of AI. Over the past 180 days, agencies have done the following:

  • Announced DOE funding opportunities to support the application of AI for science, including energy-efficient AI algorithms and hardware. 
     
  • Prepared convenings for the next several months with utilities, clean energy developers, data center owners and operators, and regulators in localities experiencing large load growth.  DOE announced new actions to assess the potential energy opportunities and challenges of AI, accelerate deployment of clean energy, and advance AI innovation to manage the growing energy demand of AI.
     
  • Launched pilots, partnerships, and new AI tools to address energy challenges and advance clean energy. For example, DOE is piloting AI tools to streamline permitting processes and improving siting for clean energy infrastructure, and it has developed other powerful AI tools with applications at the intersection of energy, science, and security. DOE also published a report outlining opportunities AI brings to advance the clean energy economy and modernize the electric grid.
     
  • Initiated a sustained effort to analyze the potential risks that deployment of AI may pose to the grid. DOE has started the process of convening energy stakeholders and technical experts over the coming months to collaboratively assess potential risks to the grid, as well as ways in which AI could potentially strengthen grid resilience and our ability to respond to threats—building off a new public assessment.
     
  • Authored a report on AI’s role in advancing scientific research to help tackle major societal challenges, written by the President’s Council of Advisors on Science and Technology.


Bringing AI Talent into Government
The AI and Tech Talent Task Force has made substantial progress on hiring through the AI Talent Surge. Since President Biden signed the E.O., federal agencies have hired over 150 AI and AI-enabling professionals and, along with the tech talent programs, are on track to hire hundreds by Summer 2024. Individuals hired thus far are already working on critical AI missions, such as informing efforts to use AI for permitting, advising on AI investments across the federal government, and writing policy for the use of AI in government.

  • The General Services Administration has onboarded a new cohort of Presidential Innovation Fellows (PIF) and also announced their first-ever PIF AI cohort starting this summer.
  • DHS has launched the DHS AI Corps, which will hire 50 AI professionals to build safe, responsible, and trustworthy AI to improve service delivery and homeland security.
  • The Office of Personnel Management has issued guidance on skills-based hiring to increase access to federal AI roles for individuals with non-traditional academic backgrounds.

For more on the AI Talent Surge’s progress, read its report to the President. To explore opportunities, visit https://ai.gov/apply

FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence 

This fact sheet detailing President Biden’s Executive Order on Safe, Secure and Trustworthy Artificial Intelligence was provided by the White House:

President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI). The Executive Order establishes new standards for AI safety and security, protects Americans’ privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and competition and advances American leadership around the world. (Karen Rubin/news-photos-features.com via c-span)

Today, President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI). The Executive Order establishes new standards for AI safety and security, protects Americans’ privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and competition, advances American leadership around the world, and more.

As part of the Biden-Harris Administration’s comprehensive strategy for responsible innovation, the Executive Order builds on previous actions the President has taken, including work that led to voluntary commitments from 15 leading companies to drive safe, secure, and trustworthy development of AI.

“President Biden is rolling out the strongest set of actions any government in the world has ever taken on AI safety, security, and trust. It’s the next step in an aggressive strategy to do everything on all fronts to harness the benefits of AI and mitigate the risks,” stated White House Deputy Chief of Staff Bruce Reed.

The Executive Order directs the following actions:

New Standards for AI Safety and Security

As AI’s capabilities grow, so do its implications for Americans’ safety and security. With this Executive Order, the President directs the most sweeping actions ever taken to protect Americans from the potential risks of AI systems:

  • Require that developers of the most powerful AI systems share their safety test results and other critical information with the U.S. government. In accordance with the Defense Production Act, the Order will require that companies developing any foundation model that poses a serious risk to national security, national economic security, or national public health and safety must notify the federal government when training the model, and must share the results of all red-team safety tests. These measures will ensure AI systems are safe, secure, and trustworthy before companies make them public. 
    • Develop standards, tools, and tests to help ensure that AI systems are safe, secure, and trustworthy. The National Institute of Standards and Technology will set the rigorous standards for extensive red-team testing to ensure safety before public release. The Department of Homeland Security will apply those standards to critical infrastructure sectors and establish the AI Safety and Security Board. The Departments of Energy and Homeland Security will also address AI systems’ threats to critical infrastructure, as well as chemical, biological, radiological, nuclear, and cybersecurity risks. Together, these are the most significant actions ever taken by any government to advance the field of AI safety.
    • by developing strong new standards for biological synthesis screening. Agencies that fund life-science projects will establish these standards as a condition of federal funding, creating powerful incentives to ensure appropriate screening and manage risks potentially made worse by AI.
    • Protect Americans from AI-enabled fraud and deception by establishing standards and best practices for detecting AI-generated content and authenticating official content. The Department of Commerce will develop guidance for content authentication and watermarking to clearly label AI-generated content. Federal agencies will use these tools to make it easy for Americans to know that the communications they receive from their government are authentic—and set an example for the private sector and governments around the world.
    • Establish an advanced cybersecurity program to develop AI tools to find and fix vulnerabilities in critical software, building on the Biden-Harris Administration’s ongoing AI Cyber Challenge. Together, these efforts will harness AI’s potentially game-changing cyber capabilities to make software and networks more secure.
    • Order the development of a National Security Memorandum that directs further actions on AI and security, to be developed by the National Security Council and White House Chief of Staff. This document will ensure that the United States military and intelligence community use AI safely, ethically, and effectively in their mission, and will direct actions to counter adversaries’ military use of AI.

Protecting Americans’ Privacy

Without safeguards, AI can put Americans’ privacy further at risk. AI not only makes it easier to extract, identify, and exploit personal data, but it also heightens incentives to do so because companies use data to train AI systems. To better protect Americans’ privacy, including from the risks posed by AI, the President calls on Congress to pass bipartisan data privacy legislation to protect all Americans, especially kids, and directs the following actions:

  • Protect Americans’ privacy by prioritizing federal support for accelerating the development and use of privacy-preserving techniques—including ones that use cutting-edge AI and that let AI systems be trained while preserving the privacy of the training data. 
    • Strengthen privacy-preserving research and technologies, such as cryptographic tools that preserve individuals’ privacy, by funding a Research Coordination Network to advance rapid breakthroughs and development. The National Science Foundation will also work with this network to promote the adoption of leading-edge privacy-preserving technologies by federal agencies.
    • Evaluate how agencies collect and use commercially available information—including information they procure from data brokers—and strengthen privacy guidance for federal agencies to account for AI risks. This work will focus in particular on commercially available information containing personally identifiable data.
    • Develop guidelines for federal agencies to evaluate the effectiveness of privacy-preserving techniques, including those used in AI systems.These guidelines will advance agency efforts to protect Americans’ data.

Advancing Equity and Civil Rights

Irresponsible uses of AI can lead to and deepen discrimination, bias, and other abuses in justice, healthcare, and housing. The Biden-Harris Administration has already taken action by publishing the Blueprint for an AI Bill of Rights and issuing an Executive Order directing agencies to combat algorithmic discrimination, while enforcing existing authorities to protect people’s rights and safety. To ensure that AI advances equity and civil rights, the President directs the following additional actions:

  • Provide clear guidance to landlords, Federal benefits programs, and federal contractors to keep AI algorithms from being used to exacerbate discrimination.
    • Address algorithmic discrimination through training, technical assistance, and coordination between the Department of Justice and Federal civil rights offices on best practices for investigating and prosecuting civil rights violations related to AI.
    • Ensure fairness throughout the criminal justice system by developing best practices on the use of AI in sentencing, parole and probation, pretrial release and detention, risk assessments, surveillance, crime forecasting and predictive policing, and forensic analysis.

Standing Up for Consumers, Patients, and Students

AI can bring real benefits to consumers—for example, by making products better, cheaper, and more widely available. But AI also raises the risk of injuring, misleading, or otherwise harming Americans. To protect consumers while ensuring that AI can make Americans better off, the President directs the following actions:

  • Advance the responsible use of AI in healthcare and the development of affordable and life-saving drugs. The Department of Health and Human Services will also establish a safety program to receive reports of—and act to remedy – harmsor unsafe healthcare practices involving AI.
    • Shape AI’s potential to transform education by creating resources to support educators deploying AI-enabled educational tools, such as personalized tutoring in schools.

Supporting Workers

AI is changing America’s jobs and workplaces, offering both the promise of improved productivity but also the dangers of increased workplace surveillance, bias, and job displacement. To mitigate these risks, support workers’ ability to bargain collectively, and invest in workforce training and development that is accessible to all, the President directs the following actions:

Promoting Innovation and Competition

America already leads in AI innovation—more AI startups raised first-time capital in the United States last year than in the next seven countries combined. The Executive Order ensures that we continue to lead the way in innovation and competition through the following actions:

  • Catalyze AI research across the United States through a pilot of the National AI Research Resource—a tool that will provide AI researchers and students access to key AI resources and data—and expanded grants for AI research in vital areas like healthcare and climate change.
    • Promote a fair, open, and competitive AI ecosystem by providing small developers and entrepreneurs access to technical assistance and resources, helping small businesses commercialize AI breakthroughs, and encouraging the Federal Trade Commission to exercise its authorities.
    • Use existing authorities to expand the ability of highly skilled immigrants and nonimmigrants with expertise in critical areas to study, stay, and work in the United States by modernizing and streamlining visa criteria, interviews, and reviews.

Advancing American Leadership Abroad

AI’s challenges and opportunities are global. The Biden-Harris Administration will continue working with other nations to support safe, secure, and trustworthy deployment and use of AI worldwide. To that end, the President directs the following actions:

  • Expand bilateral, multilateral, and multistakeholder engagements to collaborate on AI. The State Department in collaboration with the Commerce Department will lead an effort to establish robust international frameworks for harnessing AI’s benefits and managing its risks and ensuring safety. In addition, this week, Vice President Harris will speak at the UK Summit on AI Safety, hosted by Prime Minister Rishi Sunak.
    • Accelerate development and implementation of vital AI standards with international partners and in standards organizations, ensuring that the technology is safe, secure, trustworthy, and interoperable.
    • Promote the safe, responsible, and rights-affirming development and deployment of AI abroad to solve global challenges, such as advancing sustainable development and mitigating dangers to critical infrastructure.

Ensuring Responsible and Effective Government Use of AI

AI can help government deliver better results for the American people. It can expand agencies’ capacity to regulate, govern, and disburse benefits, and it can cut costs and enhance the security of government systems. However, use of AI can pose risks, such as discrimination and unsafe decisions. To ensure the responsible government deployment of AI and modernize federal AI infrastructure, the President directs the following actions:

  • Issue guidance for agencies’ use of AI, includingclear standards to protect rights and safety, improve AI procurement, and strengthen AI deployment. 
    • Help agencies acquire specified AI products and services faster, more cheaply, and more effectively through more rapid and efficient contracting.
    • Accelerate the rapid hiring of AI professionals as part of a government-wide AI talent surge led by the Office of Personnel Management, U.S. Digital Service, U.S. Digital Corps, and Presidential Innovation Fellowship. Agencies will provide AI training for employees at all levels in relevant fields.

As we advance this agenda at home, the Administration will work with allies and partners abroad on a strong international framework to govern the development and use of AI. The Administration has already consulted widely on AI governance frameworks over the past several months—engaging with Australia, Brazil, Canada, Chile, the European Union, France, Germany, India, Israel, Italy, Japan, Kenya, Mexico, the Netherlands, New Zealand, Nigeria, the Philippines, Singapore, South Korea, the UAE, and the UK. The actions taken today support and complement Japan’s leadership of the G-7 Hiroshima Process, the UK Summit on AI Safety, India’s leadership as Chair of the Global Partnership on AI, and ongoing discussions at the United Nations.

The actions that President Biden directed today are vital steps forward in the U.S.’s approach on safe, secure, and trustworthy AI. More action will be required, and the Administration will continue to work with Congress to pursue bipartisan legislation to help America lead the way in responsible innovation.

For more on the Biden-Harris Administration’s work to advance AI, and for opportunities to join the Federal AI workforce, visit AI.gov.

Biden-Harris Administration Launches New Efforts to Strengthen America’s K-12 Schools’ Cybersecurity

Biden-Harris Administration announces new actions and private commitments to bolster the nation’s cyber defense at schools and protect American families
 
Administration leaders, school administrators, educators, and education technology providers will convene at the White House to discuss how to strengthen the nation’s schools’ cybersecurity amidst growing ransomware attacks
 

Biden-Harris Administration announced new actions and private commitments to bolster the nation’s cyber defense at schools and protect American families © Karen Rubin/news-photos-features.com

The United States has experienced an increase in cyberattacks that have targeted the nation’s schools in recent years.  In the 2022-23 academic year alone, at least eight K-12 school districts throughout the country were impacted by significant cyberattacks – four of which left schools having to cancel classes or close completely.  Not only have these attacks disrupted school operations, but they also have impacted students, their families, teachers, and administrators.  Sensitive personal information – including, student grades, medical records, documented home issues, behavioral information, and financial information – of students and employees were stolen and publicly disclosed. Additionally, sensitive information about school security systems was leaked online as a result of these attacks.

Secretary of Education Miguel Cardona and Secretary of Homeland Security Alejandro Mayorkas, joined First Lady Jill Biden, to convene school administrators, educators and private sector companies to discuss best practices and new resources available to strengthen our schools’ cybersecurity, protect American families and schools, and prevent cyberattacks from disrupting our classrooms.
 
According to a 2022 U.S. Government Accountability Office report, the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time can take anywhere from two to nine months.  Further, the monetary losses to school districts following a cyber incident ranged from $50,000 to $1 million. That is why the Biden-Harris Administration has had a relentless focus on securing our nation’s critical infrastructure since day one, and continues to work tirelessly to provide resources that enable the U.S.’s more than 13,000 school districts to better protect and defend their students and employees against cyberattacks.
 
The Administration is taking additional action and committing resources to strengthen the cybersecurity of the nation’s K-12 school systems, including: 

  • Federal Communications Commission Chairwoman Jessica Rosenworcel is proposing establishing a pilot program under the Universal Service Fund to provide up to $200 million over three years to strengthen cyber defenses in K-12 schools and libraries in tandem with other federal agencies that have deep expertise in cybersecurity.
     
  • The U.S. Department of Education will establish a Government Coordinating Council (GCC) that will coordinate activities, policy, and communications between, and amongst, federal, state, local, tribal, and territorial education leaders to strengthen the cyber defenses and resilience of K-12 schools. By facilitating formal, ongoing collaboration between all levels of government and the education sector, the GCC will be a key first step in the Department’s strategy to protect schools and districts from cybersecurity threats and for supporting districts in preparing for, responding to, and recovering from cybersecurity attacks.
     
  • The U.S. Department of Education and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released K-12 Digital Infrastructure Brief: Defensible & Resilientthe second in a series of guidance documents to assist educational leaders in building and sustaining core digital infrastructure for learning.  Additional briefs released by the U.S. Department of Education include Adequate and Future-Proof and Privacy-Enhancing, Interoperable and Useful.
     
  • CISA is committing to providing tailored assessments, facilitating exercises, and delivering cybersecurity training for 300 new K-12 entities over the coming school year.  CISA plans to conduct 12 K-12 cyber exercises this year, averaging one per month, and is currently soliciting exercise requests from government and critical infrastructure partners, including the K-12 community.
     
  • The Federal Bureau of Investigation (FBI) and the National Guard Bureau are releasing updated resource guides to ensure state government and education officials know how to report cybersecurity incidents and can leverage the federal government’s cyber defense capabilities.

Additionally, several education technology providers are committing to providing free and low-cost resources to school districts, including:

  • Amazon Web Services (AWS) is committing the following: $20 million for a K-12 cyber grant program available to all school districts and state departments of education; free security training offerings tailored to K-12 IT staff delivered through AWS Skill Builder; and no-cost cyber incident response assistance through its Customer Incident Response Team in the event a school district experiences a cyberattack.  AWS will also provide free well-architected security reviews to U.S. education technology companies providing mission-critical applications to the K-12 community.
     
  • Cloudflare, through its Project Cybersafe Schools, will offer a suite of free Zero Trust cybersecurity solutions to public school districts under 2,500 students, to give small school districts faster, safer Internet browsing and email security.
     
  • PowerSchool, a provider of cloud-based K-12 software in the United States for 80% of school districts, will provide new free and subsidized “security as a service” courses, training, tools and resources to all U.S. schools and districts.
     
  • Google released an updated “K-12 Cybersecurity Guidebook” for schools on the most effective and impactful steps education systems can take to ensure the security of their Google hardware and software applications.
     
  • D2L, a learning platform company, is committing to: providing access to new cybersecurity courses in collaboration with trusted third-parties; extending its information security review for the core D2L integration partners; and pursuing additional third-party validation of D2L compliance with security standards.

The commitments made today will help ensure the nation’s schools are in the best position to secure their networks to keep their students, educators, and employees safe. This is the latest example of President Biden’s commitment to ease the everyday concerns facing Americans – from strengthening confidence in the safety of the devices brought into homes and classrooms to securing the cyber infrastructure of our nation’s schools. 

