CISA conducts AI-driven cyber tabletop exercise with government and industry

On Thursday, the Cybersecurity and Infrastructure Security Agency kicked off its inaugural tabletop exercise with over 50 AI experts across government and industry in a four hour drill to help understand and mitigate digital threats to artificial intelligence systems.

Led by the Joint Cyber Defense Collaborative, a consortium of public and private sector leaders, the tabletop exercise simulated a cybersecurity incident targeting an AI-enabled system. Participants practiced incident response efforts to mitigate the damage caused by the hypothetical attack, including information sharing and operation collaboration. 

The exercise was broken into three modules and described a hypothetical scenario in which hackers were able to circumvent an internally customized AI defense agent in an organization’s email system. A set of the government participants were kept out of the first two modules and entered during the third to then simulate how industry participants would interact and collaborate with new entrants after an incident had occurred.

The mission of the tabletop exercise was to build awareness of how AI systems can present new vectors for cyberthreats to digital networks, examine current responses and construct  information sharing priorities for the critical infrastructure operators, security vendors and other stakeholders.

“This exercise marks another step in our collective commitment to reducing the risks posed by AI. It also highlights the importance of developing and delivering AI products that are designed with security as the top priority,” said CISA Director Jen Easterly in a statement. “As the national coordinator for critical infrastructure security and resilience, we’re excited to work with our partners to build on this effort to help organizations secure their AI systems.”

The tabletop exercise’s outcomes will help inform a forthcoming playbook CISA and the JCDC are working on releasing at the end of 2024, which will offer support and guidance for AI-based cyberattack responses. The agency plans to conduct a second tabletop exercise to test the playbook after its release.

Amazon Web Services, Cisco, Cranium, HiddenLayer, IBM, Microsoft, NVIDIA, OpenAI, Palantir, Palo Alto Networks, Protect AI, Robust Intelligence, Scale AI, FBI, National Security Agency, Office of the Director for National Intelligence, Department of Defense, and Department of Justice were among the participating agencies and companies. 

"At OpenAI, we firmly believe that security is a team sport. It thrives on collaboration and benefits immensely from transparency,” said Matt Knight, Head of Security at OpenAI, in prepared remarks. “We are proud to have taken part in the tabletop exercise with JCDC.AI and other security leaders — these collaborations benefit our efforts of safely developing and deploying AI technology.”

The tabletop security exercise follows larger Biden administration initiatives to harness AI’s myriad beneficial uses while mitigating negative outcomes. This was the focal theme of the White House Office of Science and Technology Policy’s AI Aspirations conference, also held on Thursday. 

While AI Aspirations featured system demos and discussions on near-term and present use cases for AI and machine learning systems, leaders noted that AI can both help support modern cybersecurity posture and hinder it. 

“For security here at home, AI will be essential to boost cybersecurity and to protect our critical infrastructure,” OSTP Director Arati Prabhakar said in opening remarks at the conference.