CISA leads tabletop exercises focused on hacked AI

The Cybersecurity and Infrastructure Security Agency said last week’s inaugural tabletop meeting with the private sector, coordinated by the Joint Cyber ​​Defense Collaborative at the Microsoft Corp. facility in Reston, Virginia, supports the development of a cross-sector AI Security Incident Collaboration Playbook to be published by the end of the year.

WHY IT MATTERS

A dedicated planning effort within JCDC, CISA’s public-private partnership model that drives collaboration on preparedness among AI providers, security vendors, and critical infrastructure owners and operators, addresses risks, threats, vulnerabilities, and mitigations related to AI supported systems in national critical infrastructure, the agency said in a June 14 statement.

More than fifty organizations participated in the recent four-hour preparedness exercises, sharing their strategies for safely deploying AI to protect critical infrastructure from emerging threats and practicing joint response.

“Simulating hostile threats against AI systems in a controlled environment is an invaluable training ground for helping security teams understand the vulnerabilities and threats that exist today,” said Chris Sestito, CEO and co-founder of HiddenLayer.

Other technology companies at the table included Amazon Web Services, Cisco, IBM, Microsoft, NVIDIA, OpenAI, Palantir, Palo Alto Networks, Protect AI and more leading vendors. They were joined by the Federal Bureau of Investigation, the National Security Agency, the Office of the Director of National Intelligence, the Department of Defense and the Department of Justice.

“This exercise marks another step in our collective commitment to reducing the risks of AI,” Easterly said in the statement.

“As AI adoption has expanded, we have seen similar growth in complexity in the cyber threat environment,” said Sandy Reback, vice president of public policy and government affairs at Palo Alto Networks.

“Public-private partnerships on critical exercises like these will better protect our digital way of life.”

For Bryan Vorndran, assistant director of the FBI’s Cyber ​​Division, the exercise demonstrated the agency’s commitment to partnerships, he said.

According to CISA, the need for secure-by-design approaches in developing AI products was also a key theme in addition to collaboration on incident response and tabletop practices.

“These collaborations further our efforts to securely develop and deploy AI technology,” Matt Knight, chief security officer at OpenAI, acknowledged in the statement.

JCDC plans a second exercise in 2024, which will include vulnerabilities associated with system integrators in U.S. critical infrastructure, which enable interoperability in the implementation of AI technologies in existing systems. The AI ​​integrators help organizations adopt AI and create larger AI systems.

“As critical infrastructure faces increasingly severe attacks and the rise of AI threats, early preparedness and routine testing are more important than ever to reduce any collateral damage,” said Troy Bettencourt, global partner and head of IBM X-Force, in the agency announcement. .

The AI ​​Security Incident Collaboration Playbook, which will emerge from CISA’s tabletop exercises with the private sector at the end of this year, is intended to accelerate AI security incident response coordination efforts among government, industry and global partners to facilitate this, the agency said.

Omar Santos, who leads security and trust at Cisco, called the playbook “a much-needed initiative” that “will serve as a great resource for coordinating AI security incidents among industry peers and global partners.”

THE BIG TREND

As part of its mission launched two years ago, the JCDC said it is working to reduce the likelihood and impact of AI-related threats and vulnerabilities for critical infrastructure providers in its territory. website.

Emerging technologies always provide a good opportunity for tabletop practice, and experts agree that government is an important partner in protecting critical infrastructure.

“There are laws that define this relationship, most notably the National Defense Authorization Act. This codifies the critical infrastructure relationship between the federal government, through a Sector Risk Management Agency, and the (critical infrastructure),” Erik Decker, CISO of Intermountain Health Erik Decker , co-chair of the HHS 405(d) Task Group, noted while sharing tips on table-topping cybersecurity by provider organizations with Healthcare IT news.

ON THE RECORD

“At OpenAI, we believe security is a team sport. It thrives on collaboration and benefits greatly from transparency,” Knight said in a statement. “This initiative not only strengthens our defenses, but also fosters a community committed to collective security improvements, including realizing the benefits of using AI tools for cyber defense.”

“As we enter a new AI landscape, security is critical and collaboration with industry and government partners is critical to developing an effective and coordinated response to security incidents,” said Bret Arsenault, corporate vice president and chief cybersecurity advisor from Microsoft.

“Practicing response scenarios and simulations, such as today’s AI-focused tabletop exercise, encourages learning and sharing, which will help strengthen cyber resilience across the board.”

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

The HIMSS AI in Healthcare Forum will take place September 5-6 in Boston. More information and registration.

Related Post