DHS to release AI guidance for critical infrastructure

The Department of Homeland Security’s efforts to codify the best cybersecurity practices to help protect U.S. critical infrastructure have expanded to cover emerging technology with upcoming guidance on how to leverage artificial intelligence technologies. 

Robert Silvers, the Department of Homeland Security Office of Policy undersecretary, discussed the benefits AI and machine learning systems can offer to national security and acknowledged the accompanying risks for an emerging technology with limited guardrails at the Institute for critical Infrastructure Technology’s AI DC 2023 briefing Wednesday. 

Within DHS, Silvers said that the agency’s priorities are to function as a “vanguard” for establishing regulatory frameworks for the safe and ethical usage of AI within and outside of the agency. 

“[AI] can be a wonderful thing, but you can also have more work to do to make sure that it's done responsibly and safely for the American people,” he said. “And so that's the approach that we take.”

To facilitate this, Silvers said that DHS is working on developing guidance for critical infrastructure companies on how to securely deploy AI solutions in their operations. The scope of this forthcoming guidance will address how to successfully audit front and back end systems, when to incorporate humans in automated processes and how to mitigate widespread, severe system failure. 

“We're going to be issuing that kind of guidance,” he said, adding that pending regulatory components will further mandate certain baseline levels of safety and security levels to which to adhere.  

The context for DHS’s work on AI guidance stems from the ongoing threat posed by adversaries and their digital presence in U.S. networks. Silvers described China as a “generational challenge,” whose state-linked threat actors continue to target U.S. critical infrastructure and intellectual property, in addition to working to undermine U.S. standing with other countries via disinformation campaigns and similar network disruptions. 

“We have increasing evidence that China has not just been conducting cyber attacks for espionage purposes, for a long time, but it's actually establishing presence in critical infrastructure networks,” he said. 

Silvers said that DHS is looking out for the adversarial use cases of more generative AI systems — which can enhance cyberattacks on digital networks — and advanced, anthropomorphized phishing campaigns.

Despite the possibility for sophisticated offense, Silvers said that AI softwares have had a potentially stronger impact on network defense and security; that is, AI has not launched a “catastrophic” cyber attack yet. 

“But let's not be Pollyannaish about it; there's going to be adversarial use for sure,” he said. 

Ongoing industry partnerships are a standard policy key for DHS as it works to empower critical infrastructure entities to better learn about the cybersecurity benefits and risks from deploying AI technologies. 

“When you're looking at an application of AI technology, it's important to understand what are the safety risks in absolute terms,” he said. “It's also important to look on an imperative basis,  how safe is that compared to what we do now?”