View from Arch Street

The President’s recent cybersecurity Executive Order (14028) directed the Department of Commerce, in coordination with the National Telecommunications and Information Administration (NTIA), to publish the “minimum elements” for a Software Bill of Materials (SBOM). See: .The Minimum Elements For a Software Bill of Materials (SBOM) This report builds on the work of NTIA’s SBOM multistakeholder process, as well as the responses to a request for comments issued in June, 2021, and extensive consultation with other Federal experts. 

An SBOM is a formal record containing the details and supply chain relationships of various components used in building software. In addition to establishing minimum elements, this report defines the scope of how to think about minimum elements, describes SBOM use cases for greater transparency in the software supply chain, and lays out options for future evolution

The minimum elements as defined in the report are the essential pieces that support basic SBOM functionality and will serve as the foundation for an evolving approach to software transparency. These minimum elements comprise three broad, interrelated areas.

1. Data Fields: Documenting baseline information about each component that should be tracked
2. Automation Support: Allowing for scaling across the software ecosystem through automatic generation and machine-readability
3. Practices and Processes: Defining the operations of SBOM requests, generation and use

SBOM minimum elements will enable basic use cases, such as management of vulnerabilities, software inventory, and licenses. The report also looks at recommended SBOM features and advances that go beyond the minimum elements, including key security features and tracking more detailed supply chain data.

Tim Clancy, President of Arch Street was quoted in the June 3 edition of Chemical and Engineering News on potential new funding for the National Science Foundation and a proposed new NSF technology directorate as envisioned by the US Innovation and Competition Act (S.1260), previously the Endless Frontier Act.

The new legislation and a companion House bill would expand NSF funding of advanced technology and development and push the agency to adopt a “strong program manager” funding model utilized by the Defense Advanced Research Projects Agency (DARPA). This would be significant shift of philosophy for the NSF which has focused on basic, fundamental research selected through rigorous peer review with program managers playing a facilitating role. In the NSF budget request for Fiscal Year 2022, the Biden Administration has proposed the creation of a new NSF technology directorate as well as additional funding for regional innovation activities focused on critical technologies such as advanced manufacturing and semiconductors.

WHAT: Webinar on Healthcare Innovation and the NIH

WHEN: Thursday, May 27, 2021; 1:00-2:00 p.m. ET

The National Academy of Science, Engineering and Medicine’s Government-University-Industry Research Roundtable (GUIRR) will host a webinar on Small Business Education and Entrepreneurial Development (SEED) at the National Institutes of Health (NIH). Developing products across the biomedical spectrum requires NIH’s collaboration with universities and research institutions, small businesses, trade associations and societies, angel investors, venture capitalists, and strategic partners. The SEED office leads initiatives that develop these relationships and assist NIH innovators to further their product development efforts.

SEED director Matthew McMahon will give an introduction to NIH programs and services that accelerate biomedical innovation and increase diversity throughout the NIH innovator community.

Registration is free and can be accessed here: NIH SEED Webinar

The National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) has published for comment a preliminary draft of NIST SP 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources. The public comment period is open until May 24, 2021.

In the practice guide, the NCCoE applies standards, best practices, and commercially available technology to protect the digital communication, data, and control of cyber-physical grid-edge devices. The guide demonstrates an example solution for monitoring and detecting anomalous behavior of connected industrial internet of things (IIoT) devices and building a comprehensive audit trail of trusted IIoT data flows.

The Biden Administration has launched a new web presence for ai.gov the National Artificial Intelligence Initiative (NAII).

The NAII was established by the National Artificial Intelligence Initiative Act of 2020 (NAIIA) – bipartisan legislation enacted at the beginning of, 2021. The legislation directs the President to sustain and support various AI R&D, education, workforce, and outreach initiatives including trustworthy AI, as well as support international R&D cooperation in AI with key allies.

Congress also establishes the National Artificial Intelligence Initiative Office (NAIIO) to coordinate and support the NAII. The NAIIO is tasked to:

1. Provide technical and administrative support to the Select Committee on AI (the senior interagency committee that oversees the NAII) and the National AI Initiative Advisory Committee;
2. Oversee interagency coordination of the NAII;
3. Serve as the central point of contact for technical and programmatic information exchange on activities related to the — AI Initiative across Federal departments and agencies, industry, academia, nonprofit organizations, professional societies, State and tribal governments, and others;
4. Conduct regular public outreach to diverse stakeholders; and
   Promote access to technologies, innovations, best practices, and expertise derived from Initiative activities to agency missions and systems across the Federal Government.

The National AI Initiative provides an overarching framework to strengthen and coordinate AI research, development, demonstration, and education activities across all U.S. Departments and Agencies, in cooperation with academia, industry, non-profits, and civil society organizations. The work under this Initiative is organized into six strategic pillars – Innovation, Advancing Trustworthy AI, Education and Training, Infrastructure, Applications, and International Cooperation.