As U.S. federal agencies move to take advantage of the potential benefits of artificial intelligence (AI) they are also left wondering how to structure governance of these new systems. President Biden’s Executive Order on AI and the following memorandum from the White House Office of Management and Budget stated that all agencies must appoint a Chief AI Officer.
But where does this individual sit within an organization? What background should they have? To whom do they report? Governance must consider the typical cybersecurity tenants of confidentiality, integrity, and availability but expand to consider explainability, safety, and potential for bias.
How this will be done and answers to these questions will be examined in an upcoming paper from the Center for Cybersecurity Policy & Law (CCPL). We want to hear from those in government and industry on how these challenges are being solved and how agencies are moving forward.
Specifically, the paper will:
- Explore current and proposed governance structure within agencies, based on White House and NIST guidance, and what changes may be necessary to incorporate AI.
- Understand other approaches to governance of AI and identify best practices both in the public and private sector organizations that can be identified and replicated.
- Review existing guidance on AI deployment and applicable guidance from other overlapping disciplines -- cyber, data, risk management, acquisition -- for federal agencies and identify gaps.
- Recommend actionable guidance that can accelerate agencies implementation or development of safe and secure AI.
Existing policy components from cloud computing, cybersecurity, automated technologies, and other implementations of innovative technologies could be relevant and useful if applied. Policy specifically for AI could be accelerated if existing applicable policy is clarified and new policy is focused on specific enhancements required for government use of AI.
Have a perspective on AI governance? Reach out to the CCPL team to share your thoughts on how this challenge can be solved as we race toward rolling out AI systems across government.
Read Next
It’s Time for the Insurance Industry to Get Creative with Incident Response
Companies are adopting baseline tools to thwart attackers leading but one tool often overlooked is Protective DNS. PDNS can intercept malicious queries in real time, blocking access to known or malicious domains before harm is done.
2025 Cyber Policy Award Winners
The Institute for Security and Technology hosted the Second Annual Cyber Policy Awards, uniting the U.S. cyber policy community alongside key international partners, celebrating those who have made notable contributions.
Public Sector AI Governance: Build on Existing, Strong Foundations
The use of AI technologies in federal agencies is ever expanding but governance is necessary to ensure its proper use. This report looks at existing governance structures, the role of the CAIO, and recommendations to make governance more effective.
