Distilling this week’s 19,117 alerts into the 22 alerts that you care about
Mary Kopczynski, CEO of RegAlytics, breaks down this week’s hot regulatory topics, exclusively for Exiger.
- Regulator of the Week: The Executive Office of the President
- Topic of the Week: Software Security
- Other Interesting Alerts
Regulator of the Week: The Executive Office of the President
The Regulator of the Week is the The Executive Office of the President.
In case you missed it, the President issued a major executive order specifically targeted towards China. It calls for Treasury along with Commerce and other federal agencies to enforce laws that will make us confirm that U.S. industry are not sending “covered national security technologies and products” to “countries of concern.” Then they define what these terms mean. Covered National Security Technologies means sensitive technologies for semiconductors and microelectronics, quantum information tech, artificial intelligence and basically anything that is critical for the military, or intelligence agencies. And the country of concern is identified in the appendix as The People’s Republic of China, The Special Administrative Region of Hong Kong, and The Special Administrative Region of Macau.
[7 Takeaways from the Executive Order on Tech Investments in China]
This was followed by a notice from Treasury that the Department is going to put out a rule for this and they’d like public commentary in advance to creating the rule. As of Tuesday, there was only one comment posted, so if you want to make sure Treasury considers important considerations relative to your business, you may want to look into that. Comments are due on September 28.
[WEBINAR | UFLPA: One Year in and Looking Ahead]
Topic of the Week: Software Security
But that’s not all The Executive Office of the President did, because they are actually behind every alert in the Topic of the Week, which is Software Safety.
Open Source Software
On the order of the President, the following agencies worked together to build a strategy around open-source software security. This was spurred by the Log4Shell vulnerability in 2021.
- The Office of the National Cyber Director (ONCD)
- the Cybersecurity Infrastructure Security Agency (CISA)
- the National Science Foundation (NSF)
- Defense Advanced Research Projects Agency (DARPA)
- Office of Management and Budget (OMB)
These agencies are inviting the public to comment on areas of long-term focus and prioritization for open-source software security. If you’ve never seen one of these, it’s basically a bunch of questions the regulators are asking. Things like, “How should the Federal Government contribute to driving down the most important systemic risks in open-source software?” That one has 5 comments so far, and those are due on October 8.
Request for Information on Open-Source Software Security: Areas of Long-Term Focus and PrioritizationWe Want Your Input to Help Secure Open Source Software
Software Security
In another cross-agency effort, CISA along with the NSA and NIST published a factsheet about quantum capabilities. The agencies urge all organizations, especially those that support critical infrastructure, to begin early planning for migration to post-quantum cryptographic (PQC) standards. And you can do this by developing your own quantum-readiness roadmap. So remember that buzzword. Quantum-readiness. You’re going to start hearing it everywhere.
Also spurred by the White House, DARPA launched a two-year competition that will use AI to protect the country’s most important software, such as code that helps run the internet and critical infrastructure. Several of top AI companies – Anthropic, Google, Microsoft, and OpenAI – are participating, and there will be almost $20 million in prizes awarded.
Finally, the White House convened a roundtable to discuss data brokers, and how they monetize our personal information. The Consumer Finance Protection Board (CFPB) is looking into passing rules on this, because they want to ensure these practices don’t harm consumers.
[Expert Tips on C-SCRM and Building a Trusted Software Supply Chain]