The Cybersecurity and Infrastructure Security Agency said the first meeting last week with the private sector, coordinated by the Joint Cyber Defense Collaboration at Microsoft’s campus in Reston, Virginia, supported The development of the cross-industry AI Security Incident Collaboration Handbook will be published by the end of the year.
WHY IS IT IMPORTANT?
A dedicated planning effort within JCDC, CISA’s public-private partnership model fosters collaboration on preparedness among AI vendors, security vendors, and facility owners and operators critical infrastructure, addresses the risks, threats, vulnerabilities and mitigations associated with AI-enabled systems in national critical infrastructure, the agency said in a statement June 14.
More than 50 organizations participated in recent four-hour preparedness exercises to share strategies for securely applying AI to protect critical infrastructure from emerging threats and practice countermeasures. cooperative response.
“Simulating adversarial threats against AI systems in a controlled environment is an invaluable training platform to equip security teams,” said Chris Sestito, CEO and co-founder of HiddenLayer. Confidential understanding of the vulnerabilities and threats that exist today.”
Other technology companies at the table were Amazon Web Services, Cisco, IBM, Microsoft, NVIDIA, OpenAI, Palantir, Palo Alto Networks, Protect AI and many other leading vendors. They were joined by the Federal Bureau of Investigation, the National Security Agency, the Office of the Director of National Intelligence, the Department of Defense and the Department of Justice.
“This exercise marks another step in our shared commitment to mitigate the risks posed by AI,” Easterly said in the statement.
Sandy Reback, vice president of public policy and government affairs at Palo Alto Networks, added: “As AI adoption has expanded, we have seen a similar increase in complexity in the cyber threat environment”.
“Public-private collaboration on important activities like this will better protect our digital way of life.”
For Bryan Vorndran, assistant director of the FBI’s Cyber Division, the exercise demonstrates the agency’s commitment to partnerships, he said.
According to CISA, the need for secure-by-design approaches in developing AI products is also an important topic in addition to collaboration and incident response practices at tabletop exercises.
“These collaborations benefit our efforts to securely develop and deploy AI technology,” Matt Knight, head of security at OpenAI, acknowledged in the statement. ”.
JCDC is planning a second exercise in 2024 that will incorporate system integrator-related vulnerabilities in U.S. critical infrastructure, allowing for interoperability when deploying the technology AI into existing systems. AI integrators help organizations apply AI and create larger AI systems.
Troy Bettencourt, global partner and head of IBM X-Force, noted in the agency’s announcement: “With critical infrastructure facing increasingly severe attacks and the of AI threats, early preparation and routine testing are more important than ever to minimize any collateral damage.” .
The agency said the AI Security Incident Collaboration Playbook, launched following CISA exercises with the private sector later this year, is intended to facilitate coordinated incident response efforts. trying to secure AI between government, industry and global partners.
Omar Santos, security and trust lead at Cisco, called the playbook “a much-needed initiative” that will “serve as a great resource to coordinate AI security incidents across industry partners and global partners”.
BIGGER TREND
As part of a mission launched two years ago, JCDC said it is working to reduce the likelihood and impact of AI-related threats and vulnerabilities for critical infrastructure providers. important on its website.
Emerging technologies always present ripe opportunities for tabletop exercises, and experts agree that when it comes to protecting critical infrastructure, governments are important partners.
“There is legislation that defines this relationship, specifically the National Defense Authorization Act. This act codifies the critical infrastructure relationship between the Federal government, through the Industry Risk Management Agency and [critical infrastructure],” noted Erik Decker, CISO of Intermountain Health and co-chair of the HHS 405(d) Task Force, when sharing tips on provider-organization cybersecurity tabletop exercises with Healthcare IT news.
ON PROFILE
“At OpenAI, we firmly believe that security is a team sport,” Knight said in a statement. It thrives on collaboration and benefits immensely from transparency.” “This initiative not only strengthens our defenses but also fosters a community dedicated to collective security advancements, including realizing the benefits of using AI tools for cyber defense.”
Bret Arsenault, corporate vice president and cybersecurity advisor at Microsoft, added: “As we enter the new AI Landscape, security is critical and collaboration with industry and government partners is critical to developing an effective and coordinated response to security incidents.”
“Practicing response scenarios and simulations like today’s AI-focused tablet exercises will promote learning and sharing, which will help strengthen cyber resilience across the board. wide.”
Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
The HIMSS AI in Healthcare Forum is scheduled to take place September 5-6 in Boston. Learn more and register.
