In a significant move to harness the power of artificial intelligence (AI) for enhanced cybersecurity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its "2023-2024 CISA Roadmap for Artificial Intelligence."
The comprehensive plan, released this month, outlines CISA's strategic steps to leverage AI for advancing cybersecurity capabilities, safeguarding AI systems, and deterring malicious actors from exploiting AI vulnerabilities.
The roadmap highlights five key lines of effort that will guide CISA's AI initiatives:
Promote beneficial uses of AI to enhance cybersecurity capabilities and other aspects of CISA's mission, including utilizing AI to detect and respond to cyberattacks, improve risk assessment and incident response, and enhance cybersecurity training for the workforce.
Protect the nation's AI systems from cybersecurity threats, developing secure AI development practices, implementing robust cybersecurity measures for AI systems, and fostering collaboration across the AI ecosystem to address emerging threats.
Deter malicious actors' use of AI capabilities to threaten critical infrastructure, identifying and mitigating potential AI attack vectors, disrupting malicious AI activities, and raising awareness about the risks associated with AI misuse.
Collaborate and communicate on key AI efforts with the interagency, international partners, and the public, engaging with government agencies, industry stakeholders, and the research community to share information, exchange best practices, and coordinate efforts.
Expand AI expertise in the workforce, investing in training and education programs to develop a skilled AI workforce, promoting diversity and inclusion in the AI field, and fostering a culture of innovation and continuous learning.
The release of the 2023-2024 CISA Roadmap for Artificial Intelligence signifies a pivotal step toward leveraging AI as a powerful tool to strengthen cybersecurity and protect critical infrastructure. CISA's comprehensive approach to AI integration will seek to not only enhance the agency's own cybersecurity capabilities but also foster collaboration and innovation across the cybersecurity landscape.
In a November 15 LinkedIn post, Victoria Beckman, Associate General Counsel, Security & Privacy, at Shopify, had this to say about the CISA AI Roadmap:
"The roadmap seeks to ensure internal coherence and alignment with the U.S. National #AIstrategy and focuses on five lines of efforts:
1. Use AI-enabled #software tools to strengthen #cyberdefense and support the country's critical infrastructure mission. CISA's adoption of AI will ensure #responsible, ethical, and safe use—consistent with the Constitution and all applicable #laws and policies, including those addressing federal procurement, #privacy, civil rights, and civil liberties.
2. Assess and assist secure by design AI-based software adoption
across a diverse array of stakeholders through #bestpractices and guidance for secure and #resilient AI software development and implementation.
3. Assess and recommend #mitigation of AI #threats against the nation's critical infrastructure in partnership with other government agencies and industry partners that develop, test, and evaluate AI tools.
4. Collaborate with and communicate on key efforts with international partners in AI #security, interagency policies and strategies, and the public.
5. Continue to educate the workforce on #artificialintelligence software systems and techniques, ensuring that internal training not only reflects technical expertise, but also incorporates legal, ethical, and policy considerations of AI implementation across all aspects of CISA's work.
The Annex contains a nice list of recent actions taken by the U.S. government related to AI-based software systems."
AI has been a topic on every SecureWorld in-person conference agenda in 2023, for good reason, and we held our first AI virtual conference on September 27. Click the link and watch all the presentations on-demand. Topics covered include safeguarding ethical development in AI, risk and rewards of deploying AI/ML technologies, the impact of AI on cybersecurity programs, protecting high-value AI assets, the robots are coming, behind the scenes of legal ethics in the digital age, strengthening cybersecurity with generative AI, cyber-enabled fraud and BEC in 2023, and more.