Federal officials, artificial intelligence model operators and cybersecurity companies conducted the first joint simulation of a cyberattack on a critical AI system last week.
Why it’s relevant: Participants told Axios that responding to a cyberattack on an AI-enabled system will require a different approach than traditional hacks.
Overview: Both Washington and Silicon Valley are trying to get ahead of the unique cyber threats facing AI companies before they become more prevalent.
Security has historically been a secondary priority when new technologies become widespread, leaving many businesses unprepared when cyber threats evolve to attack these devices.
However, as AI tools become more common, hackers could use them to accelerate and scale their attacks, said Clayton Romans, deputy director of the Joint Cyber Defense Collaboration (JCDC) at the Cybersecurity and Infrastructure Security Agency. (CISA), to Axios.
Inside the event: The JCDC hosted the simulation exercise Thursday at Microsoft’s offices in Reston, Virginia.
CISA did not publicly disclose which incident the participants simulated, as is standard practice in any simulation exercise.
Romans mentioned that the incident explored the “threats we are currently seeing” and how the government and the private sector can share information about those threats.
More than 50 AI experts from various US government offices, international governments, and the private sector participated in the four-hour experiment.
Participants included representatives from Amazon Web Services, Microsoft, Nvidia, OpenAI and Palantir.
What they say: Kyle Wilhoit, director of threat research at Palo Alto Networks’ Unit 42, was also part of the exercise.
“It gave us an opportunity to discuss some of the current threats that we’re seeing and really hypothesize, to some degree, what those new vectors might look like in the future using AI,” Wilhoit told Axios.
Between the lines: The simulation exercise helped CISA identify the right people in the private sector to contact in the event of an AI-related incident, and vice versa, according to Romans.
The exercise also helped identify possible new threats on the horizon, Wilhoit added.
What we observed: Lessons from the simulation exercise will inform CISA’s upcoming AI security incident manual, which is expected to be published before the end of the year.
The JCDC hopes to host another AI simulation exercise before releasing the manual, Romans said.
Conclusion: This collaboration between the public and private sectors is a crucial step in strengthening defense against cyber threats in the context of the growing adoption of artificial intelligence.