Biden-Harris Administration, DARPA Launch $20 Million Artificial Intelligence Cyber Challenge to Protect America’s Critical Software

Several leading AI companies – Anthropic, Google, Microsoft, and OpenAI – to partner with DARPA in major competition to make software more secure

The Biden-Harris Administration has  launched a major two-year competition that will use artificial intelligence (AI) to protect the United States’ most important software, such as code that helps run the internet and our critical infrastructure.  The “AI Cyber Challenge” (AIxCC) will challenge competitors across the United States, to identify and fix software vulnerabilities using AI. Led by the Defense Advanced Research Projects Agency (DARPA), this competition will include collaboration with several top AI companies – Anthropic, Google, Microsoft, and OpenAI – who are lending their expertise and making their cutting-edge technology available for this challenge. This competition, which will feature almost $20 million in prizes, will drive the creation of new technologies to rapidly improve the security of computer code, one of cybersecurity’s most pressing challenges. It marks the latest step by the Biden-Harris Administration to ensure the responsible advancement of emerging technologies and protect Americans.

The Biden-Harris Administration announced AIxCC at the Black Hat USA Conference in Las Vegas, Nevada, the nation’s largest hacking conference, which for decades has produced many cybersecurity innovations. By finding and fixing vulnerabilities in an automated and scalable way, AIxCC fits into this tradition. It will demonstrate the potential benefits of AI to help secure software used across the internet and throughout society, from the electric grids that power America to the transportation systems that drive daily life.

DARPA will host an open competition in which the competitor that best secures vital software will win millions of dollars in prizes. AI companies will make their cutting-edge technology—some of the most powerful AI systems in the world—available for competitors to use in designing new cybersecurity solutions. To ensure broad participation and a level playing field for AIxCC, DARPA will also make available $7 million to small businesses who want to compete.

Teams will participate in a qualifying event in Spring 2024, where the top scoring teams (up to 20) will be invited to participate in the semifinal competition at DEF CON 2024, one of the world’s top cybersecurity conferences. Of these, the top scoring teams (up to five) will receive monetary prizes and continue to the final phase of the competition, to be held at DEF CON 2025. The top three scoring competitors in the final competition will receive additional monetary prizes.

The top competitors will make a meaningful difference in cybersecurity for America and the world. The Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, will serve as a challenge advisor. It will also help ensure that the winning software code is put to use right away protecting America’s most vital software and keeping the American people safe.

Today’s announcement is part of a broader commitment by the Biden-Harris Administration to ensure that the power of AI is harnessed to address the nation’s great challenges, and that AI is developed safely and responsibly to protect Americans from harm and discrimination. Last month, the Biden-Harris Administration announced it had secured voluntary commitments from seven leading AI companies to manage the risks posed by the technology. Earlier this year, the Administration announced a commitment from several AI companies to participate in an independent, public evaluation of large language models (LLMs)—consistent with responsible disclosure principles—at DEF CON 2023. This exercise, which starts later this week and is the first-ever public assessment of multiple LLMs, will help advance safer, more secure and more transparent AI development.

In addition, the Biden-Harris Administration is currently developing an executive order and will pursue bipartisan legislation to help America lead the way in responsible AI innovation.

FACT SHEET: Biden-Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan


President Biden has made clear that all Americans deserve the full benefits and potential of our digital future. The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace.

While Donald Trump runs to take back the presidency in order to save himself from prison and continue to enrich himself off the office ($1.6 billion 2017-2021), President Joe Biden continues to actually get things done for the American people, and all fronts: growing the economy, adding jobs, increasing wages and income, increasing financial security, and protecting the country from enemies foreign and domestic, including the threats from cyberattacks and unregulated Artificial Intelligence. But the noise and tumult over Trump’s unprecedented criminal prosecutions and the Republicans who are enabling him, are drowning out any notice of what Biden is accomplishing. Here is a fact sheet on the Biden-Harris administration’s National Cybersecurity Strategy Implementation Plan—Karen Rubin/news-photos-features.com

Read the full Implementation Plan here


President Biden has made clear that all Americans deserve the full benefits and potential of our digital future. The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace:

  1. Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk
     
  2. Increasing incentives to favor long-term investments into cybersecurity

The Administration is announcing a roadmap to realize this bold, affirmative vision. It is taking the novel step of publishing the National Cybersecurity Strategy Implementation Plan (NCSIP) to ensure transparency and a continued path for coordination. This plan details more than 65 high-impact Federal initiatives, from protecting American jobs by combatting cybercrimes to building a skilled cyber workforce equipped to excel in our increasingly digital economy. The NCSIP, along with the Bipartisan Infrastructure Law, CHIPS and Science Act, Inflation Reduction Act, and other major Administration initiatives, will protect our investments in rebuilding America’s infrastructure, developing our clean energy sector, and re-shoring America’s technology and manufacturing base.

Each NCSIP initiative is assigned to a responsible agency and has a timeline for completion. Some initiatives, such as the issuance of the Administration’s Cybersecurity Priorities for the Fiscal Year 2025 Budget, have been completed ahead of schedule. Other completed activities, such as the transmittal of the May 26th Department of Defense 2023 Cyber Strategy to Congress, and the June 20th creation of a new National Security Cyber Section by the Justice Department, are key milestones in completing initiatives. This is the first iteration of the plan, which is a living document that will be updated annually.

Eighteen agencies are leading initiatives in this whole-of-government plan demonstrating the Administration’s deep commitment to a more resilient, equitable, and defensible cyberspace. The Office of the National Cyber Director (ONCD) will coordinate activities under the plan, including an annual report to the President and Congress on the status of implementation, and partner with the Office of Management and Budget (OMB) to ensure funding proposals in the President’s Budget Request are aligned with NCSIP initiatives. The Administration looks forward to implementing this plan in continued collaboration with the private sector, civil society, international partners, Congress, and state, local, Tribal, and territorial governments. As an example of the Administration’s commitment to public-private collaboration, ONCD is also working on a request for information regarding cybersecurity regulatory harmonization that will be published in the near future. The

NCSIP is not intended to capture all Federal agency activities in support of the NCS. The following are sample initiatives from the plan, which is organized by the NCS pillars and strategic objectives.

Pillar One | Defending Critical Infrastructure

  • Update the National Cyber Incident Response Plan (1.4.1): During a cyber incident, it is critical that the government acts in a coordinated manner and that private sector and SLTT partners know how to get help. The Cybersecurity and Infrastructure Security Agency (CISA) will lead a process to update the National Cyber Incident Response Plan to more fully realize the policy that “a call to one is a call to all.” The update will also include clear guidance to external partners on the roles and capabilities of Federal agencies in incident response and recovery.

Pillar Two | Disrupting and Dismantling Threat Actors

  • Combat Ransomware (2.5.2 and 2.5.4): Through the Joint Ransomware Task Force, which is co-chaired by CISA and the FBI, the Administration will continue its campaign to combat the scourge of ransomware and other cybercrime. The FBI will work with Federal, international, and private sector partners to carry out disruption operations against the ransomware ecosystem, including virtual asset providers that enable laundering of ransomware proceeds and web fora offering initial access credentials or other material support for ransomware activities. A complementary initiative, led by CISA, will include offering resources such as training, cybersecurity services, technical assessments, pre-attack planning, and incident response to high-risk targets of ransomware, like hospitals and schools, to make them less likely to be affected and to reduce the scale and duration of impacts if they are attacked.

Pillar Three | Shaping Market Forces and Driving Security and Resilience

  • Software Bill of Materials (3.3.2): Increasing software transparency allows market actors to better understand their supply chain risk and to hold their vendors accountable for secure development practices. CISA continues to lead work with key stakeholders to identify and reduce gaps in software bill of materials (SBOM) scale and implementation. CISA will also explore requirements for a globally-accessible database for end of life/end of support software and convene an international staff-level working group on SBOM.

Pillar Four | Investing in a Resilient Future

  • Drive Key Cybersecurity Standards (4.1.3, 4.3.3): Technical standards are foundational to the Internet, and U.S. leadership in this area is essential to the vibrancy and security of cyberspace. Consistent with the National Standards Strategy, the National Institute of Standards and Technology (NIST) will convene the Interagency International Cybersecurity Standardization Working Group to coordinate major issues in international cybersecurity standardization and enhance U.S. federal agency participation in the process. NIST will also finish standardization of one or more quantum-resistant publickey cryptographic algorithms.

Pillar Five | Forging International Partnerships to Pursue Shared Goals

  • International Cyberspace and Digital Policy Strategy (5.1.1 and 5.1.2): Cyberspace is inherently global, and policy solutions must reflect close collaboration with our partners and allies. The Department of State will publish an International Cyberspace and Digital Policy Strategy that incorporates bilateral and multilateral activities. State will also work to catalyze the development of staff knowledge and skills related to cyberspace and digital policy that can be used to establish and strengthen country and regional interagency cyber teams to facilitate coordination with partner nations.

