CISA to issue directive on AI executive order, with focus on vulnerability management
CISA readies federal AI directive
The Cybersecurity and Infrastructure Security Agency plans to issue a directive to federal agencies by the end of the week outlining how to carry out the president’s artificial intelligence executive order, Acting Director Nick Andersen said Wednesday.
Speaking at the TechNet Cyber conference in Baltimore, Andersen said the binding operational directive will focus in part on “vulnerability alleviation and vulnerability management.” He also said CISA will begin rolling out “specific artificial intelligence access” to partners in the coming days.
The directive follows Tuesday’s AI executive order, a scaled-back version of an earlier draft that was shelved amid internal conflict within the administration and concerns raised by former artificial intelligence and crypto czar David Sacks. The latest order asks companies to voluntarily submit models to the government for testing 30 days before public release, down from the 90-day window originally sought by the administration.
Andersen said the government needs to weigh the risks posed by advanced models, but he also emphasized the defensive uses of AI in cybersecurity.
“How can we actually use it as a good defensive tool and how is it going to help us reduce our attack surface exposure?” Andersen said.
CISA is expected to play a central role in helping establish the “cyber clearinghouse” envisioned in the order, and Andersen said the agency will also be accessing models to vet them.
He said the broader challenge goes beyond AI itself and reflects long-standing weaknesses in federal IT systems.
“The larger problem we're having to address here is we kick the can down the road in a fairly significant way with our IT infrastructure,” he said. “We have end of life limited service devices that are operating within our environments… Our adversaries can reach in and touch us.”
Sources: