WASHINGTON, DC, Feb. 8
OpenPolicy and leading innovative companies are collaborating with the National Institute of Standards and Technology (NIST) in the Artificial Intelligence Safety Institute Consortium to lay the foundation for AI safety across the world. We wiill be joining more than 200 of the nation’s leading artificial intelligence (AI) stakeholders to participate in a Department of Commerce initiative to support the development and deployment of trustworthy and safe AI.
The consortium will be housed under the U.S. AI Safety Institute (USAISI) and will contribute to priority actions outlined in President Biden’s landmark Executive Order, including developing guidelines for red-teaming, capability evaluations, risk management, safety and security, and watermarking synthetic content.
“Through President Biden’s landmark Executive Order, we will ensure America is at the front of the pack – and by working with this group of leaders from industry, civil society, and academia, together we can confront these challenges to develop the measurements and standards we need to maintain America’s competitive edge and develop AI responsibly.”
WASHINGTON, DC, Feb. 6
Amit Elazari, OpenPolicy and leading innovative companies submitted today a testimony, alongside Lucian Niemeyer and Building Cyber Security to the U.S. House of Representatives Subcommittee on Cybersecurity and Infrastructure Protection, on the urgent need to address cybersecurity threats in operational technology (OT), particularly in the water sector for the hearing.
Policy Recommendations made by OpenPolicy and Building Cyber Security emphasized the need for a collaborative and flexible approach, combining public and private sector efforts to address the evolving cyber threats to critical infrastructure, particularly in the water sector.
WASHINGTON, DC, Oct. 30
Today, the White House Administration and President Biden Issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence.
The Executive Order is a welcomed and necessary step forward in ensuring both the trusted deployment of AI and seizing U.S. competitiveness and leadership in AI development.
Supporting the trusted deployment and development of AI entails supporting the development of cutting-edge innovative solutions needed to protect government, industry, and society from emerging AI threats. The undersigned are innovative companies of all sizes that stand forefront of developing leading security, safety, and trustworthy AI and privacy solutions. We believe that the Biden-Harris Administration's Executive Order provides a sound framework for addressing the emerging security and safety AI threats and ensuring that AI is developed and used in a
safe, secure, and trustworthy manner.
Among others, we are supportive of the Executive Order's focus on the development of new security and safety standards, the use of risk management processes such as red-teaming on AI, the use of AI tools to support the remediation of vulnerabilities in critical software, the use of AI and technology solutions to protect from AI-generated content, and the focus on the development of privacy-enhancing solutions and expansion of privacy guidance. We are encouraged by the Executive Order’s focus on cultivating broader frameworks that enhance the
security, transparency, and accountability of AI systems, based on industry standards and NIST frameworks, and stand committed to developing solutions that enable the rapid adoption of such
standards across industry and government alike.
We recommend the Administration works closely with industry and specifically continues to broaden and cultivate stakeholder engagement with the innovation ecosystem, including investors and startups, as it implements the Executive Order, to strike the right balance between supporting innovation and advancing requirements. We are committed to working closely with
the Administration and implementing agencies to foster the safe, secure, and trustworthy
deployment of AI.
Watch more: https://youtu.be/OMXQMsKS0Xw
Today, the White House announced the launch of the U.S. Cyber Trust Mark program alongside the FCC. The U.S. Cyber Trust Mark will allow Americans to confidently identify which connected devices meet the U.S. Government’s cybersecurity requirements and are less vulnerable to cyberattacks.
The White House hosted an event today for the official launch of a national labeling system for consumer connected devices. OpenPolicy was among the organizations in attendence.
Dr. Amit Elazari, editor of international ISO/IEC standard for IoT Security, and CEO and Co-Founder of OpenPolicy attended the event alongside leading policymakers, agency directors, members of Congress, and CEOs of multi-national companies and Trade Associations.
OpenPolicy further convened leading start-ups and innovative security companies helping to protect the ecosystem from connected devices. These experts expressed their support and commitment to the effort and engage with policymakers.
We released the following joined statement of support:
OpenPolicy Partners Statement in Support of the IoT Security Labeling Initiative
The launch of the IoT Security Label marks a pivotal step forward in our collective journey to raise the bar on product security and equipping the ecosystem with better information on the security posture of devices and enterprises. It empowers users and businesses to take a more active role in their connected life and make better-informed decisions about their security and privacy.
This is a critical pillar marking the Administration’s long-standing commitment to the security of the ecosystem and the nation, building on a decade of product security initiatives such as NIST work on IoT security baselines (NISTIR 8259), the Executive Order on Improving the Nation’s Cybersecurity and the Federal IoT Cybersecurity Improvement Act, now in implementation.
We are supportive of, and encouraged by, the Administration’s recognition of the critical need to enhance the security measures in products and IoT, measurability and transparency of security of these devices, and user awareness and accountability of manufacturers in this domain.