FACT SHEET: Biden Administration Secures Voluntary Commitments from Leading Artificial Intelligence Companies to Manage the Risks Posed by AI

Voluntary commitments – underscoring safety, security, and trust – mark a critical step toward developing responsible AI
 
Biden-Harris Administration will continue to take decisive action by developing an Executive Order and pursuing bipartisan legislation to keep Americans safe

Since taking office, President Biden, Vice President Harris, and the entire Biden-Harris Administration have moved with urgency to seize the tremendous promise and manage the risks posed by Artificial Intelligence (AI) and to protect Americans’ rights and safety. As part of this commitment, President Biden is convening seven leading AI companies at the White House today – Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI – to announce that the Biden-Harris Administration has secured voluntary commitments from these companies to help move toward safe, secure, and transparent development of AI technology.   
 
Companies that are developing these emerging technologies have a responsibility to ensure their products are safe. To make the most of AI’s potential, the Biden-Harris Administration is encouraging this industry to uphold the highest standards to ensure that innovation doesn’t come at the expense of Americans’ rights and safety.
 
These commitments, which the companies have chosen to undertake immediately, underscore three principles that must be fundamental to the future of AI – safety, security, and trust – and mark a critical step toward developing responsible AI. As the pace of innovation continues to accelerate, the Biden-Harris Administration will continue to remind these companies of their responsibilities and take decisive action to keep Americans safe.
 
There is much more work underway. The Biden-Harris Administration is currently developing an executive order and will pursue bipartisan legislation to help America lead the way in responsible innovation.

The Biden Administration has secured voluntary commitments from seven top technology companies that they will undertake standards and procedures to responsibly develop AI (Artificial Intelligence) to insure safety, security, and trust © Karen Rubin/news-photos-features.com

In remarks announcing the commitments, President Biden said, “We’ll see more technology change in the next 10 years, or even in the next few years, than we’ve seen in the last 50 years.  That has been an astounding revelation to me, quite frankly.  Artificial intelligence is going to transform the lives of people around the world.
 
“The group here will be critical in shepherding that innovation with responsibility and safety by design to earn the trust of Americans.  And, quite frankly, as I met with world leaders, all the G7 is focusing on the same thing.
 
“Social media has shown us the harm that powerful technology can do without the right safeguards in place.
 
“And I’ve said at the State of the Union that Congress needs to pass bipartisan legislation to impose strict limits on personal data collection, ban targeted advertisements to kids, require companies to put health and safety first.
 
“But we must be clear-eyed and vigilant about the threats emerging — of emerging technologies that can pose — don’t have to, but can pose — to our democracy and our values.  
 
“Americans are seeing how advanced artificial intelligence and the pace of innovation have the power to disrupt jobs and industries.
 
“These commitments — these commitments are a promising step, but the — we have a lot more work to do together. 

“Realizing the promise of AI by managing the risk is going to require some new laws, regulations, and oversight.”
 
These seven leading AI companies are committing to:
 
Ensuring Products are Safe Before Introducing Them to the Public

  • The companies commit to internal and external security testing of their AI systems before their release. This testing, which will be carried out in part by independent experts, guards against some of the most significant sources of AI risks, such as biosecurity and cybersecurity, as well as its broader societal effects.
  • The companies commit to sharing information across the industry and with governments, civil society, and academia on managing AI risks. This includes best practices for safety, information on attempts to circumvent safeguards, and technical collaboration.

Building Systems that Put Security First

  • The companies commit to investing in cybersecurity and insider threat safeguards to protect proprietary and unreleased model weights. These model weights are the most essential part of an AI system, and the companies agree that it is vital that the model weights be released only when intended and when security risks are considered.
  • The companies commit to facilitating third-party discovery and reporting of vulnerabilities in their AI systems. Some issues may persist even after an AI system is released and a robust reporting mechanism enables them to be found and fixed quickly.

Earning the Public’s Trust

  • The companies commit to developing robust technical mechanisms to ensure that users know when content is AI generated, such as a watermarking system. This action enables creativity with AI to flourish but reduces the dangers of fraud and deception.
  • The companies commit to publicly reporting their AI systems’ capabilities, limitations, and areas of appropriate and inappropriate use. This report will cover both security risks and societal risks, such as the effects on fairness and bias.
  • The companies commit to prioritizing research on the societal risks that AI systems can pose, including on avoiding harmful bias and discrimination, and protecting privacy. The track record of AI shows the insidiousness and prevalence of these dangers, and the companies commit to rolling out AI that mitigates them.   
  • The companies commit to develop and deploy advanced AI systems to help address society’s greatest challenges. From cancer prevention to mitigating climate change to so much in between, AI—if properly managed—can contribute enormously to the prosperity, equality, and security of all.

As we advance this agenda at home, the Administration will work with allies and partners to establish a strong international framework to govern the development and use of AI. It has already consulted on the voluntary commitments with Australia, Brazil, Canada, Chile, France, Germany, India, Israel, Italy, Japan, Kenya, Mexico, the Netherlands, New Zealand, Nigeria, the Philippines, Singapore, South Korea, the UAE, and the UK. The United States seeks to ensure that these commitments support and complement Japan’s leadership of the G-7 Hiroshima Process—as a critical forum for developing shared principles for the governance of AI—as well as the United Kingdom’s leadership in hosting a Summit on AI Safety, and India’s leadership as Chair of the Global Partnership on AI. 
 
This announcement is part of a broader commitment by the Biden-Harris Administration to ensure AI is developed safely and responsibly, and to protect Americans from harm and discrimination.

  • Earlier this month, Vice President Harris convened consumer protection, labor, and civil rights leaders to discuss risks related to AI and reaffirm the Biden-Harris Administration’s commitment to protecting the American public from harm and discrimination.
     
  • Last month, President Biden met with top experts and researchers in San Francisco as part of his commitment to seizing the opportunities and managing the risks posed by AI, building on the President’s ongoing engagement with leading AI experts.
     
  • In May, the President and Vice President convened the CEOs of four American companies at the forefront of AI innovation—Google, Anthropic, Microsoft, and OpenAI—to underscore their responsibility and emphasize the importance of driving responsible, trustworthy, and ethical innovation with safeguards that mitigate risks and potential harms to individuals and our society. At the companies’ request, the White House hosted a subsequent meeting focused on cybersecurity threats and best practices.
     
  • The Biden-Harris Administration published a landmark Blueprint for an AI Bill of Rights to safeguard Americans’ rights and safety, and U.S. government agencies have ramped up their efforts to protect Americans from the risks posed by AI, including through preventing algorithmic bias in home valuation and leveraging existing enforcement authorities to protect people from unlawful bias, discrimination, and other harmful outcomes.
     
  • President Biden signed an Executive Order that directs federal agencies to root out bias in the design and use of new technologies, including AI, and to protect the public from algorithmic discrimination.
     
  • Earlier this year, the National Science Foundation announced a $140 million investment to establish seven new National AI Research Institutes, bringing the total to 25 institutions across the country.
     
  • The Biden-Harris Administration has also released a National AI R&D Strategic Plan to advance responsible AI.
     
  • The Office of Management and Budget will soon release draft policy guidance for federal agencies to ensure the development, procurement, and use of AI systems is centered around safeguarding the American people’s rights and safety.

Biden Administration Takes Steps to Promote Responsible Development of Artificial Intelligence-Before It’s Too Late

With so much concern raised about the explosive increase in use of artificial intelligence, the Biden-Harris Administration announced new actions that will further promote responsible American innovation in artificial intelligence (AI) and protect people’s rights and safety. These steps build on the Administration’s strong record of leadership to ensure technology improves the lives of the American people, and break new ground in the federal government’s ongoing effort to advance a cohesive and comprehensive approach to AI-related risks and opportunities.

AI is one of the most powerful technologies of our time, but in order to seize the opportunities it presents, we must first mitigate its risks. President Biden has been clear that when it comes to AI, we must place people and communities at the center by supporting responsible innovation that serves the public good, while protecting our society, security, and economy. Importantly, this means that companies have a fundamental responsibility to make sure their products are safe before they are deployed or made public.

Vice President Harris and senior Administration officials met on May 4 with CEOs of four American companies at the forefront of AI innovation—Alphabet, Anthropic, Microsoft, and OpenAI—to underscore this responsibility and emphasize the importance of driving responsible, trustworthy, and ethical innovation with safeguards that mitigate risks and potential harms to individuals and our society. The meeting is part of a broader, ongoing effort to engage with advocates, companies, researchers, civil rights organizations, not-for-profit organizations, communities, international partners, and others on critical AI issues.

This effort builds on the considerable steps the Administration has taken to date to promote responsible innovation. These include the landmark Blueprint for an AI Bill of Rights and related executive actions announced last fall, as well as the AI Risk Management Framework and a roadmap for standing up a National AI Research Resource released earlier this year.

