Exiger Regulatory Roundup, Episode 2

August 23, 2023

Article

Distilling this week’s 19,117 alerts into the 22 alerts that you care about

Mary Kopczynski, CEO of RegAlytics, breaks down this week’s hot regulatory topics, exclusively for Exiger.

Regulator of the Week: The Executive Office of the President
Topic of the Week: Software Security
Other Interesting Alerts

Regulator of the Week: The Executive Office of the President

The Regulator of the Week is the The Executive Office of the President.

In case you missed it, the President issued a major executive order specifically targeted towards China. It calls for Treasury along with Commerce and other federal agencies to enforce laws that will make us confirm that U.S. industry are not sending “covered national security technologies and products” to “countries of concern.” Then they define what these terms mean. Covered National Security Technologies means sensitive technologies for semiconductors and microelectronics, quantum information tech, artificial intelligence and basically anything that is critical for the military, or intelligence agencies. And the country of concern is identified in the appendix as The People’s Republic of China, The Special Administrative Region of Hong Kong, and The Special Administrative Region of Macau.

Letters to the Speaker of the House and the President of the Senate on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern

Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern

[7 Takeaways from the Executive Order on Tech Investments in China]

This was followed by a notice from Treasury that the Department is going to put out a rule for this and they’d like public commentary in advance to creating the rule. As of Tuesday, there was only one comment posted, so if you want to make sure Treasury considers important considerations relative to your business, you may want to look into that. Comments are due on September 28.

Treasury Seeks Public Comment on Implementation of Executive Order Addressing U.S. Investments in Certain National Security Technologies and Products in Countries of Concern

[WEBINAR | UFLPA: One Year in and Looking Ahead]

Topic of the Week: Software Security

But that’s not all The Executive Office of the President did, because they are actually behind every alert in the Topic of the Week, which is Software Safety.

Open Source Software

On the order of the President, the following agencies worked together to build a strategy around open-source software security. This was spurred by the Log4Shell vulnerability in 2021.

The Office of the National Cyber Director (ONCD)
the Cybersecurity Infrastructure Security Agency (CISA)
the National Science Foundation (NSF)
Defense Advanced Research Projects Agency (DARPA)
Office of Management and Budget (OMB)

These agencies are inviting the public to comment on areas of long-term focus and prioritization for open-source software security. If you’ve never seen one of these, it’s basically a bunch of questions the regulators are asking. Things like, “How should the Federal Government contribute to driving down the most important systemic risks in open-source software?” That one has 5 comments so far, and those are due on October 8.

Request for Information on Open-Source Software Security: Areas of Long-Term Focus and Prioritization We Want Your Input to Help Secure Open Source Software

Software Security

In another cross-agency effort, CISA along with the NSA and NIST published a factsheet about quantum capabilities. The agencies urge all organizations, especially those that support critical infrastructure, to begin early planning for migration to post-quantum cryptographic (PQC) standards. And you can do this by developing your own quantum-readiness roadmap. So remember that buzzword. Quantum-readiness. You’re going to start hearing it everywhere.

CISA, NSA and NIST Publish New Resource for Migrating to Post-Quantum Cryptography

Also spurred by the White House, DARPA launched a two-year competition that will use AI to protect the country’s most important software, such as code that helps run the internet and critical infrastructure. Several of top AI companies – Anthropic, Google, Microsoft, and OpenAI – are participating, and there will be almost $20 million in prizes awarded.

Biden – Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software

Finally, the White House convened a roundtable to discuss data brokers, and how they monetize our personal information. The Consumer Finance Protection Board (CFPB) is looking into passing rules on this, because they want to ensure these practices don’t harm consumers.

Readout of White House Roundtable on Protecting Americans From Harmful Data Broker Practices

[Expert Tips on C-SCRM and Building a Trusted Software Supply Chain]

Other Interesting Alerts

Agency	Title
Alaska Department of Administration	Request for Proposals: 18-607-24 – Hazardous Substance Assessment, Cleanup, and Monitoring & Risk Assessment and Risk Assessment Support
Federal Trade Commission; Federal Trade Commission, Bureau of Consumer Protection	Telemarketer Fees to Access the FTC’s National Do Not Call Registry to Increase in FY 2024
Financial Conduct Authority	FCA Sets Out Expectations for U.K. Cryptoasset Businesses Complying With the Travel Rule
State Bank of Vietnam	Consultation on the Market Development of Supply Chain Finance: A Main Tool for SME and Agri Finance
U.K. Space Agency	Water Pollution, Carbon Emissions and Biodiversity Threats Set to Be Tackled by Satellite Data Services
U.S. Cybersecurity and Infrastructure Security Agency	Blog Post by Grace Amadi, Program Specialist, Resilience Services Branch (RSB): CISA Releases Infrastructure Resilience Planning Framework Launchpoint
U.S. Defense Acquisition Regulations System	Final Rule: Acquisition Regulation – Technical Amendments
U.S. Department of Commerce	Biden-Harris Administration Announces $106 Million in Recommended Funding for West Coast and Alaska Salmon Recovery
U.S. Executive Office of the President	Statement by Joseph R. Biden Jr., President of the United States, on the One Year Anniversary of the CHIPS and Science Act
U.S. Executive Office of the President	One Year After the CHIPS and Science Act, Biden- Harris Administration Marks Historic Progress in Bringing Semiconductor Supply Chains Home, Supporting Innovation, and Protecting National Security
U.S. House of Representatives	House of Representatives Bill HB5227: Prohibit the Department of Defense From Acquiring Computers or Printers Manufactured by or From Entities Controlled by the Government of the People’s Republic of China, and for Other Purposes (118th Congress) (I)
U.S. House of Representatives	House of Representatives Bill HB5239: Prohibit the Issuance of an Interim or Final Rule that Establishes a Vessel Slowdown Zone in the Gulf of Mexico Until the Secretary of Commerce Completes a Study Demonstrating that Proposed Mitigation Efforts Would Have No Negative Impact on Supply Chains, and for Other Purposes (118th Congress) (I)
U.S. House of Representatives	House of Representatives Bill HB5235: Expressly Include Sustainable Aviation Fuels in the Farm Bill, and for Other Purposes (118th Congress) (I)