On November 14th, CISA released their Roadmap for AI in response to the Executive Order on AI that was released at the end of October.
fAs noted in the landmark Executive Order 14110, “Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence (AI),” signed by the President on October 30, 2023, “AI must be safe and secure .” As the nation’s cyber defense agency and the national coordinator for critical infrastructure security and resilience, CISA will play a key role in addressing and managing risks at the nexus of AI, cybersecurity, and critical infrastructure .
This “2023–2024 CISA Roadmap for Artificial Intelligence” serves as a guide for CISA’s AI-related efforts, ensuring both internal coherence as well as alignment with the whole-of-government
AI strategy . This roadmap incorporates key CISA-led actions as directed by Executive Order 14110, along with additional actions CISA is leading to promote AI security and support critical infrastructure owners and operators as they navigate the adoption of AI .
The roadmap includes CISA’s efforts to:
- Promote beneficial uses of AI to enhance cybersecurity capabilities and other aspects of CISA’s mission;
- Protect the nation’s AI systems from cybersecurity threats; and
- Deter malicious actors’ use of AI capabilities to threaten critical infrastructure .
The security challenges associated with AI parallel cybersecurity challenges associated with previous generations of software that manufacturers did not build to be secure by design, putting the burden of security on the customer . Although AI software systems might differ from traditional forms of software, fundamental security practices still apply . Thus, CISA’s AI roadmap builds on the agency’s cybersecurity and risk management programs . Critically, manufacturers of AI systems must follow secure by design principles: taking ownership of security outcomes for customers, leading product development with radical transparency and accountability,
and making secure by design a top business priority . As the use of AI grows and becomes increasingly incorporated into critical systems, security must be a core requirement and integral to AI system development from the outset and throughout its lifecycle.
Read the full roadmap here.