CISA’s Roadmap for Artificial Intelligence

CISA’s Roadmap for ARTIFICIAL Intelligence

The security challenges associated with AI parallel cybersecurity challenges associated with previous generations of software that manufacturers did not build to be secure by design, putting the burden of security on the customer. Although AI software systems might differ from traditional forms of software, fundamental security practices still apply.

As noted in the landmark Executive Order 14110, “Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence (AI),” signed by the President on October 30, 2023, “AI must be safe and secure.” As the nation’s cyber defense agency and the national coordinator for critical infrastructure security and resilience, CISA will play a key role in addressing and managing risks at the nexus of AI, cybersecurity, and critical infrastructure.

CISA’s Roadmap for Artificial Intelligence

CISA has developed a Roadmap for Artificial Intelligence, which is a whole-of-agency plan aligned with national AI strategy, to address our efforts to: promote the beneficial uses of AI to enhance cybersecurity capabilities, ensure AI systems are protected from cyber-based threats, and deter the malicious use of AI capabilities to threaten the critical infrastructure Americans rely on every day.

CISA will implement the Roadmap through five lines of effort:

Line of Effort 1: Responsibly use AI to support our mission

CISA will use AI-enabled software tools to strengthen cyber defense and support its critical infrastructure mission. CISA’s adoption of AI will ensure responsible, ethical, and safe use—consistent with the Constitution and all applicable laws and policies, including those addressing federal procurement, privacy, civil rights, and civil liberties.
Line of Effort 2: Assure AI systems

CISA will assess and assist secure by design, AI-based software adoption across a diverse array of stakeholders, including federal civilian government agencies; private sector companies; and state, local, tribal, and territorial (SLTT) governments through the development of best practices and guidance for secure and resilient AI software development and implementation.
Line of Effort 3: Protect critical infrastructure from malicious use of AI

CISA will assess and recommend mitigation of AI threats facing our nation’s critical infrastructure in partnership with other government agencies and industry partners that develop, test, and evaluate AI tools.
Line of Effort 4: Collaborate and communicate on key AI efforts with the interagency, international partners, and the public

CISA will contribute to DHS-led and interagency processes on AI-enabled software. This LOE includes developing policy approaches for the U.S. government’s overall national strategy on AI and supporting a whole-of-DHS approach on AI-based-software policy issues. This LOE also includes coordinating with international partners to advance global AI security best practices and principles.
Line of Effort 5: Expand AI expertise in our workforce

CISA will continue to educate our workforce on AI software systems and techniques, and the agency will continue to actively recruit interns, fellows, and future employees with AI expertise. CISA will ensure that internal training reflects—and new recruits understand—the legal, ethical, and policy aspects of AI-based software systems in addition to the technical aspects.