In January 2008, the Bush Administration issued the Top Secret National Security Presidential Directive 54 on Cybersecurity Policy which “establishes United States policy, strategy, guidelines, and implementation actions to secure cyberspace.”
Despite its relevance to a central public policy issue, both the Bush and Obama Administrations had refused to release the Directive.
But last week, in response to a five-year Freedom of Information Act effort by the Electronic Privacy Information Center, the National Security Agency released a lightly redacted version of the document, most of which had been unclassified all along.
“This Directive, which is the foundational legal document for all cybersecurity policies in the United States, evidences government efforts to enlist private sector companies, more broadly monitor Internet activity, and develop offensive cybersecurity capability,” said EPIC in its release of the document.
By preparing credible, bipartisan options now, before the bill becomes law, we can give the Administration a plan that is ready to implement rather than another study that gathers dust.
Even as companies and countries race to adopt AI, the U.S. lacks the capacity to fully characterize the behavior and risks of AI systems and ensure leadership across the AI stack. This gap has direct consequences for Commerce’s core missions.
The last remaining agreement limiting U.S. and Russian nuclear weapons has now expired. For the first time since 1972, there is no treaty-bound cap on strategic nuclear weapons.
As states take up AI regulation, they must prioritize transparency and build technical capacity to ensure effective governance and build public trust.