Seeking to strengthen its incident response capabilities before artificial intelligence becomes an even bigger threat, the federal government on Thursday hosted its first roundtable on the growing technology, bringing together partners from across the country and around the world. foreigner for this exercise.
The Cybersecurity and Infrastructure Security Agency led the table as part of the Joint Cyber Defense Collaborative, the operational arm of the cyber defense agency that focuses on collaboration with industry, alongside 50 AI experts from 15 companies and several international cyber defense agencies.
The board is one among several The Biden administration’s initiatives in recent months have been aimed at mitigating potential risks from technology, as seen by major companies like Microsoft push for rapid releases of AI-based products that could be exploited by cybercriminals.
CISA has not released details of the three modules presented in the table, but the exercise with industry focused on understanding what constitutes AI-enabled or AI-related cybersecurity incidents, on the determining the types of information sharing needed and how best for the industry to work. with the government, and vice versa.
A cyber incident could mean that an AI system itself is compromised, or that another system created by an AI is threatened, said Clayton Romans, associate director of the Joint Cyber Defense Collaborative at CISA.
“The key is that there are multiple potential ways in which AI could be vulnerable,” Romans said. “Part of that is building the lexicon and understanding with companies that are new to this area, and connecting them to other companies that we’ve been working with for a while now within the JCDC and building in some way sort this basic mutual understanding and technology.”
The four-hour AI classroom exercise is part of the development of CISA’s upcoming AI Security Incident Collaboration Playbook. The playbook, expected to be released in late 2024, will be the first of many collaborative efforts by the JCDC, Romans said. It will define the coordination of response to AI-specific incidents between the public and private sectors as well as with international agencies.
“We’re using this exercise now to lay the groundwork for how we’re going to collaborate together between these key companies, probably the future key companies, and our very close and important partners in the U.S. government who all have a role to play in this space.” , “said the Romans.
In April, CISA has published guidelines surrounding AI security for critical infrastructure owners and operators. The Department of Homeland Security also launched a AI Safety and Security Council focused on the impact of AI on critical infrastructure.
Additionally, CISA has established a working group to explore how AI can be used to mitigate threats from supply chains, CISA Director Jen Easterly noted at a conference. top of the supply chain Wednesday.
For Thursday’s tabletop exercise, CISA worked alongside the FBI, NSA, Department of Defense, Office of the Director of National Intelligence and the National Cyber Mission Force. Participating technology companies included Microsoft, OpenAI, IBM, Palantir, Cisco and Palo Alto Networks.
The exercise was also observed by the Australian Cyber Security Centre, Australian Signals Directorate, the UK National Cyber Security Centre, the New Zealand National Cyber Security Center and the Canadian Center for Cyber Security.
This article was updated on June 14, 2024 to modify a description of table details provided to CyberScoop by CISA.