The Administration has also taken important actions to protect Americans in the AI age. In February, President Biden signed an Executive Order that directs federal agencies to root out bias in their design and use of new technologies, including AI, and to protect the public from algorithmic discrimination. Last week, the Federal Trade Commission, Consumer Financial Protection Bureau, Equal Employment Opportunity Commission, and Department of Justice’s Civil Rights Division issued a joint statement underscoring their collective commitment to leverage their existing legal authorities to protect the American people from AI-related harms.

The Administration is also actively working to address the national security concerns raised by AI, especially in critical areas like cybersecurity, biosecurity, and safety. This includes enlisting the support of government cybersecurity experts from across the national security community to ensure leading AI companies have access to best practices, including protection of AI models and networks.

The administration’s announcements include:

  • New investments to power responsible American AI research and development (R&D). The National Science Foundation is announcing $140 million in funding to launch seven new National AI Research Institutes. This investment will bring the total number of Institutes to 25 across the country, and extend the network of organizations involved into nearly every state. These Institutes catalyze collaborative efforts across institutions of higher education, federal agencies, industry, and others to pursue transformative AI advances that are ethical, trustworthy, responsible, and serve the public good. In addition to promoting responsible innovation, these Institutes bolster America’s AI R&D infrastructure and support the development of a diverse AI workforce. The new Institutes announced today will advance AI R&D to drive breakthroughs in critical areas, including climate, agriculture, energy, public health, education, and cybersecurity.
     
  • Public assessments of existing generative AI systems. The Administration is announcing an independent commitment from leading AI developers, including Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI, and Stability AI, to participate in a public evaluation of AI systems, consistent with responsible disclosure principles—on an evaluation platform developed by Scale AI—at the AI Village at DEFCON 31. This will allow these models to be evaluated thoroughly by thousands of community partners and AI experts to explore how the models align with the principles and practices outlined in the Biden-Harris Administration’s Blueprint for an AI Bill of Rights and AI Risk Management Framework. This independent exercise will provide critical information to researchers and the public about the impacts of these models, and will enable AI companies and developers take steps to fix issues found in those models. Testing of AI models independent of government or the companies that have developed them is an important component in their effective evaluation.
     
  • Policies to ensure the U.S. government is leading by example on mitigating AI risks and harnessing AI opportunities. The Office of Management and Budget (OMB) is announcing that it will be releasing draft policy guidance on the use of AI systems by the U.S. government for public comment. This guidance will establish specific policies for federal departments and agencies to follow in order to ensure their development, procurement, and use of AI systems centers on safeguarding the American people’s rights and safety. It will also empower agencies to responsibly leverage AI to advance their missions and strengthen their ability to equitably serve Americans—and serve as a model for state and local governments, businesses and others to follow in their own procurement and use of AI. OMB will release this draft guidance for public comment this summer, so that it will benefit from input from advocates, civil society, industry, and other stakeholders before it is finalized.

FACT SHEET: Biden-Harris Administration Announces National Standards Strategy for Critical and Emerging Technology
 

The Biden-Harris Administration released the United States Government’s National Standards Strategy for Critical and Emerging Technology (Strategy), which will strengthen both the United States’ foundation to safeguard American consumers’ technology and U.S. leadership and competitiveness in international standards development.

Standards are the guidelines used to ensure the technology Americans routinely rely on is universally safe and interoperable. This Strategy will renew the United States’ rules-based approach to standards development. It also will emphasize the Federal Government’s support for international standards for critical and emerging technologies (CETs), which will help accelerate standards efforts led by the private sector to facilitate global markets, contribute to interoperability, and promote U.S. competitiveness and innovation.

The Strategy focuses on four key objectives that will prioritize CET standards development:

  • Investment: Technological contributions that flow from research and development are the driving force behind new standards. The Strategy will bolster investment in pre-standardization research to promote innovation, cutting-edge science, and translational research to drive U.S. leadership in international standards development. The Administration is also calling on the private sector, universities, and research institutions to make long-term investments in standards development.
     
  • Participation: Private sector and academic innovation fuels effective standards development, which is why it’s imperative that the United States to work closely with industry and the research community to remain ahead of the curve. The U.S. Government will engage with a broad range of private sector, academic, and other key stakeholders, including foreign partners, to address gaps and bolster U.S. participation in CET standards development activities.
     
  • Workforce: The number of standards organizations has grown rapidly over the past decade, particularly with respect to CETs, but the U.S. standards workforce has not kept pace. The U.S. Government will invest in educating and training stakeholders — including academia, industry, small- and medium-sized companies, and members of civil society — to more effectively contribute to technical standards development.
     
  • Integrity and Inclusivity: It is essential for the United States to ensure the standards development process is technically sound, independent, and responsive to broadly shared market and societal needs. The U.S. Government will harness the support of like-minded allies and partners around the world to promote the integrity of the international standards system to ensure that international standards are established on the basis of technical merit through fair processes that will promote broad participation from countries across the world and build inclusive growth for all.

Putting the Strategy into Practice

The U.S. private sector leads standards activities globally, through standard development organizations (SDOs), to respond to market demand, with substantial contributions from the U.S. Government, academia, and civil society groups. The American National Standards Institute (ANSI) coordinates the U.S. private sector standards activities, while the National Institute of Standards and Technology (NIST) coordinates Federal Government engagement in standards activities. Industry associations, consortia, and other private sector groups work together within this system to develop standards to solve specific challenges. To date, this approach has fostered an effective and innovative standards system that has supercharged economic growth and worked for people of all nations.

The CHIPS and Science Act of 2022 (Pub. L. 117–167) provided $52.7 billion for American semiconductor research, development, manufacturing, and workforce development. The legislation also codifies NIST’s role in leading information exchange and coordination among Federal agencies and communication from the Federal Government to the U.S. private sector. This engagement, coupled with the CHIPS and Science Act’s investments in pre-standardization research, will drive U.S. influence and leadership in international standards development. NIST provides a portal with resources and standards information to government, academia, and the public; updates on the U.S. Government’s implementation efforts for the Strategy will also be posted to that portal.

The United States Government has already made significant commitments to leading and coordinating international efforts outlined in the Strategy.  The United States has joined like-minded partners in the International Standards Cooperation Network, which serves as a mechanism to connect government stakeholders with international counterparts for inter-governmental cooperation.  Additionally, the U.S.-EU Trade and Technology Council launched a Strategic Standardization Information mechanism to enable transatlantic information sharing. 
  
Many U.S. Government agencies have already demonstrated their commitment to the Strategy through their actions and partnerships. Examples include: 

  • The National Science Foundation has updated its proposal and award policies and procedures to incentivize participation in standards development activities. 
     
  • The Department of State, NIST, the Department of Commerce, the Federal Communications Commission (FCC), the National Security Agency (NSA), the Office of the U.S. Trade Representative, USAID and other agencies engage in multilateral fora, such as the International Telecommunication Union, the Quad, the U.S.-EU Trade and Technology Council, the G7, and the Asia-Pacific Economic Cooperation, to share information on standards and CETs.
     
  • The National Telecommunications and Information Administration (NTIA) administers the Public Wireless Supply Chain Innovation Fund, a $1.5 billion grant program funded by the CHIPS and Science Act of 2022 that aims to catalyze the research, development, and adoption of open, interoperable, and standards-based networks. 
     
  • The Department of Defense engages with ANSI and the private sector in collaborative standards activities such as Global Supply Chain Security for Microelectronics and the Additive Manufacturing Standards Roadmap, as well as with the Alliance for Telecommunications Industry Solutions and the 3rd Generation Partnership Project (3GPP).
     
  • The United States Agency for International Development and ANSI work together through a public-private partnership to support the capacity of developing countries in areas of standards development, conformity assessment, and private sector engagement.
     
  • The Environmental Protection Agency SmartWay program works closely with the International Organization for Standardization (ISO) to standardize greenhouse gas accounting for freight and passenger transportation, providing a global framework for credible, accurate calculation and evaluation of transportation-related climate pollutants.
     
  • NTIA, NIST, and the FCC coordinate U.S. Government participation in 3GPP and work with the Alliance for Telecommunications Industry Solutions to ensure participation by international standards delegates at North American-hosted 3GPP meetings.
     
  • The FCC’s newly established Office of International Affairs is managing efforts across the FCC to ensure expert participation in international standards activities, such as 3GPP and the Internet Engineering Task Force, in order to promote U.S. leadership in 5G and other next-generation technologies.
     
  • The Department of Transportation supports development of voluntary consensus technical standards via multiple cooperative efforts with U.S.-domiciled and international SDOs.
     
  • The U.S. Department of Energy (DOE), though partnerships with the private sector and the contributions of technical experts at DOE and its 17 National Laboratories, contributes to standards efforts in multiple areas ranging from hydrogen and energy storage to biotechnology and high-performance computing.
     
