In the News

R Street Institute’s AI and cyber priorities for Trump team focus on balancing risk, reward

Jan 8, 2025

issues: AI Security, Cyber Threats, Cybersecurity Policy, Data Security and Data Privacy, Federal Government Affairs, Foreign Affairs

originally published in Inside AI Policy

The free market-focused R Street Institute says policymakers must confront the risks associated with artificial intelligence in order to reap extensive cybersecurity and other benefits, in a new package of policy priorities for consideration by the incoming Trump administration and 119^th Congress.

The group offers a frank, security-conscious assessment of how policymakers should balance the desire to turbocharge AI innovation — seen as a top priority for the new administration — against security challenges that have become increasingly dangerous as AI is broadly deployed.

“Continued advances in AI are redefining industries and reshaping national security priorities, offering transformative opportunities for innovation, efficiency, and resilience. In cybersecurity, AI has already compressed cybersecurity incident analysis time from minutes to milliseconds and promises to identify never-before-seen threats and vulnerabilities through predictive threat intelligence,” R Street’s Haiman Wong and Brandon Pugh write in the policy paper released Jan. 6.

“These benefits, however, are paired with risks that demand our attention. AI systems are susceptible to exploitation — whether through adversarial attacks, weaponization, data poisoning, or unintentional breaches of the infrastructure supporting their use,” they say.

“Left unchecked, these vulnerabilities can disrupt critical infrastructure operations and expose sensitive data,” Wong and Pugh write. “To maintain our technological leadership, military advantage, and international influence, we must adopt strategies that harness AI’s potential while balancing the need for safeguards against emerging threats. Congress, federal agencies, and the White House all have a role in striking this balance, and those roles overlap at times.”

Among the recommendations for “promoting responsible AI use,” the R Street paper says:

The White House, Congress, and relevant agencies should incorporate risk-tolerance principles — which involve defining acceptable risks — into any AI regulation and governance solutions. Congress should direct the National Institute of Standards and Technology (NIST) to collaborate with stakeholders across industry, academia, and the public to develop and advance voluntary best practices for improved transparency and oversight in AI applications.
The White House, with support from Congress, should modernize legacy systems throughout the government to ensure that these systems can support both emerging security updates and responsible-use standards.

It calls for “Federal Guidance Clarifying Key Ambiguities in AI Development and Use,” saying:

NIST and the Cybersecurity and Infrastructure Security Agency (CISA) should define permissible actions for researchers in security-centric AI development across public and private sectors.
The Department of Defense, in collaboration with other agencies like the National Security Agency (NSA), should expand offensive cyber capabilities to improve deterrence and attribution.
NIST should establish risk-tolerance parameters for federal entities to guide AI implementation.
NIST, in collaboration with CISA, should develop a voluntary framework to guide state and local governments in evaluating and addressing AI-related security and safety concerns.

And, among other AI-related recommendations, it addresses “securing U.S. data from foreign adversaries”:

Congress, in coordination with the Department of Energy (DOE), should prioritize the expansion of secure, domestically operated data centers to reduce U.S. reliance on foreign-sourced hardware and infrastructure across public and private sectors.
The White House should direct agencies like NIST and CISA to establish clear standards for secure collection, storage, and handling protocols for AI training datasets to prevent tampering, data poisoning, and unauthorized access across private and public sectors.

Cyber harmonization

The group’s recommendations on cybersecurity policy focus on the need for regulatory harmonization.

R Street calls on policymakers to “Define a comprehensive end goal for harmonization, including establishing the scope of what should be covered and considering reciprocity or uniform baseline security requirements across sectors in a way that is not onerous but, instead, reasonable for companies of all sizes.”

“Congress could grant such authority to an entity like the Office of the National Cyber Director so that it could establish and pilot baseline security rules and incident-reporting requirements to reduce duplicative and contradictory rules,” R Street recommends.