[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 4230 Introduced in Senate (IS)]
<DOC>
118th CONGRESS
2d Session
S. 4230
To improve the tracking and processing of security and safety incidents
and risks associated with artificial intelligence, and for other
purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
May 1, 2024
Mr. Warner (for himself and Mr. Tillis) introduced the following bill;
which was read twice and referred to the Committee on Commerce,
Science, and Transportation
_______________________________________________________________________
A BILL
To improve the tracking and processing of security and safety incidents
and risks associated with artificial intelligence, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Secure Artificial Intelligence Act
of 2024'' or the ``Secure A.I. Act of 2024''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Artificial intelligence safety incident.--The term
``artificial intelligence safety incident'' means an event that
increases the risk that operation of an artificial intelligence
system will--
(A) result in physical or psychological harm; or
(B) lead to a state in which human life, health,
property, or the environment is endangered.
(2) Artificial intelligence security incident.--The term
``artificial intelligence security incident'' means an event
that increases--
(A) the risk that operation of an artificial
intelligence system occurs in a way that enables the
extraction of information about the behavior or
characteristics of an artificial intelligence system by
a third party; or
(B) the ability of a third party to manipulate an
artificial intelligence system in order to subvert the
confidentiality, integrity, or availability of an
artificial intelligence system or adjacent system.
(3) Artificial intelligence security vulnerability.--The
term ``artificial intelligence security vulnerability'' means a
weakness in an artificial intelligence system that could be
exploited by a third party to subvert, without authorization,
the confidentiality, integrity, or availability of an
artificial intelligence system, including through techniques
such as--
(A) data poisoning;
(B) evasion attacks;
(C) privacy-based attacks; and
(D) abuse attacks.
(4) Counter-artificial intelligence.--The term ``counter-
artificial intelligence'' means techniques or procedures to
extract information about the behavior or characteristics of an
artificial intelligence system, or to learn how to manipulate
an artificial intelligence system, in order to subvert the
confidentiality, integrity, or availability of an artificial
intelligence system or adjacent system.
SEC. 3. VOLUNTARY TRACKING AND PROCESSING OF SECURITY AND SAFETY
INCIDENTS AND RISKS ASSOCIATED WITH ARTIFICIAL
INTELLIGENCE.
(a) Processes and Procedures for Vulnerability Management.--Not
later than 180 days after the date of the enactment of this Act, the
Director of the National Institute of Standards and Technology shall--
(1) initiate a process to update processes and procedures
associated with the National Vulnerability Database of the
Institute to ensure that the database and associated
vulnerability management processes incorporate artificial
intelligence security vulnerabilities to the greatest extent
practicable; and
(2) identify any characteristics of artificial intelligence
security vulnerabilities that make utilization of the National
Vulnerability Database inappropriate for their management and
develop processes and procedures for vulnerability management
for those vulnerabilities.
(b) Voluntary Tracking of Artificial Intelligence Security and
Artificial Intelligence Safety Incidents.--
(1) Voluntary database required.--Not later than 1 year
after the date of the enactment of this Act, the Director of
the Institute, in coordination with the Director of the
Cybersecurity and Infrastructure Security Agency, shall--
(A) develop and establish a comprehensive,
voluntary database to publicly track artificial
intelligence security and artificial intelligence
safety incidents; and
(B) in establishing the database under subparagraph
(A)--
(i) establish mechanisms by which private
sector entities, public sector organizations,
civil society groups, and academic researchers
may voluntarily share information with the
Institute on confirmed or suspected artificial
intelligence security or artificial
intelligence safety incidents, in a manner that
preserves confidentiality of any affected
party;
(ii) leverage, to the greatest extent
possible, standardized disclosure and incident
description formats;
(iii) develop processes to associate
reports pertaining to the same incident with a
single incident identifier;
(iv) establish classification, information
retrieval, and reporting mechanisms that
sufficiently differentiate between artificial
intelligence security incidents and artificial
intelligence safety incidents; and
(v) create appropriate taxonomies to
classify incidents based on relevant
characteristics, impact, or other relevant
criteria.
