Artificial Intelligence & Machine Learning , Governance & Risk Management , Government

CISA Conducts First-Ever AI Security Incident Response Drill

US Cyber Defense Agency Developing AI Security Incident Collaboration Playbook
CISA Conducts First-Ever AI Security Incident Response Drill

The Cybersecurity and Infrastructure Security Agency is crafting a comprehensive framework to unify government, industry and global partners in their response to major security incidents involving artificial intelligence.

See Also: Safeguarding against GenAI Cyberthreats with Zero Trust

The U.S. cyber defense agency conducted the federal government's first-ever AI security incident tabletop exercise Thursday, bringing together over 50 AI experts for the four-hour event held at Microsoft's Virginia offices. The agency said the exercise was aimed at supporting the development of the AI Security Incident Collaboration playbook that is expected to be released later this year.

CISA's flagship public-private partnership, the Joint Cyber Defense Collaborative, organized the exercise and is developing the playbook through a dedicated planning effort dubbed JCDC.AI. The collaborative is planning to host a second exercise later this year on AI integration in U.S. critical infrastructure, according to the agency.

CISA Director Jen Easterly said in a statement the exercise highlighted "the importance of developing and delivering AI products that are designed with security as the top priority."

"As the national coordinator for critical infrastructure security and resilience, we're excited to work with our partners to build on this effort to help organizations secure their AI systems," she said.

Participants in the event included the FBI, the National Security Agency, the Office of the Director of National Intelligence, and the Defense and Justice departments. Major AI and software developers - including OpenAI, Microsoft, IBM, Cisco, Cranium AI, Amazon Web Services and more - were also in attendance.

CISA has recently published a series of guidance documents for both the public and private sectors to promote the benefits of AI while ensuring systems are protected from emerging cybersecurity threats. The agency published a road map for AI that envisions a programmatic structure for AI adoption within cyber defense missions and enhanced workplace guidance for generative technologies.

The JCDC also is focused on reducing the risk AI poses to critical infrastructure as a key component of its 2024 priorities, in addition to anticipating emerging technology and new cybersecurity threats.

"The insights we will gain from this exercise will be vital for developing immediate response strategies and shaping the future of AI security," Jonathan Dambrot, CEO of Cranium AI, said in a statement. He said that the upcoming AI playbook from the JCDC "will serve as a critical resource for all stakeholders" and help ensure organizations "will be prepared and resilient in the face of AI-related threats."

FBI Cyber Division Assistant Director Bryan Vorndran said the exercise showed that both sectors are better prepared to handle cyberthreats when there is adequate coordination.

"We are stronger when we come together to share information and determine best practices in the evolving AI landscape," Vorndran said.

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.