During a House Oversight Committee hearing on Thursday, Rep. Pete Sessions (R-TX) spoke about the creation of an AI 'standards body' to ensure adequate protection for sensitive data.
Category
🗞
NewsTranscript
00:00Sessions for five minutes. Madam Chair, thank you very much and good morning to each of the panel
00:05members. We appreciate you being here. A long time ago I spent time at Bell Labs where we were
00:12responsible for the network architecture but also the development of the switch that would be
00:20utilized. We set standards and did things to where we had unified way to look at how switch
00:27operated. We both know we had SALT and VOLT Typhoon whereby our government people learned that the
00:36Chinese had been into our cyber through cyber our databases for a long time.
00:44Should have found it, didn't find it, cost us. My question really is and I'm sure every each one of
00:51you have an answer for this or at least your vision of that. All it takes is one node to be
00:59compromised. It's like a big fence that goes around. It just takes one loose place. Does the federal
01:09government, do we here in Congress need to ask someone, do we need to deal with other countries,
01:16that there's a need to be a standards body that's specifically like when I worked at the labs
01:23to set what those standards are? How do we avoid with all the things we're doing
01:29getting something that happens like that again? I'll, sir, evidently you're, you've got your hand on the
01:36panel first. Any ideas? I didn't know this is jeopardy that you had to be quick. Well, okay, then we can go to
01:43your last if you want. But my point is, do you have any ideas on this question?
01:49So we have things. I mean, this is the job of the NSA, right? This is the, we have security
01:55organizations in the United States whose job is to protect American data. And I think we do actually
02:00do a pretty good job. And we have problems that a lot of data is in private hands that, you know,
02:05right now that if you think about just the Defense Department, there are thousands of networks,
02:09but there are rules. And, you know, I think we're doing okay. I don't think we need an international
02:15standard. I mean, this is very much United States. I mean, NATO does things together. So there are
02:21groups. But I would, this isn't like a corporate security thing where we need an international
02:26standard. Everyone's consistent. The U.S. has U.S. problems, U.S. adversaries, and we do have U.S.
02:32solutions. We also have battleships and aircraft carriers are out in the middle of places. Anyone
02:39else? Thank you, sir. Mr. Shaw? Yeah, I think, you know, what we've seen, and especially in
02:45cybersecurity, the NIST has created standards there that became adopted by a majority of the
02:50industry. And I think when it comes to AI and protecting data, coming from the lens of a startup
02:56from a young company, we've looked at the new standards that they have around AI, and they're
03:01actually pretty good. And they do provide for a lot of recommendations that we actually follow.
03:07And then furthermore, you know, going through the FedRAMP process, while I found it to be very
03:11expensive, there was a lot of amazing sort of things that they recommended in terms of infrastructure,
03:18software, process, and procedures that allow us to really make sure that the data is secured.
03:24And so I think that if we can have more of these types of frameworks, more of a lighter touch,
03:30it'll allow us to continue to innovate fast, but still give us all a true north of where we should
03:36take things in terms of our infrastructure and our processes.
03:39Sir?
03:40Sir, I would say three things. Number one, just to follow on Mr. Shaw's point, I think NIST is well
03:45positioned for this. I think the remissioning of the Safety Institute by the Department of Commerce
03:49two days ago that will focus on really building the standards across our federal government and how
03:54they use AI. It's a step forward. Also looking at, you know, open source models coming from countries of
04:00concern, specifically China, and what kind of a risk they possess in our ecosystem. I think that's the right
04:05step to do it. At the allies and partners levels, as I mentioned in my opening remarks, the Five-I
04:11Alliance really provides us with a stepping stone of, you know, coming with some common standards among our
04:17five allied partners, and then start bringing other countries under the fold. And the third
04:21piece, as Mr. Shreya mentioned here earlier, what can we do on the offensive side, so our
04:26adversary doesn't get a hold of our data, they don't use it against us, and then actually we are, we put
04:32them on the back foot instead of letting them, you know, really attack us on a daily and hourly basis.
04:37Good. Anyone else?
04:39Just very briefly, sir. I just want to put in a good word for what the Trump Administration's been doing with its
04:44recent executive orders and OMB guidance on this front, which has been to provide not only a framework
04:48for expanding the use of AI throughout government, but also getting more serious about security
04:53vulnerabilities and other types of concerns, and recent OMB guidances like M25-21 and M22 basically try to
04:59address these concerns you're raising.
05:01Great. Thank you. I appreciate the panel very much. Madam Chair, I yield back.
05:05Thank you, and I'll recognize