  • The Department of the Treasury’s Office of Financial Research leads and contributes to financial data standards development work for digital identity, digital assets, and distributed ledger technology in ISO and ANSI.

The actions laid out in the Strategy align with principles set forth in the National Security Strategythe National Cybersecurity Strategy, and ANSI’s United States Standards Strategy, and will not only protect the integrity of standards development, but will ensure the long-term success of the United States’ innovation.

FACT SHEET: Biden-Harris Administration Acts to Strengthen America’s Cybersecurity, ‘Lock Our Digital Doors’

“Anonymous,” Spyscape, NYC. The Biden-Harris Administration has brought a relentless focus to improving the United States’ cyber defenses, building a comprehensive approach to “lock our digital doors” and take aggressive action to strengthen and safeguard our nation’s cybersecurity. © Karen Rubin/news-photos-features.com

The White House released this fact sheet on how the Biden-Harris Administration is strengthening cybersecurity – particularly important with the rise of cyberwarfare mounted by Russia, China, North Korea and others.

The Biden-Harris Administration has brought a relentless focus to improving the United States’ cyber defenses, building a comprehensive approach to “lock our digital doors” and take aggressive action to strengthen and safeguard our nation’s cybersecurity, including:

  • Improving the cybersecurity of our critical infrastructure.  Much of our Nation’s critical infrastructure is owned and operated by the private sector.  The Administration has worked closely with key sectors – including transportation, banking, water, and healthcare – to help stakeholders understand cyber threats to critical systems and adopt minimum cybersecurity standards.  This includes the introduction of multiple performance-based directives by the Transportation Security Administration (TSA) to increase cybersecurity resilience for the pipeline and rail sectors, as well as a measure on cyber requirements for the aviation sector. Through the President’s National Security Memorandum 8 on Improving Cybersecurity for Critical Infrastructure Control Systems, we are issuing cybersecurity performance goals that will provide a baseline to drive investment toward the most important security outcomes.  We will continue to work with critical infrastructure owners and operators, sector by sector, to accelerate rapid cybersecurity and resilience improvements and proactive measures.
     
  • Ensuring new infrastructure is smart and secure.  President Biden’s Bipartisan Infrastructure Law is an investment to modernize and strengthen our Nation’s infrastructure.  The Administration is ensuring that these projects, such as expanding the Nation’s network of electric-vehicle charging stations, are built to endure, meeting modern standards of safety and security, which includes cyber protections.  Investments in digital security through the Bipartisan Infrastructure Law (BIL) will also bring high-speed internet to underserved parts of the country, bridging the digital divide as well. Also the BIL, the Administration launched a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country. The State and Local Cybersecurity Grant Program will provide $1 billion in funding to SLT partners over four years, with $185 million available for fiscal year 2022, to support SLT efforts to address cyber risk to their information systems and critical infrastructure.
     
  • Strengthening the Federal Government’s cybersecurity requirements, and raising the bar through the purchasing power of government.  Through the President’s Executive Order on Improving the Nation’s Cybersecurity, issued in May 2021, President Biden raised the bar for all Federal Government systems by requiring impactful cybersecurity steps, such as multifactor authentication.  The Administration also issued a strategy for Federal zero trust architecture implementation, as well as budget guidance to ensure that Federal agencies align resources to our cybersecurity goals. We are also harnessing the purchasing power of the Federal Government to improve the cybersecurity of products for the first time, by requiring security features in all software purchased by the Federal Government, which improves security for all Americans.
     
  • Countering ransomware attacks to protect Americans online.  In 2021, the Administration established the International Counter-Ransomware Initiative (CRI), bringing together partners from around the globe to address the scourge of ransomware.  The White House will host international partners October 31-November 1 to accelerate and broaden this joint work.  This group has raised collective resilience, engaged the private sector, and disrupted criminal actors and their infrastructure.  The United States has made it harder for criminals to move illicit money, sanction a series of cryptocurrency mixers used regularly by ransomware actors to collect and “clean” their illicit earnings.  A number of cyber criminals have also been successfully extradited to the United States to face justice for these crimes.
     
  • Working with allies and partners to deliver a more secure cyberspace.  In addition to launching the International Counter Ransomware Initiative, the Administration has established cyber dialogues with a breadth of allies and partners to build collective cybersecurity, formulate coordinated response, and develop cyber deterrence.  We are taking this work to our most vital alliances – for example, establishing a new virtual rapid response mechanism at NATO to ensure Allies can effectively and efficiently offer each other support in response to cyber incidents.
     
  • Imposing costs on and strengthening our security against malicious actors. The Biden-Harris Administration has not hesitated to respond forcefully to malicious cyber actors when their actions threaten American or our partner’s interests.  In April of 2021, we sanctioned Russian cyber actors affiliated with the Russian intelligence services in response to the SolarWinds attack.  We worked with allies and partners to attribute a destructive hack of the Viasat system at the beginning of Russia’s war in Ukraine. 
     
  • Implementing internationally accepted cyber norms.  The Administration is committed to ensuring internationally negotiated norms are implemented to establish cyber “rules of the road.” More recently, we worked with international partners to call out Iran’s counter-normative attack on Albanian government systems and impose costs on Tehran for this act.
     
  • Developing a new label to help Americans know their devices are secure. This month, we will bring together companies, associations and government partners to discuss the development of a label for Internet of Things (IoT) devices so that Americans can easily recognize which devices meet the highest cybersecurity standards to protect against hacking and other cyber vulnerabilities.  By developing and rolling out a common label for products that meet by U.S. Government standards and are tested by vetted and approved entities, we will help American consumers easily identify secure tech to bring into their homes.  We are starting with some of the most common, and often most at-risk, technologies — routers and home cameras — to deliver the most impact, most quickly.
     
  • Building the Nation’s cyber workforce and strengthening cyber education.  The White House hosted a National Cyber Workforce and Education Summit, bringing together leaders from government and from across the cyber community. At the Summit, the Administration announced a 120-Day Cybersecurity Apprenticeship Sprint to help provide skills-based pathways into cyber jobs. With momentum from the Summit, the Administration continues to work with partners throughout society on building our Nation’s cyber workforce, improving skills-based pathways to good-paying cyber jobs, educating Americans so that they have the skills to thrive in our increasingly digital society, and improving diversity, equity, inclusion, and accessibility (DEIA) in the cyber field.
     
  • Protecting the future – from online commerce to national secrets — by developing quantum-resistant encryption.  We all rely on encryption to help protect our data from compromise or theft by malicious actors.  Advancements in quantum computing threaten that encryption, so this summer the National Institute of Standards and Technology (NIST) announced four new encryption algorithms that will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.  These algorithms are the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day, such as online banking and email software.
     
  • Developing our technological edge through the National Quantum Initiative and issuance of National Security Memorandum-10 (NSM-10) on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.  This initiative has more than doubled the United States Government’s research and development (R&D) investment in quantum technology, creating new research centers and workforce development programs across the country. NSM-10 prioritizes U.S. leadership in quantum technologies by advancing R&D efforts, forging critical partnerships, expanding the workforce, and investing in critical infrastructure; will move the Nation to quantum-resistant cryptography; and protects our investments, companies, and intellectual property as this technology develops so that the United States and our allies can benefit from this new field’s advances without being harmed by those who would use it against us.

White House Warns Businesses to Harden Defenses Against Cyber Attack

“My Administration will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure. But the Federal Government can’t defend against this threat alone. Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors,” President Biden stated. © Karen Rubin/news-photos-features.com via msnbc.

The Biden Administration, from its first days, has been warning – and acting – on cybersecurity, when previous administrations just sat back as ransomware and cyberattacks became epidemic and more lethal – threatening water supplies, power grids, even nuclear plants. But the issue of cybersecurity has become elevated and unavoidable because of Russia’s reaction to sanctions for its invasion and war crimes against Ukraine, warranting President Biden and the White House to issue new warnings and mount pre-emptive defenses. (New York  Governor Kathy Hochul already has set up infrastructure to protect New York and cooperate with federal government.)

“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience,” President Biden declared. “  I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.

“From day one, my Administration has worked to strengthen our national cyber defenses, mandating extensive cybersecurity measures for the Federal Government and those critical infrastructure sectors where we have authority to do so, and creating innovative public-private partnerships and initiatives to enhance cybersecurity across all our critical infrastructure. Congress has partnered with us on these efforts — we appreciate that Members of Congress worked across the aisle to require companies to report cyber incidents to the United States Government.

“My Administration will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure. But the Federal Government can’t defend against this threat alone. Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has been actively working with organizations across critical infrastructure to rapidly share information and mitigation guidance to help protect their systems and networks

“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year. You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.”

