The Cybersecurity and Infrastructure Security Agency said last week’s inaugural meeting with the private sector, coordinated by the Joint Cyber Defense Collaborative at Microsoft’s headquarters in Reston, Virginia, supports the development of a cross-sector incident collaboration playbook. related to artificial intelligence security, which is expected to be published by the end of the year.
WHY IT IS IMPORTANT
The agency has made dedicated planning efforts under JCDC, CISA’s public-private partnership model that stimulates preparedness collaboration among AI vendors, security vendors, and critical infrastructure owners and operators to address risks, threats, vulnerabilities, and mitigation measures for systems that support artificial intelligence in national critical infrastructure – we read in a statement of June 14.
More than 50 organizations participated in the recent four-hour preparatory exercise, sharing their strategies for safely deploying AI to protect critical infrastructure from emerging threats and practicing collaborative responses.
“Simulating hostile threats against AI systems in a controlled environment is an invaluable training ground that allows security teams to understand the vulnerabilities and threats that exist today,” said Chris Sestito, CEO and co-founder of HiddenLayer.
Other technology companies at the table include Amazon Web Services, Cisco, IBM, Microsoft, NVIDIA, OpenAI, Palantir, Palo Alto Networks, Protect AI and other leading vendors. They were joined by the Federal Bureau of Investigation, the National Security Agency, the Office of the Director of National Intelligence, the Department of Defense and the Department of Justice.
“This exercise is another step in our collective commitment to reducing the threats posed by artificial intelligence,” Easterly said in a statement.
“As the use of artificial intelligence has increased, we have seen a similar increase in the complexity of the cyber threat landscape,” added Sandy Reback, vice president of public policy and government affairs at Palo Alto Networks.
“Public-private cooperation on such key exercises better protects our digital way of life.”
The exercise demonstrated the agency’s commitment to partnership, according to Bryan Vorndran, deputy director of the FBI’s cyber division.
According to CISA, the need for a security-by-design approach to developing AI products was also an critical topic beyond collaboration and incident response practice.
“This collaboration benefits our efforts to securely develop and deploy artificial intelligence technologies,” Matt Knight, chief security officer at OpenAI, confirmed in a statement.
The JCDC plans a second exercise in 2024 that will address vulnerabilities related to system integrators in U.S. critical infrastructure that enable interoperability when implementing artificial intelligence technologies into existing systems. AI integrators facilitate organizations implement AI and create larger AI systems.
“As attacks on critical infrastructure become more severe and artificial intelligence threats increase, early preparedness and routine testing are more important than ever to limit any collateral damage,” noted Troy Bettencourt, global partner and head of IBM X-Force, in an agency statement.
The AI Security Incident Collaboration Guide, which will be developed by CISA with the private sector at the end of the year, is intended to facilitate coordination among AI security efforts, industry and global partners, the agency says.
Omar Santos, who leads security and trust at Cisco, called the playbook “a much-needed initiative” that “will serve as an excellent resource for coordinating AI security incidents among industry and global partners.”
A BIGGER TREND
As part of its mission launched two years ago, the JCDC said it is working to reduce the likelihood and impact of artificial infrastructure threats and vulnerabilities on critical infrastructure providers in their website.
Emerging technologies always provide a good opportunity for hands-on practice, and experts agree that government is a key partner when it comes to protecting critical infrastructure.
“There are laws that define this relationship, most notably the National Defense Authorization Act. It codifies critical infrastructure relationships between the federal government, through the Sector Risk Management Agency, and [critical infrastructure],” noted Erik Decker, Intermountain Health CISO and co-chair of the HHS 405(d) Task Force, as he shared tips on provider-to-organization cybersecurity practice exercises with the company .
ON RECORDING
“At OpenAI, we strongly believe that security is a team sport. It is collaborative and benefits greatly from transparency,” Knight said in a statement. “This initiative not only strengthens our defenses, but also supports a community committed to advancing collective security, which includes realizing the benefits of using artificial intelligence tools for cyber defense.”
“As we enter the new AI landscape, security is critical, and collaboration with industry and government partners is critical to developing an effective and coordinated response to security incidents,” added Bret Arsenault, Microsoft corporate vice president and chief cybersecurity advisor.
“Practical response scenarios and simulations, such as today’s AI-focused tabletop exercises, stimulate learning and sharing that will help strengthen cyber resilience overall.”