On Thursday, the Cybersecurity and Infrastructure Security Agency First tabletop exercise More than 50 AI experts from government and industry participated in the four-hour training to help understand and mitigate digital threats to artificial intelligence systems.
Led by the Joint Cyber Defense Collaborative, a consortium of public and private sector leaders, the tabletop exercise simulated a cybersecurity incident targeting an AI-enabled system, and participants practiced incident response efforts, including information sharing and operational collaboration, to mitigate the damage from a hypothetical attack.
The exercise was divided into three modules and described a hypothetical scenario in which a hacker was able to evade an internally customized AI defense agent within an organization’s email system. Some government officials did not participate in the first two modules, but participated in the third module to simulate how industry players would interact and collaborate with newcomers after an incident occurred.
The objective of the tabletop exercise was to raise awareness of how AI systems present new vectors of cyber threats to digital networks, explore current responses, and develop information-sharing priorities for critical infrastructure operators, security vendors, and other stakeholders.
“This effort marks another step in our joint efforts to mitigate the risks posed by AI and also highlights the importance of developing and delivering AI products that are designed with security as a top priority,” CISA Director Jen Easterly said in a statement. “As the national coordinator for critical infrastructure security and resilience, we are pleased to work with our partners to further this effort and help organizations protect their AI systems.”
The results of this tabletop exercise will help CISA and JCDC develop a playbook to provide support and guidance for AI-based cyberattack responses, scheduled for release at the end of 2024. The agencies plan to conduct a second tabletop exercise after the playbook’s release to test it.
Participating agencies and companies included Amazon Web Services, Cisco, Cranium, HiddenLayer, IBM, Microsoft, NVIDIA, OpenAI, Palantir, Palo Alto Networks, Protect AI, Robust Intelligence, Scale AI, FBI, National Security Agency, Office of the Director of National Intelligence, Department of Defense, and Department of Justice.
“At OpenAI, we firmly believe that security is a team sport. Security is achieved through collaboration and benefits greatly from transparency,” Matt Knight, head of security at OpenAI, said in prepared remarks. “We are proud to have participated in tabletop exercises with JCDC.AI and other security leaders. These collaborations benefit our efforts to securely develop and deploy AI technologies.”
The tabletop security exercise follows the Biden administration’s larger effort to harness AI’s myriad beneficial uses while mitigating its negative effects, which was also a central theme of the White House Office of Science and Technology Policy’s AI Aspirations conference, held Thursday.
AI Aspirations featured system demos and discussions on near-term and current use cases for AI and machine learning systems, with leaders noting that AI can either support or hinder the modern cybersecurity posture.
“AI will be essential to our national security to strengthen cybersecurity and protect our critical infrastructure,” OSTP Director Arati Prabhakar said in her opening remarks at the conference.