FACT SHEET: Act Now to Protect Against Potential Cyberattacks

The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed.  There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.

The Administration has prioritized strengthening cybersecurity defenses to prepare our Nation for threats since day one. President Biden’s Executive Order is modernizing the Federal Government defenses and improving the security of widely-used technology. The President has launched public-private action plans to shore up the cybersecurity of the electricity, pipeline, and water sectors and has directed Departments and Agencies to use all existing government authorities to mandate new cybersecurity and network defense measures. Internationally, the Administration brought together more than 30 allies and partners to cooperate to detect and disrupt ransomware threats, rallied G7 countries to hold accountable nations who harbor ransomware criminals, and taken steps with partners and allies to publicly attribute malicious activity.

We accelerated our work in November of last year as Russian President Vladimir Putin escalated his aggression ahead of his further invasion of Ukraine with extensive briefings and advisories to U.S. businesses regarding potential threats and cybersecurity protections. The U.S. Government will continue our efforts to provide resources and tools to the private sector, including via CISA’s Shields-Up campaign and we will do everything in our power to defend the Nation and respond to cyberattacks. But the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.

We urge companies to execute the following steps with urgency:

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
     
  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
     
  • Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
     
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors;
     
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
     
  • Encrypt your data so it cannot be used if it is stolen;
     
  • Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
     
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.

We also must focus on bolstering America’s cybersecurity over the long term. We encourage technology and software companies to: 

  • Build security into your products from the ground up — “bake it in, don’t bolt it on” — to protect both your intellectual property and your customers’ privacy.
     
  • Develop software only on a system that is highly secure and accessible only to those actually working on a particular project.  This will make it much harder for an intruder to jump from system to system and compromise a product or steal your intellectual property.
     
  • Use modern tools to check for known and potential vulnerabilities. Developers can fix most software vulnerabilities — if they know about them.  There are automated tools that can review code and find most coding errors before software ships, and before a malicious actor takes advantage of them. 
     
  • Software developers are responsible for all code used in their products, including open source code. Most software is built using many different components and libraries, much of which is open source.  Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials” in case one of those components is later found to have a vulnerability so you can rapidly correct it. 
     
  • Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity. Pursuant to that EO, all software the U.S. government purchases is now required to meet security standards in how it is built and deployed. We encourage you to follow those practices more broadly.

NYS Goes on Offensive in Protecting CyberSecurity With First-in-Nation Joint Security Ops Center

New York State Governor Kathy Hochul has proposed a historic $61.9 million investment in the state’s cyber protections, which includes creating the first-in-nation Joint Security Operations Center to oversee cybersecurity across the state and $30 million to help local governments bolster their cyber defenses © Karen Rubin/news-photos-features.com

The New York JSOC Will Serve as a First-of-its-Kind Hub for Data Sharing and Cyber Coordination Across New York State, New York City, the Five Major Upstate Cities, Local and Regional Governments, Critical Infrastructure and Federal Partners

Announcement Builds on Governor Hochul’s Unprecedented $61.9 Million Investment in the State’s Cybersecurity Infrastructure as Part of FY23 Budget

Governor Proposes Historic New $30 Million Program for Localities to Help Bolster Cyber Defenses Statewide

As reports have come in about cyberattacks to cripple Ukraine, New York State Governor Kathy Hochul announced the creation of a Joint Security Operations Center in Brooklyn that will serve as the nerve center for joint local, state and federal cyber efforts, including data collection, response efforts and information sharing.  A partnership  launched with New York City Mayor Eric Adams, Albany Mayor Kathy Sheehan, Syracuse Mayor Ben Walsh, Buffalo Mayor Byron Brown, Rochester Mayor Malik Evans, Yonkers Mayor Mike Spano, and cyber leaders across the state, the JSOC is the nation’s first-of-its-kind cyber command center that will provide a statewide view of the cyber-threat landscape and improve coordination on threat intelligence and incident response.

“There is a new type of emerging risk that threatens our daily lives, and just as we improved our physical security infrastructure in the aftermath of 9/11, we must now transform how we approach cybersecurity with that same rigor and seriousness,” Governor Hochul said. “I’m proud to announce this dynamic and innovative partnership to establish the Joint Security Operations Center in collaboration with New York City, our upstate cities, and government and business leaders across the state. Cybersecurity has been a priority for my administration since Day 1, and this command center will strengthen our ability to protect New York’s institutions, infrastructure, our citizens and public safety.” 

This innovative collaboration has been months in the making and is the result of Governor Hochul and her team’s early vision and commitment to enhancing the State’s cybersecurity posture. No other state has brought together cybersecurity teams in a shared command space at this scale including federal, state, city, and county governments, critical businesses and utilities, and state entities like Division of Homeland Security and Emergency Services, Office of Information Technology Services, New York State Police, MTA, Port Authority of New York and New Jersey, the New York Power Authority, among others.

New York’s leadership in finance, energy, transportation, healthcare, and other critical fields makes the State an attractive target for cyberattacks that can disrupt operations, including critical infrastructure and services to citizens. While government entities across the State have historically taken an independent approach to cyber defense and protecting the safety of their technology assets, acting alone is no longer optimal. As the frequency and sophistication of cyberattacks have grown, so too has the need for a “whole of government” approach.

The JSOC, headquartered in Brooklyn and staffed by both physical and virtual participants from across the state, will improve defenses by allowing cyber teams to have a centralized viewpoint of threat data. This will yield better collaboration on threat intelligence, reduction in response time, and quicker remediation in the event of a major cyber incident. It will help participating entities respond to potential issues and elevate systemic trends that may have otherwise gone undetected. This approach leverages all the cyber defense assets at the state, city, local and authority-level under one umbrella.

New York State will collaborate with city and regional leaders on cyber trainings and exercises as the JSOC becomes operational over the coming months. The Governor and her team will continue ongoing conversations with the White House and federal partners to ensure coordination.

This builds on Governor Hochul’s historic proposal in this year’s budget for investment in New York State’s cyber protections, which includes $61.9 million for cybersecurity, doubling the previous investment. These investments will fund critical protections, including the expansion of the state’s cyber Red Team program to provide additional penetration testing, an expanded phishing exercise program, vulnerability scanning and additional cyber incident response services. These investments help ensure that if one part of the network is attacked, the State can isolate and protect the rest of the system.

As part of this proposal, the Governor is also proposing a $30 million “shared services” program to help local governments and other regional partners acquire and deploy high quality cybersecurity services to bolster their cyber defenses. The interconnected nature of the state’s networks and IT programs means that attacks can quickly spread across the state. Many government entities often do not have the funding or resources necessary to protect their systems, some which provide critical services like healthcare, law enforcement, emergency management, water treatment, and unemployment insurance, to name a few. 

In remarks announcing the new cybersecurity effort, Governor Hochul said, “Given the increasingly volatile geopolitical circumstances with Russia and Ukraine. And we just heard from President Biden moments ago on the advancing troops from Russia, we can no longer act independently. And that has been the case where the state of New York has its plan. City of New York has a plan. Our mayors, our local governments throughout the state of New York. And that is not sustainable in light of the threats that we’re seeing. And we can’t expect cities and counties to go it alone. They don’t have the resources, they don’t have the technological know-how and we’re rethinking our entire approach to cybersecurity really based on the model that was put together after 9/11, when we had a fight and talk about how we can bring people together for our physical security. And that was the genesis of the joint terrorism task force…

We realized that we’re only as strong as our weakest link and the synergy between even our local governments, our cities, and our counties, they’re connected to our state operations. So an attack on them could lead to a larger attack and disruption of service from the state as well. So again, breaking down the silos, the data sharing that has not gone on and bringing it together under one place, and we can strengthen our defenses exponentially.

“And we all know that cyber criminals are relentless. They are motivated, whether they’re state actors, whether they’re rogue individuals, they’re trying to disrupt our operations. Their intent is truly malicious, and that’s why we want to take serious steps here today.

“They’re trying to disrupt our systems and sometimes even extort us for money. And we’ve seen that with hospitals and schools and universities in our own state. And in fact that right now, even costs us $5 to $10 billion a year annually. And just in the last year, 2020 to 21, we’ve had actually 85 serious attacks. And this is even before we’re dealing with the geopolitical situation that I referenced earlier.

“So we know cyber-attacks will continue to happen. And in the long term, this joint security operation, which we call JSOC, you always have to have an acronym if you’re talking about anything in law enforcement, JSOC, this’ll be the tip of the spear for our cybersecurity operations in the state.

“So we know cyber-attacks will continue to happen. And in the long term, this joint security operation, which we call JSOC, you always have to have an acronym if you’re talking about anything in law enforcement, JSOC, this’ll be the tip of the spear for our cybersecurity operations in the state.

