Exiger Regulatory Roundup, Episode 7


Distilling this week’s 19,642 alerts into the 10 alerts that you care about

Mary Kopczynski, CEO of RegAlytics, breaks down this week’s hot regulatory topics, exclusively for Exiger.

My congratulations to the Exiger teams who launched 1Exiger, where they’ve brought the power of all their AI supply chain capability into one incredible user-friendly experience.  And, in there, is a handy RegAlytics feed ready for your viewing.

Regulator of the Week: CISA

The (non) regulator of the week is CISA, the U.S. Cybersecurity and Infrastructure Security Agency, the division of Homeland Security that coordinates the U.S. response to cyber threats. Three big alerts.  Well, two big ones and one fun one. Because for me, new government action is fun.

CISA: Hardware Bill of Materials Framework

Number one, CISA released the new Hardware Bill of Materials Framework (HBOM) for supply chain risk management, which it developed as part of the public-private ICT Supply Chain Risk Management Task Force.  What is an HBOM? Similar to a SBOM, a software bill of materials, a hardware bill of materials is kind of like a list of ingredients – but in this case it is the ingredients that go into your hardware.

Decades ago when it came to security products for the government, typically a company produced every single part, so it knew exactly what risks were in its products. Today, however, most products are created with hardware from third parties and vendors from all over the world delivered via global supply chains, so it’s becoming an emerging risk practice to have Hardware Bill of Materials along with your Software Bill of Materials. The framework CISA put together with the Task Force provides a consistent naming methodology for attributes of components, a format for identifying and providing information about the different types of components, and guidance of what hardware information is appropriate depending on the purpose for which the hardware will be used.

CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM)

CISA: Memory Safety

Additionally this week, CISA put out an URGENT alert on the need for Memory Safety in software products.  For over half a century, software engineers have known about “memory safety vulnerabilities” and in fact, Microsoft reported that approximately 70% of the vulnerabilities year after year, continue to be memory safety issues. Google likewise reported that 70% of its serious security bugs are memory safety problems. This is a problem, and CISA suggests leveraging the three core principals of their “secure by design whitepaper” to reduce memory unsafety. 1. Take ownership of customer security outcomes. 2. embrace radical transparency and, 3. lead security transformations from the top of the organization. So CTOs, I hope you have this on your radar.

The Urgent Need for Memory Safety in Software Products

CISA: Super Bowl Safety

And finally, there’s the fun one. CISA along with the NFL, Allegiant Stadium, and Super Bowl LVIII  partners held a tabletop exercise this week to explore, assess, and enhance cybersecurity response ahead of the Super Bowl. Sports events, after all, are high-profile and have been known to be high-value targets for nefarious cyber actors. 

CISA, NFL, and Local Partners Conduct Cybersecurity Exercise in Preparation for Super Bowl LVIII

Topic of the Week: CHIPS

The Topic of the Week is CHIPS. No, not the crunchy delightful salty snack of your dreams. I’m of course talking about Creating Helpful Incentives to Produce Semiconductors (CHIPS, get it?) and Science Act enacted by Congress last summer, which provides roughly $280 billion in new funding to the manufacturing of semiconductors in the United States. 

FL, MA: CHIPS Funding

For example, in what is now a weekly development, two more states this week, Florida and Massachusetts, made announcements of CHIPS funding. $50M in Florida.  $25M to the Florida Job Growth Program and $25M to workforce development programs in semiconductors. Close to $20M in Massachusetts, which will be spent on establishing the Northeast Microelectronics Coalition Hub, which has the express purpose of advancing the microelectronic needs of the Department of Defense, and the state of Massachusetts itself will match with its own $40M.

That’s a lot of money and a lot needs to ensure there is no abuse of funds. That’s one of Exiger’s specialties – supplier due diligence.

ICYMI: Governor DeSantis Dedicates $50 Million for Cutting-Edge Workforce Development Initiative to Boost Florida’s Semiconductor Industry
Massachusetts Wins Proposal to Host Northeast Microelectronics Hub through Federal CHIPS and Science Act

CRS: Semiconductors and AI

Then we get to this week’s Congressional Research Service bulletin on Semiconductors and Artificial Intelligence. The CRS is one of the main sources of information that Congress uses to provide context to Senators and House Members on upcoming bills. I use CRS bulletins to get a sense of what’s top of mind in Congress. And wow. It’s rare that I say this, but I feel like this tiny two-page document is a must-read for all Americans and pretty much all human beings to understand what is happening in the race for artificial intelligence power and how semiconductors are a critical component of that power.

Semiconductors and Artificial Intelligence

Commerce, NIST, CHIPS: Final Rule

Finally, the big CHIPS alert of the week comes from a joint federal alert from NIST, the National Institute of Standards and Technology, the CHIPS Program office and the Department of Commerce, which finalized the rule implementing the national security guardrails for CHIPS. The rule elaborates on two core rules about CHIPS, no foreign manufacturing or joint technology or research with foreign entities of concern. And that will be for 10 years AFTER the company receives the funding. Final rule. So they addressed the industry’s concerns, answered questions, clarified different definitions and confirmed there will be notification requirements from the recipients, where they have to tell the government if they’re going to do something in advance to doing it, and there will be clawbacks in the event that the funds are not used correctly.

