"The Agriculture Department is using artificial intelligence to identify risks in the supply chain, estimate yearly corn and soybean yields and make recommendations during the permitting process. But the department doesn't have all of the required cybersecurity and governance controls to keep that technology in check, according to an inspector general report released last week, which found that Agriculture doesn't even have a generative AI policy at all."
"The department hasn't fully implemented cyber and risk controls in its AI systems, as required by federal standards, because it has prioritized using AI over setting up controls for the technology. At USDA, AI systems "could be vulnerable and lack critical security controls, leaving the agency susceptible to data breaches or reputational harm" because of the lack of strong governance around the technology, the new report says."
"Agriculture hasn't followed all the risk management and governance controls set in place by the Office of Management and Budget during the Biden administration and modified by the Trump administration. The department has installed a chief AI officer as required, but it hasn't updated agency policies - or implemented minimum risk management practices for AI systems deemed especially risky, like those that affect civil rights or critical infrastructure."
"Almost none of the AI use cases in the department's fiscal year 2024 inventory had an authority to operate, a formal approval issued for technology systems meant to make sure that the government thinks through the risks associated with different technologies before using them. That means that management doesn't have assurance that the department has cybersecurity controls in place, the report says."
The Agriculture Department uses artificial intelligence to identify supply-chain risks, estimate yearly corn and soybean yields, and provide recommendations during the permitting process. An inspector general report finds the department lacks required cybersecurity and governance controls to manage these technologies. The department has not fully implemented cyber and risk controls for AI systems as required by federal standards, prioritizing AI deployment over control development. The report warns that AI systems could be vulnerable and lack critical security controls, increasing susceptibility to data breaches and reputational harm. USDA has a chief AI officer but has not updated policies or implemented minimum risk management practices for especially risky AI systems, including those affecting civil rights or critical infrastructure. Most AI use cases in the fiscal year 2024 inventory lacked authority to operate, limiting assurance that cybersecurity controls are in place.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]