As part of our longstanding partnership with the U.S. Government and public-private partnerships that elevate security, the following organizations are committed to supporting the IoT Security labeling initiative and the broader mission of protecting, users, products and the nation.
We are doing so by taking the following actions:
Armis will work with the Administration as part of this effort to enhance the visibility and security posture of IoT devices deployed by the federal government, states, and enterprises and their alignment with the labeling scheme controls. Armis will continue to provide actionable asset visibility and threat intelligence on novel attack vectors for IoT/OT as part of its overarching mission to monitor the entire attack threat landscape. Armis will work with the administration and government partners, together with its ecosystem of partners, to inform future IoT security controls, measurability, innovations and processes that can elevate security.
Claroty will work with the Administration to provide situational awareness and expertise for the Extended Internet of Things (XIoT) across industrial and critical infrastructure sectors at the federal, state and local level. We aim to support goals of the labeling scheme and relevant security standards by providing insight into the risks associated with XIoT assets which, if compromised, could have significant real-world impact.
Cybeats will contribute to the Administration, the Scheme Owner and Relevant Government Partners’ technology solutions to support the measurability, assessment and enforcement of the features and controls required by the Label and product security more broadly, including by leveraging Software Bill of Materials (SBOMs) to enhance awareness and visibility into the current state of IoT devices and potential unmitigated vulnerabilities. Cybeats will share information on emerging threats (such as current state of devices deployed with known threats) and continue to work with fellow partners to develop standards and best practices for software and IoT security, and SBOM in particular in support of the label.
As a global leader in cybersecurity training and awareness, ThriveDX fully supports the Administration's commitment to product security and clear, publicly available information on the security posture of devices and enterprises. ThriveDX will continue to work closely with our government and academic partners to not only bring more diverse audiences into this conversation but skill the workforce of the future on IoT security and equip them with relevant training that will apply to the rollout of this national cybersecurity effort.
As part of Cybellum’s mission to keep the connected products we all rely on cyber secure, Cybellum will continue to support the administration to promote product security by contributing intelligence on new threats and cyber risks arising from consumer devices sectors such as automotive, medical, and banking. Cybellum will collaborate with the administration to explore pathways for the development and incorporation of automatic solutions for policy validation, within product security processes, to seamlessly validate the security posture of devices, generate compliance reports, and automatically validate policies, before and after such devices enter the market.
As part of its mission to provide organizations a true system of record for all digital infrastructure, Axonius will work with the Administration to provide visibility, context, and actionable asset intelligence. Axonius will continue to support its many government customers, the Administration, and partners to discover, monitor, and control hardware, software, identities, SaaS, cloud, and IoT/OT assets.
Mine, a leader in data and privacy risk management, will work with the Administration to increase the adoption of technology solutions to support the measurability, assessment, and enforcement of the Label controls for security, data protection, and product awareness. Mine will partner with the administration to explore additional novel solutions for users and enterprises to address holistic risks (AI, privacy, and Security) steaming from IoT data collection and its usage by AI applications. Mine will further share expertise with the administration on data mapping and transparency solutions for IoT. It aims to empower users to understand better data collected by devices, exercise their privacy rights in IoT, and build trust between users and manufacturers.
BreachQuest, an emerging cyber startup focusing on innovative technology for incident reporting, is supportive of the Administration’s efforts and will work with the Administration to identify opportunities to increase the speed and scale of an incident response while reducing the time, cost, and effort of recovery time from a breach steamed from connected devices. BreachQuest will further share threat information, and work with the Administration and relevant agencies to continue to improve response, recover, and resiliency across all devices in the ecosystem.
OpenPolicy CEO and Co-Founder, Dr. Amit Elazari, and Co-Editor of ISO/IEC 27402 (IoT baseline security measures) is committed to continuing to support global standardization and ecosystem efforts for creating technical standards in support of the Labeling Scheme and alignment of baseline security measures globally, including by supporting relevant convenings. OpenPolicy will also provide a relevant overview of global emerging product security regulations and standards, leveraging its technology.
OpenPolicy produced an animation and stakeholder video, which includes leading think tanks, and academic and industry voices, providing an overview of the initiative and explaining its importance, to be used broadly by all stakeholders. The animation will be provided in a Creative Commons license available for all to use.
OpenPolicy is committed to convening leading product security stakeholders, with a focus on innovators and startups, to support the Administration’s work on elevating the security of IoT and enabling a pipeline of future of IoT Security innovations.
More about OpenPolicy:
In a world where future regulation drives technology markets at scale, and only selected few lobby governments - OpenPolicy is the world’s first policy intelligence and engagement platform, unlocking future markets by connecting businesses of all sizes with policymakers globally, to drive advocacy more effectively.
OpenPolicy goal is to democratize access to the most important market intelligence out there: future regulatory, government and policy action.
We believe that access to policy can be powered by technology and access to markets can be powered by policy.