CISA releases roadmap to guide its AI efforts

CISA Director Jen Easterly, shown here at an April 2022 House committee hearing, characterized AI as the 'most powerful technology of our lifetimes' in her agency's AI roadmap.

CISA Director Jen Easterly, shown here at an April 2022 House committee hearing, characterized AI as the 'most powerful technology of our lifetimes' in her agency's AI roadmap. Kevin Dietsch/Getty Images

The Cybersecurity and Infrastructure Security Agency released plans to pursue five lines of effort in support of the administration’s AI objectives.

The Cybersecurity and Infrastructure Security Agency launched a Roadmap for Artificial Intelligence on Tuesday, part of the deluge of AI governance policy beginning with President Joe Biden’s executive order issued in late October to better establish levels of regulation within machine learning technologies.

The roadmap is divided into five lines of effort for CISA and its parent agency, the Department of Homeland Security: responsibly use AI to support mission; assure AI systems; protect critical infrastructure from malicious use of AI; collaborate and communicate on key AI efforts with interagency and international partners, as well as the public; and expand AI expertise in the agency workforce.

The first line of effort states that CISA and DHS will be utilizing AI systems in their business operations, “consistent with the Constitution and all applicable laws and policies.” Sub-objectives listed in the roadmap dictate that CISA incorporate strong cyber defense protocols into its networks, as well as focus on limiting systemic biases with potential AI systems. 

Under the second line of effort, CISA plans to assess the state of AI adoption across the government and its other stakeholders and assure the safety of AI systems through efforts like its Secure by Design initiative.

As part of the third line of effort’s aim to protect critical infrastructure, CISA will stand up an initiative within the Joint Cyber Defense Collaborative and its extension, JCDC.AI, to begin collaborative ventures against threats, vulnerabilities and mitigations that AI systems are exposed to. 

The fourth line’s objectives aim to establish AI policy positions within CISA and DHS, while ensuring such strategies line up with the rest of the government and international regulations.

Finally, to improve its workforce, CISA intends to both recruit new employees with AI expertise and provide upskill training for existing employees that covers both the technical aspects of AI, as well as legal, ethical and policy considerations.

The roadmap overall stresses that the agency should ensure risk mitigation is a design feature in AI/ML systems, continue information sharing in regards to threats and maintain a transparent approach when deploying these technologies.

“Artificial Intelligence holds immense promise in enhancing our nation’s cybersecurity, but as the most powerful technology of our lifetimes, it also presents enormous risks,” said CISA Director Jen Easterly in a statement.

Easterly added that the roadmap will help further a major goal set forth in the recent executive order: ensuring consistent risk mitigation while reaping the benefits new AI tech can offer.

The roadmap describes itself as aligned with the “whole-of-government” approach applicable to all federal agencies, but simultaneously is tailored for CISA to better gauge external and internal coherence with the recent executive order. The roadmap further stipulates that CISA will emphasize aiding DHS in interagency processes related to AI. 

“CISA’s roadmap lays out the steps that the agency will take as part of our department’s broader efforts to both leverage AI and mitigate its risks to our critical infrastructure and cyber defenses,” DHS Secretary Alejandro Mayorkas said. “DHS has a broad leadership role in advancing the responsible use of AI and this cybersecurity roadmap is one important element of our work.”