The US cybersecurity agency CISA on Tuesday published a new document detailing its efforts in promoting the use of artificial intelligence (AI) to improve security and supporting critical infrastructure organizations in adopting AI.
Aligned with national AI strategy, CISA’s Roadmap to AI (PDF) promotes beneficial uses of AI in enhancing cybersecurity capabilities and details the agency’s efforts to protect AI systems from threats and to prevent threat actors from using AI to threaten critical infrastructure.
According to CISA, while AI software systems are different from traditional software, basic security practices apply to them as well, and the roadmap builds on existing cybersecurity and risk management programs.
“The security challenges associated with AI parallel cybersecurity challenges associated with previous generations of software that manufacturers did not build to be secure by design, putting the burden of security on the customer,” the agency notes.
CISA encourages AI system makers to follow secure-by-design principles, to ensure transparency and accountability, and ensure that security is a core requirement and integral to AI system development, throughout its lifecycle.
“We envision a future in which AI systems advance our nation’s cyber defense, where our critical infrastructure is resilient and protected from malicious use of AI, and where AI developers prioritize the security of their products as a core business requirement,” the agency says.
CISA plans to integrate AI across its systems, noting that it can help defend against traditional cyber threats and maintain and improve the resilience of critical infrastructure systems, but also pointing out that AI companies and use cases may require specific protections.
The roadmap also details five lines of effort that CISA will follow in unifying and accelerating its AI goals: the responsible use of AI, a secure-by-design AI-based software adoption, protecting critical infrastructure from the malicious use of AI, collaborating with other agencies and national and international partners on key AI efforts, and educating its workforce on AI software systems and techniques.
“This roadmap provides objectives for each line of effort that detail how CISA will accomplish these goals and measure our success. We also include representative outcomes and a notional measurement approach for each line of effort We are developing more specific measures of effectiveness, which will be defined in our annual operating plans,” CISA notes.
Related: US Government Issues Guidance on SBOM Consumption
Related: CISA Releases New Identity and Access Management Guidance
Related: ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications
Related: CISA Introduces Secure-by-design and Secure-by-default Development Principles
