
Compliance as Code and Improving the ATO Process
Summary
A wide-scale cyber-attack in 2020 impacted a staggering number of federal agencies, including the agency that oversees the United States nuclear weapons arsenal. Government officials are still determining what information the hackers may have accessed, and what they might do with it.
The fundamental failure of federal technology security is the costly expenditure of time and resources on processes that do not make our systems more secure. Our muddled compliance activities allow insecure legacy systems to operate longer, increasing the risk of cyber intrusions and other system meltdowns. The vulnerabilities introduced by these lengthy processes have grave consequences for the nation at large.
In federal technology, the approval to launch a new Information Technology (IT) system is known as an Authority to Operate (ATO). In its current state, the process of obtaining an ATO is resource-intensive, time-consuming, and highly cumbersome. The Administration should kick-start a series of immediate, action-oriented initiatives to incentivize and operationalize the automation of ATO processes (also known as “compliance as code”) and position agencies to modernize technology risk management as a whole.
Despite their importance, programs focused on AI trustworthiness form only a small fragment of total funding allocated for AI R&D by the National Science Foundation.
Measuring how neurons integrate their inputs and respond to them is key to understanding the impressive and complex behavior of humans and animals. However, a complete measurement of neuronal Input-Output Functions (IOFs) has not been achieved in any animal.
Wearable health electronics are now ubiquitous, but continuous molecular monitoring is only widely available for glucose.
When it comes to AI, the Department of Defense is still moving too slowly to make meaningful and sustainable innovation.