The US Federal government officials met with several tech companies, including major AI model operators, cybersecurity companies, and AI hardware makers, to kickstart the first joint simulation of a cyberattack on major critical AI systems.
This exercise was essential because responding to cyber threats targeting AI technologies requires a different approach than dealing with typical hacks.
Washington and Silicon Valley are working to get ahead of the unique cyber threats facing AI companies. According to Axios, historically, security measures frequently lag behind the adoption of new technologies, leaving many businesses vulnerable to evolving cyber threats.
Clayton Romans, associate director of the Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative (JCDC), pointed out that as AI tools become more widespread, hackers could use them to speed up and scale their attacks.
The JCDC hosted the tabletop exercise at Microsoft’s offices in Reston, Virginia. As is standard with such simulations, CISA did not publicly disclose the specific incident participants simulated.
The Romans explained that the exercise focused on the current threats they are seeing and how the government and private sector can share information about those threats.
Over 50 AI experts from the US government, international government offices, and private companies, including representatives from Amazon Web Services, Microsoft, Nvidia, OpenAI, and Palantir, participated in the four-hour session.
Kyle Wilhoit, director of threat research at Palo Alto Networks’ Unit 42, was one of the participants. He said the exercise provided an opportunity to talk about the current threats they are seeing and speculate on what new attack vectors leveraging AI might look like.
According to Romans, the exercise also helped CISA identify critical contacts in the private sector for AI-related incidents and vice versa. This mutual understanding is crucial for effective communication and response during an AI-related cyber incident.
The tabletop exercise allowed participants to explore potential new threats on the horizon. The insights gained from the training will contribute to the development of CISA’s forthcoming AI security incident playbook, which is expected to be published before the end of the year.
Romans mentioned that the JCDC plans to host another AI tabletop exercise before releasing the playbook.
The lessons learned from these exercises will be vital in shaping the strategies and protocols for handling AI-related cyber threats.
By proactively addressing these issues, federal officials and industry leaders aim to strengthen the security and resilience of AI systems, ensuring they can withstand and quickly recover from potential cyberattacks.
