CISA, JCDC, Government and Industry Partners Conduct AI Tabletop Exercise

WASHINGTON – Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) conducted the federal government's inaugural tabletop exercise with the private sector focused on effective and coordinated responses to artificial intelligence (AI) security incidents. This exercise brought together more than 50 AI experts from government agencies and industry partners at the Microsoft Corp. facility in Reston, Virginia.

The four-hour exercise was led by the Joint Cyber Defense Collaborative (JCDC), a public-private partnership model established by CISA to undertake joint planning efforts and drive operational collaboration. This exercise simulated a cybersecurity incident involving an AI-enabled system and participants worked through operational collaboration and information sharing protocols for incident response across the represented organizations. CISA Director Jen Easterly and FBI Cyber Division Deputy Assistant Director Brett Leatherman delivered opening and closing remarks, respectively, emphasizing the need for advancing robust operational structures to address existing and potential security threats, while prioritizing secure-by-design AI development and deployment.

This tabletop exercise is supporting the development of an AI Security Incident Collaboration Playbook spearheaded by JCDC.AI, a dedicated planning effort within JCDC focused on building an operational community of AI providers, AI security vendors, and other critical infrastructure owners/operators to address risks, threats, vulnerabilities, and mitigations concerning AI-enabled systems in national critical infrastructure. The playbook, slated for publication by year-end, will facilitate AI security incident response coordination efforts between government, industry, and global partners.

“This exercise marks another step in our collective commitment to reducing the risks posed by AI. It also highlights the importance of developing and delivering AI products that are designed with security as the top priority,” said CISA Director Jen Easterly. “As the national coordinator for critical infrastructure security and resilience, we’re excited to work with our partners to build on this effort to help organizations secure their AI systems.”

“This exercise demonstrates the FBI’s commitment to leveraging its partnerships to ensure that we are all better prepared to handle threats in this space,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “We are stronger when we come together to share information and determine best practices in the evolving AI landscape. We will continue to work extensively with our interagency and private sector partners to combat bad actors and safeguard infrastructure.”

"Today's gathering shows the value of preparation and collaboration for cyber incident response. As we enter a new AI Landscape, security is critical, and collaboration with industry and government partners is crucial to developing an effective and coordinated response to security incidents. Practicing response scenarios and simulations like today’s AI-focused tabletop exercise drive learning and sharing that will help strengthen cyber resilience across the board. Security is a top priority at Microsoft, and we appreciate CISA's leadership, as well as the opportunity to host and participate in this exercise,” said Bret Arsenault, CVP, Chief Cybersecurity Advisor, Microsoft.

“Palo Alto Networks is proud to partner with the JCDC.AI and other industry partners on this critical exercise. The opportunity to work with other industry-leading AI experts and simulate the compromise of a critical AI system will give us all the ability to enhance response strategies and improve AI security systems to better protect digital ecosystems that rely on AI capabilities. As the adoption of AI has expanded, we’ve seen a similar growth in complexity in the cyber threat environment. Public-private collaborations on critical exercises like this will better protect our digital way of life,” said Sandy Reback, Vice President, Public Policy & Government Affairs, Palo Alto Networks.

"The insights we will gain from this exercise will be vital for developing immediate response strategies and shaping the future of AI security. The upcoming AI Security Incident Collaboration Playbook will serve as a critical resource for all stakeholders, ensuring that we will be prepared and resilient in the face of AI-related threats," said Jonathan Dambrot, CEO of Cranium.

“AI applications are increasingly becoming high-value targets for threat actors, and the current speed at which vulnerabilities are being discovered puts them at an advantage. Coordinated AI threat intelligence sharing and response is critical to helping organizations securely adopt AI and safeguard their systems, and we're pleased to participate in the JCDC tabletop exercise," said Hyrum Anderson, Chief Technology Officer, Robust Intelligence.

"At OpenAI, we firmly believe that security is a team sport. It thrives on collaboration and benefits immensely from transparency. We are proud to have taken part in the tabletop exercise with JCDC.AI and other security leaders—these collaborations benefit our efforts of safely developing and deploying AI technology. This initiative not only strengthens our defenses but also fosters a community dedicated to collective security advancements, which includes realizing the benefits of using AI tools for cyber defense,” said Matt Knight, Head of Security at OpenAI.

"Simulating adversarial threats against AI systems in a controlled setting is an invaluable training ground to equip security teams with an understanding of the vulnerabilities and threats that exist today. HiddenLayer is honored to join this initiative, which underscores our shared dedication to empowering organizations to adopt AI securely while protecting our national infrastructure from emerging threats," said Chris Sestito, CEO & Co-Founder of HiddenLayer.

“With critical infrastructure facing increasingly severe attacks and the rise of AI threats, early preparedness and routine testing is more important than ever to reduce any collateral damage,” said Troy Bettencourt, Global Partner, Head of IBM X-Force. “We are proud to join CISA JCDC and participate in this foundational exercise uncovering the insights and actions needed to help protect these vital organizations from AI-based attacks.”

“At Protect AI we are committed to building a safer AI powered world. This exercise is an important one to ensure that organizations are securing AI commensurate to the value it delivers. We are honored to be a part of it, and will continue to support the ongoing efforts of CISA to ensure that AI is being built and used securely,” said Ian Swanson, Protect AI CEO and Co-Founder.

"Scale AI is proud to participate in the JCDC's inaugural AI security tabletop exercise, reinforcing our commitment to secure-by-design principles in AI development. Our collaboration highlights the essential role of public-private partnerships in enhancing the resilience of national critical infrastructure against AI-related threats," said Alex Levinson, Head of Security, Scale AI.

"I applaud CISA's effort on the development of the AI Security Incident Collaboration Playbook, a well-needed initiative spearheaded by JCDC. This tabletop exercise marks a significant step forward in enhancing an operational community of fellow AI providers, AI security vendors, and critical infrastructure owners and operators. This playbook will serve as a great resource for coordinating AI security incidents among industry peers and global partners, ensuring a resilient and secure technological future," said Omar Santos, Security and Trust, Cisco.

Participants included the Amazon Web Services, Cisco, Cranium, HiddenLayer, IBM, Microsoft, NVIDIA, OpenAI, Palantir, Palo Alto Networks, Protect AI, Robust Intelligence, Scale AI, Federal Bureau of Investigation, National Security Agency, Office of the Director for National Intelligence, Department of Defense, and Department of Justice, and other leading technology firms. A second exercise later this year will incorporate AI integrators in U.S. critical infrastructure.

These efforts align with CISA Roadmap for AI and the 2024 JCDC Priorities, focusing on establishing incident response capabilities and decreasing AI-related threats to national critical infrastructure through robust public-private collaboration.

For more information on CISA’s work, visit Artificial Intelligence.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Disclaimer:CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked or referenced within this press release. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.