(2) Identification and treatment of material artificial
intelligence security or artificial intelligence safety
risks.--
(A) In general.--Upon receipt of relevant
information on an artificial intelligence security or
artificial intelligence safety incident, the Director
of the Institute shall determine whether the described
incident presents a material artificial intelligence
security or artificial intelligence safety risk
sufficient for inclusion in the database developed and
established under paragraph (1).
(B) Priorities.--In evaluating a reported incident
pursuant to paragraph (1), the Director shall
prioritize inclusion in the database cases in which a
described incident--
(i) describes an artificial intelligence
system used in critical infrastructure or
safety-critical systems;
(ii) would result in a high-severity or
catastrophic impact to the people or economy of
the United States; or
(iii) includes an artificial intelligence
system widely used in commercial or public
sector contexts.
(3) Reports and anonymity.--The Director shall populate the
voluntary database developed and established under paragraph
(1) with incidents based on public reports and information
shared using the mechanism established pursuant to subparagraph
(B)(i) of such paragraph, ensuring that any incident
description sufficiently anonymizes those affected, unless
those who are affected have consented to their names being
included in the database.
SEC. 4. UPDATING PROCESSES AND PROCEDURES RELATING TO COMMON
VULNERABILITIES AND EXPOSURES PROGRAM AND EVALUATION OF
CONSENSUS STANDARDS RELATING TO ARTIFICIAL INTELLIGENCE
SECURITY VULNERABILITY REPORTING.
(a) Definitions.--In this section:
(1) Common vulnerabilities and exposures program.--The term
``Common Vulnerabilities and Exposures Program'' means the
reference guide and classification system for publicly known
information security vulnerabilities sponsored by the
Cybersecurity and Infrastructure Security Agency.
(2) Relevant congressional committees.--The term ``relevant
congressional committees'' means--
(A) the Committee on Homeland Security and
Governmental Affairs, the Committee on Commerce,
Science, and Transportation, the Select Committee on
Intelligence, and the Committee on the Judiciary of the
Senate; and
(B) the Committee on Oversight and Accountability,
the Committee on Energy and Commerce, the Permanent
Select Committee on Intelligence, and the Committee on
the Judiciary of the House of Representatives.
(b) In General.--Not later than 180 days after the date of
enactment of this Act, the Director of the Cybersecurity and
Infrastructure Security Agency shall--
(1) initiate a process to update processes and procedures
associated with the Common Vulnerabilities and Exposures
Program to ensure that the program and associated processes
identify and enumerate artificial intelligence security
vulnerabilities to the greatest extent practicable; and
(2) identify any characteristic of artificial intelligence
security vulnerabilities that make utilization of the Common
Vulnerabilities and Exposures Program inappropriate for their
management and develop processes and procedures for
vulnerability identification and enumeration for those
artificial intelligence security vulnerabilities.
(c) Evaluation of Consensus Standards.--
(1) In general.--Not later than 30 days after the date of
enactment of this Act, the Director of the National Institute
of Standards and Technology shall initiate a multi-stakeholder
process to evaluate whether existing voluntary consensus
standards for vulnerability reporting effectively accommodate
artificial intelligence security vulnerabilities.
(2) Report.--
(A) Submission.--Not later than 180 days after the
date on which the evaluation under paragraph (1) is
carried out, the Director shall submit a report to the
relevant congressional committees on the sufficiency of
existing vulnerability reporting processes and
standards to accommodate artificial intelligence
security vulnerabilities.
(B) Post-report action.--If the Director concludes
in the report submitted under subparagraph (A) that
existing processes do not sufficiently accommodate
reporting of artificial intelligence security
vulnerabilities, the Director shall initiate a process,
in consultation with the Director of the National
Institute of Standards and Technology and the Director
of the Office of Management and Budget, to update
relevant vulnerability reporting processes, including
the Department of Homeland Security Binding Operational
Directive 20-01, or any subsequent directive.
