It’s a ‘north star’ strategy and not an executive order: Unlike strategy documents or executive orders issued by presidential administrations in the past, this action plan contains no implementation requirements, deadlines, or specifics on when many of its actions need to be completed or how. It is a “north star strategy for all of these agencies,” Bellini says.”This tells agencies where they should be leaning in, and then the work is going to be in the next month actually to figure out how this gets implemented,” IAPS’s Marron says.”It is what the administration is presenting as a to-do list, and it does not have the force of an executive order,” Heather West, senior fellow at the Center for Cybersecurity Policy and Law, tells CSO. Despite a lack of specific directions, West believes federal agencies will get the message. “I do expect every agency will need to prioritize, but given that they did bounce all of the elements of this plan off of the relevant agencies, the agencies hopefully believe that they can pull it off,” she says.
Congress could make things more definitive: The action plan was released just as the US House and Senate are moving to create a reconciliation bill for the FY2026 National Defense Authorization Act (NDAA). Both the House and Senate bills contain extensive provisions on what the military expects when it comes to AI technologies, with great emphasis on cybersecurity technologies.”We’re enthused to see that Congress is taking action and setting the high bar when it comes to AI and cybersecurity,” Manifest Cyber’s Bardenstein says.The Center for Cybersecurity Policy and Law’s West agrees. “It would not surprise me at all if pieces of the action plan get picked up by Congress and expanded on,” she says. “The plan is much more abstract, and Congress will necessarily have to be more specific if they do pick it up.”
Budget cuts could put a crimp in the plan: The AI plan has also been released amid budget cuts proposed by the Trump administration, which might significantly constrain how quickly agencies can begin implementing some of the concepts it contains.”The administration is saying that it cares a lot about security at the same time it’s cutting critical security programs that federal agencies and critical infrastructure depend upon,” Bardenstein says.On the other hand, ConnectSecure’s Bellini thinks improved efficiency and the automation that AI delivers will make up for the reduced funds. “Because budget cuts have been incorporated along with this request, you’re thinking, how does that make sense?” he says. “A lot of the activities that we’ve been doing in those agencies do not need to be done anymore or can be done in a more efficient or completely different way.”Regardless of how the AI plan gets implemented, one key element moving forward on an AI strategy is trust, Bardenstein says. “I was one of the cybersecurity leads for the COVID-19 vaccines for Operation Warp Speed at DoD. That too was a race. It was a race to see which country globally could come out with the first COVID-19 vaccine. At the same time, it was also understood by the administration that trust was a critical factor in winning that race.”He adds, “When we think about winning technological races, crossing the finish line on adoption and technological development is part of the success criteria. But so is establishing trust and safety in the adoption of those technologies. And if you don’t have either of them, you haven’t won.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4027604/white-house-ai-plan-heavy-on-cyber-light-on-implementation.html
