The US cybersecurity agency CISA last week conducted an inaugural tabletop exercise with the private sector, focused on responding to AI cybersecurity incidents.
Led by the Joint Cyber Defense Collaborative (JCDC), the four-hour exercise simulated a cyberattack involving an AI-enabled system, with participants working together to identify information sharing opportunities, public-private engagement protocols, and areas for operational collaboration.
The exercise focused on incidents “that actually or imminently jeopardize the confidentiality, integrity, or availability of the AI system, any other system enabled and/or created by the AI system, or information stored on any of these systems, where the incident is significant enough to cause disruption to the system’s behavior and requires intervention.”
More than 50 AI experts from government agencies and industry partners gathered for this exercise at Microsoft’s facility in Reston, Virginia.
The main objectives of the exercise, CISA says, included finding opportunities for sharing information on cyber incidents involving AI-enabled systems, assessing the participants’ response procedures and best practices when dealing with such an incident, and identifying areas of improvement in response plans, information sharing, and resilience to a significant AI incident.
Furthermore, the exercise focused on assessing the information sharing capabilities, needs, and priorities for collaboration between government agencies, industry, and international participants.
CISA says it will incorporate the lessons learned into an AI Security Incident Collaboration Playbook to raise awareness on operational collaboration across government, industry, and partners.
The agency plans to conduct a second tabletop exercise to test and validate the playbook with AI companies and organizations in the critical infrastructure sector that are already integrating AI in their operational environments.
“This exercise marks another step in our collective commitment to reducing the risks posed by AI. It also highlights the importance of developing and delivering AI products that are designed with security as the top priority. As the national coordinator for critical infrastructure security and resilience, we’re excited to work with our partners to build on this effort to help organizations secure their AI systems,” CISA Director Jen Easterly said.
Related: CISA Outlines Efforts to Secure Open Source Software
Related: CISA Releases Malware Next-Gen Analysis System for Public Use
Related: Eric Goldstein Leaving CISA for Private Sector Role
Related: CISA Kicks Off Cybersecurity Awareness Month With New Program
