Page 115 - Cyber Defense eMagazine January 2023
P. 115
AI, by its nature, lends itself to breaking down data silos, as it streamlines data governance and assists
with expediting the approval process for agencies sharing data. Still, the lack of fundamental legislation
leads to separate AI requirements for each agency and makes cross-agency collaboration more difficult.
For example, the Department of Energy may require a level of AI transparency that the Department of
Homeland Security's AI cannot provide, making collaborating on a project difficult and creating silos of
information that cannot be shared between the two agencies. Additionally, the network in which one AI
system operates may look completely different from the other, making it even more challenging to share
information.
Actionable legislation will help solve this issue. By enforcing government-wide AI regulations and
recommendations, agencies can work within each other's standardized AI networks with confidence that
their guidelines are being met, breaking down the data silos created by different frameworks.
However, standardized legislation may be more easily said than done.
A World of AI Regulation
No single framework or legislation can fulfill the mission requirements of all agencies, as AI is often
mission-oriented.
Take one critical aspect of AI, ethics, as an example. The AI Bill of Rights does feature guidelines on
mitigating discrimination in AI. However, agencies have different ethical considerations and risks to
consider. For instance, while the Department of Defense (DoD) must deal with life-and death-decisions
for warfighters overseas, the Department of Education must look at student application bias or curriculum
prejudice.
However, this doesn't mean AI legislation can ignore the issue of ethics. Instead, comprehensive
legislation should showcase and clarify the plurality of AI by requiring each agency create a framework
explicitly designed for their goals while still meeting baseline government-wide criteria.
Incorporating language requiring developers consider the general challenges most AI solutions must
address – such as bias, user safety, and implementation – while allowing a level of flexibility within the
details can account for specific agency missions.
For example, while both DoD and the Department of Education have different ethical considerations,
guidelines such as "AI must only be used to support the safety and development of U.S. residents and
citizens" apply to both agencies. Furthermore, requiring detailed guidelines be approved by the legislative
branch ensures that each framework is viable and in line with these basic considerations.
NIST has already laid the groundwork for this process by outlining several considerations in its AI Risk
Management Framework, listing the characteristics of trustworthy systems as "valid and reliable, safe,
fair and bias is managed, secure and resilient, accountable and transparent, explainable and
interpretable, and privacy-enhanced." By adding a legal aspect to this list and elaborating on additional
considerations, the government can create a foundation for AI legislation.
Cyber Defense eMagazine – January 2023 Edition 115
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
