TRENDING:

Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development

New Federal Playbook Aims to Boost AI Cyber Incident Sharing

US CISA Releases Guidance to Streamline AI Cyber Incident Information Sharing Chris Riotta (@chrisriotta) • January 14, 2025    
New Federal Playbook Aims to Boost AI Cyber Incident Sharing
The new playbook aims to strengthen collaboration and proactive threat sharing between federal agencies, AI developers and private sector partners.

The U.S. cyber defense agency is aiming to streamline information sharing on artificial intelligence cybersecurity incidents and vulnerabilities between the federal government, leading AI developers and major companies deploying AI tools.

See Also: Live Webinar | AI-Powered Defense Against AI-Driven Threats

The Cybersecurity and Infrastructure Security Agency on Tuesday released an AI cybersecurity collaboration playbook that provides guidance to public-private partners on disclosing AI incidents and vulnerabilities while detailing the agency's steps to bolster collective defense with shared information. CISA said it developed the Joint Cyber Defense Collaborative AI Cybersecurity Collaboration Playbook with federal partners including the FBI, National Security Agency AI Security Center and industry partners such as AWS, Nvidia, IBM, Microsoft and OpenAI.

The playbook calls for proactive information sharing around malicious activity to help enable early detection of critical threats. It provides avenues for AI developers and private sector companies to coordinate within JCDC, as well as voluntarily report cyber incidents to CISA. The guidance comes after the Department of Homeland Security Office of Inspector General found the agency's top threat sharing initiative was facing major hurdles, from mounting security concerns and plummeting participation to a lack of a recruitment strategy (see: Experts Warn CISA's Threat Sharing Is in a 'Death Spiral').

CISA Director Jen Easterly described the new playbook as a "major milestone" in CISA's efforts "to secure AI systems through active collaboration." She added that 150 AI specialists from government, industry and international partners contributed to the development of the guidance and participated in two dynamic tabletop exercises, which "will be regularly updated to address the evolving challenges of an AI-driven future."

CISA's Cybersecurity Advisory Committee issued a series of recommendations in June that called on the agency to overhaul the JCDC and improve its focus on operational collaboration. Experts told Information Security Media Group at the time that the public-private partnership - which boasts over 300 member organizations across 12 critical infrastructure sectors - suffers from mission uncertainty and the lack of a platform to enhance collaboration (see: CISA Planning JCDC Overhaul as Experts Criticize Slow Start).

The playbook primarily instructs organizations to use CISA webpages to report cyber incidents and vulnerabilities in AI products and services. CISA recommends all JCDC partners integrate the playbook into their incident response and information sharing processes while making iterative improvements as needed.

The guidance urges organizations to establish comprehensive vulnerability disclosure policies in order for security researchers to understand what tests are authorized for certain systems and how to send those vulnerability reports. It also instructs JCDC partners that identify vulnerabilities in deployed federal government systems to notify the owner or report the issue through the Carnegie Mellon University Software Engineering Institute CERT Coordination Center.

The playbook could face implementation challenges since its publication comes just six days before the transition of power in Washington. The next administration could seek to significantly scale back the cyber defense agency. While President-elect Donald Trump has yet to announce many key cyber positions in his White House, newly empowered Republicans appear likely to push for budget cuts and a reprioritization of CISA's mission (see: CISA Faces Uncertain Future Under Trump).

Previous
Orchid Security Raises $36M to Take On Identity Management
Next
Ransomware Campaign Targets Amazon S3 Buckets

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.



Around the Network

Addressing Gen AI Privacy, Security Governance in Healthcare
Addressing Gen AI Privacy, Security Governance in Healthcare
How Will Health Data Privacy, Cyber Regs Shape Up in 2025?
How Will Health Data Privacy, Cyber Regs Shape Up in 2025?
What's Ahead for Healthcare Cyber Regs, Legislation in 2025?
What's Ahead for Healthcare Cyber Regs, Legislation in 2025?
Why Hackers Love Weekend and Holiday Attacks
Why Hackers Love Weekend and Holiday Attacks
Contingency Planning for Attacks on Critical Third Parties
Contingency Planning for Attacks on Critical Third Parties
Protecting Highly Sensitive Health Data for Research
Protecting Highly Sensitive Health Data for Research
Wanted: An Incident Repository For Healthcare Nonprofits
Wanted: An Incident Repository For Healthcare Nonprofits
Protecting the C-Suite in the Wake of UHC CEO's Murder
Protecting the C-Suite in the Wake of UHC CEO's Murder
The Future of CISA in Healthcare in the New Administration
The Future of CISA in Healthcare in the New Administration
How Hackers Can Manipulate AI to Affect Health App Accuracy
How Hackers Can Manipulate AI to Affect Health App Accuracy

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.

  翻译: