M3AAWG actively seeks to provide the necessary technical and strategic guidance to protect end-users’ online experience as government, Internet and public policy agencies worldwide develop new Internet policies and legislation. Working to reduce the spread of spam, bots and malware, M3AAWG has submitted comments on these proposals:
M3AAWG has submitted comments to the Department of Homeland Security's (DHS) Proposed Rulemaking on “Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements”. M3AAWG recognizes the key role effective cyber incident reporting can have in addressing the impacts of cybersecurity incidents and combating online abuse. Cyber incident reporting can minimize consequences to victims, capture lessons learned, and improve cybersecurity nationwide, thereby increasing the likelihood that perpetrators will be held accountable. However, overly broad cyber incident reporting rules often do not, on balance, yield benefits commensurate with the significant costs those rules impose on both reporting entities and the government.
We generally support CISA’s efforts to craft a proposed rule that seeks to achieve the intended goals of the CIRCIA mandates. However, M3AAWG urges CISA to consider the following suggestions to clarify or modify its proposed rule, as detailed below. We note that our comments today are focused on certain critical areas of concern to our members and do not represent a comprehensive discussion of all issues covered in the expansive CIRCIA NPRM.
M3AAWG has submitted Comments on the NIST AI 600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. With the growing importance of AI in society and the challenges of AI-related security and abuse issues, appropriate management of AI risk is becoming ever more pertinent, which is why M3AAWG welcomes the opportunity to submit comments.
Comments Submission Date: May 29, 2024
M3AAWG has submitted Comments on NIST AI 100-5, A Plan for Global Engagement on AI Standards. AI is a global phenomenon which impacts various countries and a number of industry sectors at high risk of abuse by cybercriminals and other threat actors. Thus, international and cross-sector engagement and involvement in standard-setting is of paramount importance.
Comments Submission Date: May 29, 2024
M3AAWG has submitted Comments on the NIST AI 100-4, Reducing Risks Posed by Synthetic Content: An Overview of Technical Approaches to Digital Content Transparency. Synthetic content is already a concern in areas such as profit-oriented cybercrime, fake news, and election interference. It therefore represents a risk to national security as a whole. M3AAWG welcomes the opportunity to comment on the current version of NIST AI 100-4 from our perspective as security and anti-abuse specialists.
Comments Submission Date: May 29, 2024
M3AAWG has submitted Comments on the NIST SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models. The increasing importance of secure development of software and AI systems carries specific risks associated with the abuse of AI systems and AI tools used in software development. As a group of anti-abuse specialists, M3AAWG thus welcomed the opportunity to comment on the current version of NIST SP 800-218A.
Comments Submission Date: May 29, 2024