(d) Best Practices.--Not later than 90 days after the date of
enactment of this Act, the Director of the Cybersecurity and
Infrastructure Security Agency shall, in collaboration with the
Director of the National Security Agency and the Director of the
National Institute of Standards and Technology and by leveraging
efforts of the Information Communications Technology Supply Chain Risk
Management Task Force to the greatest extent practicable, convene a
multi-stakeholder process to encourage the development and adoption of
best practices relating to addressing supply chain risks associated
with training and maintaining artificial intelligence models, which
shall ensure consideration of supply chain risks associated with--
(1) data collection, cleaning, and labeling, particularly
the supply chain risks of reliance on remote workforce and
foreign labor for such tasks;
(2) inadequate documentation of training data and test data
storage, as well as limited provenance of training data;
(3) human feedback systems used to refine artificial
intelligence systems, particularly the supply chain risks of
reliance on remote workforce and foreign labor for such tasks;
(4) the use of large-scale, open-source datasets,
particularly the supply chain risks to repositories that host
such datasets for use by public and private sector developers
in the United States; and
(5) the use of proprietary datasets containing sensitive or
personally identifiable information.
(e) Rule of Construction.--To the extent practicable, the Director
shall examine the reporting requirements pursuant to division Y of the
Cyber Incident Reporting for Critical Infrastructure Act of 2022
(Public Law 117-103) and the amendments made by that division and
ensure that the requirements under this section are not duplicative of
requirements set forth in that division and the amendments made by that
division.
SEC. 5. ESTABLISHMENT OF ARTIFICIAL INTELLIGENCE SECURITY CENTER.
(a) Establishment.--Not later than 90 days after the date of the
enactment of this Act, the Director of the National Security Agency
shall establish an Artificial Intelligence Security Center within the
Cybersecurity Collaboration Center of the National Security Agency.
(b) Functions.--The functions of the Artificial Intelligence
Security Center shall be as follows:
(1) Making available a research test-bed to private sector
and academic researchers, on a subsidized basis, to engage in
artificial intelligence security research, including through
the secure provision of access in a secure environment to
proprietary third-party models with the consent of the vendors
of the models.
(2) Developing guidance to prevent or mitigate counter-
artificial intelligence techniques.
(3) Promoting secure artificial intelligence adoption
practices for managers of national security systems (as defined
in section 3552 of title 44, United States Code) and elements
of the defense industrial base.
(4) Coordinating with the Artificial Intelligence Safety
Institute within the National Institute of Standards and
Technology.
(5) Such other functions as the Director considers
appropriate.
(c) Test-Bed Requirements.--
(1) Access and terms of usage.--
(A) Researcher access.--The Director shall
establish terms of usage governing researcher access to
the test-bed made available under subsection (b)(1),
with limitations on researcher publication only to the
extent necessary to protect classified information or
proprietary information concerning third-party models
provided through the consent of model vendors.
(B) Availability to federal agencies.--The Director
shall ensure that the test-bed made available under
subsection (b)(1) is also made available to other
Federal agencies on a cost-recovery basis.
(2) Use of certain infrastructure and other resources.--In
carrying out subsection (b)(1), the Director shall leverage, to
the greatest extent practicable, infrastructure and other
resources provided under section 5.2 of the Executive Order
dated October 30, 2023 (relating to safe, secure, and
trustworthy development and use of artificial intelligence).
(d) Access to Proprietary Models.--In carrying out this section,
The Director shall establish such mechanisms as the Director considers
appropriate, including potential contractual incentives, to ensure the
provision of access to proprietary models by qualified independent,
third-party researchers, provided that commercial model vendors have
voluntarily provided models and associated resources for such testing.
<all>