Published: August 15, 2023 at 06:09 am
By Baan Alsinawi, Managing Director, Strategy and Risk, CISO Global, and Founder of TalaTek, a CISO Global company
All anyone wants to talk about these days is AI, and when seven leading U.S. producers of AI technology recently stepped forward with their commitment to voluntarily include cybersecurity in their platforms, cybersecurity practitioners everywhere were cautiously optimistic. After conversations with the Biden-Harris administration, representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI publicly “agreed that AI firms have a duty to build systems that put security first.” That means safeguarding their AI models against cyber and insider threats and sharing best practices and standards to prevent misuse, reduce risks to society and protect national security.” The question is whether or not it will it go far enough. In the battle between good AI cyber hygiene and the need to be “first”, who do we really believe will be the winner?
More Positive Pressure from Regulators
How many U.S. startups will actually be willing to invest in making their platforms and IoT devices secure before going to market? This is the question Federal Communications Commission Chairwoman Jessica Rosenworcel and several of her cohorts proposed a new voluntary program last spring that would encourage companies to include information about the out-of-the-box security status of technological products, rewarding those which meet special standards with a U.S. Cyber Trust Mark. Security by design and default is not a new concept, but it often seems to take time before businesses understand the real costs of risk and the various ways to mitigate it before they are willing to wholeheartedly adopt the recommendations of cybersecurity professionals.
The Last Time We Saw This Trend
After public backlash to Mark Zuckerburg’s infamous appearances before both the U.S. Senate and EU Parliament, in which the CEO sidestepped a great many well-articulated privacy and security questions, it became clear that both legislators and consumers were fed up with the lack of protections required of these giants. Giving up on Big Tech’s previous lobbying efforts to prevent regulation, Apple, Google, AT&T, and Charter then decided to move away from the Big Tech herd, publicly acquiescing to – if not outright supporting – the winds of change favoring federal data privacy laws for consumer protection. There are some very strong opinions out there about why Big Tech made this shift, but the important thing