“And here we are at 11 MetroTech. And again, this will allow us to have a statewide view and operation sharing. They’ll be doing tabletop exercises. They’ll be working closely together. And I have to tell you, this is absolutely unprecedented. I anticipate that this will be a model for other states. Other areas should be dealing with the same sense of urgency that we [bring] to this. But we know New York state, New York City, we are always going to be in the line of sight for the terrorists and those who want to disrupt our way of life. And knowing that we are the epicenter of financial institutions, and our operations are large infrastructure, and our transportation systems, the MTA, the Port Authority. So that is why we were working so closely with them. And I want to thank Mayor Adams and Chief Technology Officer, Matt Fraser for their partnership.

“We just had a tour of the facility. It is state-of-the-art. This, again, is an incredible model of what collaboration and partner looks like as well. As I mentioned, Albany Mayor Sheehan and, Mayor Spano, who’ve traveled here together today. So this is what collaboration looks like. Physically here, but also we have to put money behind this. And I realized as Governor, and I started asking questions about what we’ve done, where our investments have been, they have been lacking. And I’m proud that my administration is proposing a historic $62 million investment in cybersecurity. More than double what has been spent in previous years and making sure that we have the resource.”

Local governments will get $30 million to buy, at a subsidized price, the technological know-how they need to defend themselves.

Hochul said the state would also be increasing the number of cybersecurity professionals in the state’s workforce, with a plan to hire 70 immediately. “We’re going to be aggressive about identifying cybersecurity individuals who are early in their careers through our Excelsior Fellows program. Also mid-year technologists who have specialties in this, offering them 18 months deployments to become embedded with these operations right here, an incredible experience for them and we’ll take from their experience as well.”

SUNY and CUNY systems are also primed to be training the next generation of professionals. The College Of Emergency Preparedness and Homeland Security at the University of Albany is the first of its kind in the nation. “We need to replicate this. So we have cybersecurity degrees all over the State of New York. These are our ways that we’re going to be attracting more people getting more talent here and using, the very best and the brightest that we can to address this threat.”

Hochul added, “This is also an individual challenge. And I’m afraid that many of members of the public become desensitized when they say, well, ‘You need to make sure that you have a strong passwords and multifactor authentication,’ which people not even quite sure what that means. You need to protect yourself and change your passwords. Be prepared. Act as if you know that attack is coming, because if it comes and you’re not ready, it can be devastating. Your access to your money, your ability to make purchases. You do not want to be there at a place where you would say to yourself, ‘I wish I had taken steps.’

“This is the warning. This is the warning in light of what’s happening globally. This is what is happening, throughout a normal course of our years, as we’ve seen with these attacks, we’ve experienced over the last decade. And so, now is the time for New Yorkers to be prepared. And those of us with older parents or grandparents, tell them not to open up an email if they do not know, it’s not pictures from their grandchildren, don’t open it up. Because there really is a lot of phishing going on, a lot of opportunities for people to really take your personal information and use it in nefarious ways. And so we want to make sure that our older loved ones hear this warning, understand what they need to do, or not do, in a circumstance that we’re describing here as well.

“So, I’ll close by saying the threat of cyber-attacks is very real. Particularly now, that is the warning we’re receiving out of Washington, particularly for a place like New York, and therefore our state and our cities will be taking a leading role in fortifying our defenses in the battlefield against cyber warfare.

“And we will be as relentless in our defense as the criminals are in their aggression. Mark my words, we will thwart them at every step of the way. And this is proof of what we’re doing here today. Again,first in the nation. And I do hope that other states and other governors will follow the lead of what we’re doing here today.”

New York City Mayor Eric Adams said,”New York City is a prime target for those who want to attack our cyber infrastructure to cause destruction. While New York City Cyber Command is already a national model for impeding these threats, it’s time our cybersecurity moved to the next level. We know that when it comes to cyberattacks, the difference between a minor disruption and a catastrophe can be a matter of minutes. That is why the new Joint Security Operations Center will take an integrated and holistic approach to hardening our cyber defenses across the state. I thank Governor Hochul and our fellow mayors for their partnership, and look forward to working with them to confront this common threat.”

Cybersecurity and Infrastructure Security Agency Director Jen Easterly said, “In today’s globally interconnected world, everyone plays a role in protecting Americans against the threat of cyberattacks. The Cybersecurity and Infrastructure Security Agency (CISA) applauds the creation of the NY JSOC and, as always, stands ready to partner with our state and local counterparts in keeping New York’s critical infrastructure safe and secure. Proactive cybersecurity incident response and recovery planning will help mitigate risk and ensure a unified response when an incident happens. Collaboration is at the heart of CISA’s mission, and we look forward to supporting this effort as it becomes operational.”

Division of Homeland Security and Emergency Services Commissioner Jackie Bray said“Thanks to Governor Hochul’s leadership and vision, we are bringing an integrated, statewide approach to cybersecurity with our government partners. The JSOC will become the nerve center for collecting intelligence on potential threats, keeping an eye out for intruders and breaches, and responding to cybersecurity threats and incidents.”

New York State Office of Information Technology Services Chief Information Officer Angelo “Tony” Riddick said,”Governor Hochul’s commitment to safeguard our state’s infrastructure and the personal information of all New Yorkers has been a priority since her first day in office. The new normal of constant cyber risks threaten every level of government, so we must take innovative steps and work together. Creation of a JSOC will better protect our information and ensure we remain even more vigilant against cybercrime while keeping New Yorkers safe.”

New York State Police Superintendent Kevin Bruen said,”Collaboration and information sharing are crucially important when it comes to providing security and assessing threats.  We appreciate the efforts by Governor Hochul to form this innovative partnership, which will help strengthen cybersecurity efforts and improve response to future incidents.”

Port Authority Executive Director Rick Cotton said“The safety and security of the Port Authority’s transportation facilities remain the highest priority of the Port Authority – including a relentless focus on cybersecurity. We applaud Governor Hochul, Mayor Adams and leaders from across the state for creating the JSOC that will enhance the ability of government agencies to identify, resource and implement best practices TO combat cyber threats as they continue to evolve.”

Interim President and CEO of New York Power Authority Justin E. Driscoll said,”As the nation’s largest public state utility, cybersecurity is of utmost importance to NYPA. We are thankful to our city and state partners for their collaboration in creating the JSOC. This center will help NYPA keep our systems safe and enable us to continue to generate clean electricity and maintain one-third of the state’s transmission system without incident or interruption, all while providing a whole-of-state approach to protecting New York State from emerging threats.”

MTA Chair and CEO Janno Lieber said, “Cross-agency collaboration is key to providing the best cyber defenses. We are eager to share information and expertise about the MTA’s multilayered cybersecurity systems as we work to protect the state against potential threats.”

Albany Mayor Kathy Sheehan said, “Every day, the City of Albany – like organizations across the nation – defends itself against cyber attacks originating from across the globe. As the victim of a successful ransomeware attack in 2019, the City of Albany knows full well the impact this cybersecurity threat can have on the systems that serve our residents and protect our infrastructure. Thankfully, New York State was there for us when it mattered most, and now we will proactively partner within the Joint Security Operations Center to help identify and respond to cybersecurity threats not only to our city, but other local and state agencies across New York. Thank you to Governor Hochul, Commissioner Bray, and Chief Information Officer Riddick for making this investment and deepening the vital partnerships that will help protect our entire state.” 

Buffalo Mayor Byron Brown said, “Cyber attacks are an emerging threat that state and local governments must take swift action to protect against, and I am thankful Governor Hochul has the vision to apply a statewide, all-hands-on-deck approach to ensure our safety. I am pleased that Buffalo is part of the launch of this first-of-its-kind Joint Security Operations Center that will position us to be better prepared to prevent, protect against, respond to and recover from cyberattacks.”

Rochester Mayor Malik Evans said, “We look forward to working with the state and our other municipal partners to address the critical issue of cybersecurity. We appreciate the Governor’s investment to protect our data. Any attacks on our technical infrastructure systems is actually an attack on the citizens we serve, so bolstering our defenses is a wholly worthwhile endeavor.”

Syracuse Mayor Ben Walsh said,”Cybersecurity is a challenge facing every public and private sector organization every day. Cities are dealing with very similar vulnerabilities, threats and risks. Through the JSOC we will be better able to share intelligence and solutions and better protect our critical assets and the people we serve. I thank Governor Hochul for not just providing resources to our communities but for creating a command center so the state can share more data, information and expertise to confront this always-changing risk. We are always stronger working together.”

Yonkers Mayor Mike Spano said,”The recent wave of cyber security attacks serves as a wake-up call for cities across our country. I thank Governor Hochul for her proactive approach in giving Mayors, who are the generals on the frontlines, a seat at the table to work one on one with some of the most brilliant cyber defense minds in the country as we amplify our cyber security.”