CHIPS for America Webinar: National Security Guardrails
Biden-Harris Administration Announces Final National Security Guardrails for CHIPS for America Incentives Program
Preventing the Improper Use of CHIPS Act Funding

Partnership for Atlantic Cooperation

What else do you need to know this week?  Well, with the UN meetings going on in NYC, there was lots of collaboration all over the world.  The U.S. was particularly focused on ocean safety, with the participation in the Partnership for Atlantic Cooperation, which was signed by 32 countries with the purpose of protecting this very important global resource. 

32 Countries Launch the Partnership for Atlantic Cooperation
Declaration on Atlantic Cooperation

U.S.-Pacific Partnership

And it didn’t stop there.  The White House formally reaffirmed the U.S.-Pacific Partnership, including a formal acknowledgement on the sovereignty of the Cook Islands and the Island of Niue, which are traditionally a part of New Zealand, with their own governing structure, but now the US is going to treat them independently and set up direct diplomatic relations.

Fact Sheet: Enhancing the U.S.-Pacific Islands Partnership
U.S.-Pacific Islands Forum Leaders Statement on Reaffirming U.S.-Pacific Partnership
Remarks by Joseph Biden Jr., President of the U.S., and Mark Brown, Prime Minister of the Cook Islands Before Meeting With Pacific Islands Forum Leaders
Statement by Karine Jean-Pierre, Press Secretary, on the U.S.-Pacific Islands Forum Summit
Statement by President Biden on the Recognition of the Cook Islands and the Establishment of Diplomatic Relations
Statement by President Biden on the Recognition of Niue and the Establishment of Diplomatic Relations

And that’s it this week for Exiger’s Regulatory Roundup. Join me every week no matter where I am for your dose of regulatory news.

Other Interesting Alerts

Congressional Research ServiceWTO Agreement on Government Procurement (GPA)
Congressional Research ServiceChina Primer: Human Rights
Congressional Research ServiceU.S. Government Procurement and International Trade
European Data Protection BoardSwift Adoption of Regulation to Streamline Cross-Border Enforcement Needed
Securities and Exchange CommissionOrder Instituting Cease and Desist Proceedings, Making Findings, and Imposing a Cease and Desist Order: Kandi Technologies Group, Inc.
South Carolina Office of the GovernorLatitude Corp. Expands U.S. Footprint by Establishing First South Carolina Operations in Clarendon County
U.K. Regulatory Policy CommitteeThe Data Protection (Adequacy) (United States of America) Regulations 2023: U.K. Extension to the EU-U.S. Data Privacy Framework – Impact Assessment Statement From the RPC
U.S. Customs and Border ProtectionCBP Modifies Withhold Release Order Against Supermax Corporation Bhd. and Its Subsidiaries
U.S. Department of CommerceReadout of Secretary Raimondo’s Meeting With Minister of Industry and Trade Nguyen Hong Dien
U.S. Department of the TreasuryTreasury Sanctions Multinational Network Supporting Iran’s UAV and Military Aircraft Production
U.S. Department of TransportationElectric Vehicle Charging Stations Categorical Exclusion
U.S. Executive Office of the PresidentFact Sheet: President Biden Issues Executive Order to Protect People in East Palestine, Ohio and Nearby Communities, and Continue to Hold Norfolk Southern Accountable
U.S. Executive Office of the PresidentExecutive Order on Ensuring the People of East Palestine are Protected Now and in the Future
U.S. Executive Office of the PresidentFact Sheet: U.S. Action on Global Development
U.S. Executive Office of the PresidentFact Sheet: Biden- Harris Administration Launches American Climate Corps to Train Young People in Clean Energy, Conservation, and Climate Resilience Skills, Create Good-Paying Jobs and Tackle the Climate Crisis
U.S. Executive Office of the PresidentFact Sheet: Biden- Harris Administration Announces New Actions to Reduce Greenhouse Gas Emissions and Combat the Climate Crisis
U.S. Executive Office of the PresidentStatement From Joseph R. Biden, President of the United States on Tentative Agreement Between the Alliance of Motion Picture and Television Producers and the Writers Guild of America
U.S. Executive Office of the PresidentStatement by Jake Sullivan, National Security Advisor, on Reports of Attack on Cuban Embassy in Washington, DC
U.S. Executive Office of the PresidentBy the Numbers: Impacts of House Republicans’ Extreme CR 8% Cuts
U.S. Executive Office of the PresidentState by State Impacts: House Republicans’ Extreme CR Would Decimate the Low Income Home Energy Assistance Program as Temperatures Drop
Ukraine Office of the PresidentVolodymyr Zelenskyy and Justin Trudeau signed an updated Free Trade Agreement between Ukraine and Canada
United Automobile, Aerospace and Agricultural Implement Workers of AmericaStatement by Shawn Fain, UAW President, on Ford’s Announcement to Pause Construction on Marshall EV Battery Plant

Demo The
Exiger Platform

Save the Day
Be a supply chain superhero