The Cybersecurity and Infrastructure Security Agency (CISA) is looking to utilize AI capabilities to keep Americans safe from cyber threats and bolster the nation’s cyber defense, CISA Director Jen Easterly said this week.
During a conversation with NightDragon Founder and CEO Dave DeWalt at the Black Hat security conference in Las Vegas on Wednesday, Easterly said that while AI offers a range of possibilities, her agency is focused on its risk reduction capabilities.
“When we saw in November, the release of [Chat]GPT, it’s like the world cracked open and things have been accelerating in terms of the integration of large language model capabilities into all forms of technology and into critical infrastructure,” Easterly said.
“So, even as we figure out how to use these capabilities in amazing ways, to keep us safe, we do have to think about how they can be used by adversaries, by terrorists, by criminals, by rogue nations, for unimaginably terrible things,” she added. “And so, we are doing at CISA a bunch of things.”
First, Easterly said her agency is looking at how to responsibly use AI capabilities for cyber defense. The CISA director noted the “jury’s still out” on whether defense is going to overmatch offense, but regardless, her agency is focused on leveraging innovation to do so.
Additionally, she said CISA is looking at “how to assure AI systems” that will be integrated into critical infrastructure through auditing and penetration testing.
CISA is also “looking at the full range of AI threats to critical infrastructure, both physical and cyber,” she said, in partnership with other Federal agencies.
For example, Easterly pointed to the new two-year competition announced by the Biden administration at Black Hat on Aug. 9 that will leverage AI to protect the United States’ most important software – such as code that helps run the internet and critical infrastructure.
Led by the Defense Advanced Research Projects Agency (DARPA), the “AI Cyber Challenge” (AIxCC) will call on competitors across the United States to identify and fix software vulnerabilities using AI.
“So, a lot going on. I know there’s a lot of amazing things going on with industry, but I really think it’s very important that we work together to be mindful about protecting these capabilities,” Easterly said. “To ensure that as much as possible, we can reduce the risk of them being used for cyberattacks, for biological attacks, for chemical attacks, and all of the terrible things that can be used by very powerful technology.”
