NEWS BRIEF
The U.S. Cybersecurity and Infrastructure Safety Company has launched a brand new playbook offering detailed steering for AI builders, suppliers, and adopters on the best way to voluntarily share cybersecurity info with federal companies, non-public business companions, and worldwide stakeholders.
The JCDC AI Cybersecurity Collaboration Playbook encourages sharing details about cybersecurity incidents and vulnerabilities linked to AI programs. The playbook outlines particular protections and mechanisms for info trade, equivalent to using Visitors Mild Protocol (TLP), which ensures managed dissemination of delicate info. Organizations ought to use the playbook to outline their incident response actions, strengthen info sharing processes, and fortify defenses, CISA mentioned. Participation is voluntary and there aren’t any regulatory necessities for collaborating.
The playbook encourages sharing info when malicious exercise focusing on AI programs is noticed and proactively reporting newly recognized cybersecurity vulnerabilities in merchandise. Organizations are inspired to share info that can be utilized to detect and forestall incidents, expose and disrupt adversary techniques and infrastructure, coordinate to handle malicious infrastructure, and to establish and notify victims. Trade companions ought to flag alternatives for technical exchanges, establish precedence points for the AI group, promote after-the-fact analyses and knowledge-sharing, and be part of the JCDC.
“The playbook additionally identifies actionable info sharing classes relevant to broader essential infrastructure stakeholders and different sharing mechanisms,” the company mentioned in an announcement. “CISA encourages organizations to undertake the playbook’s steering to reinforce their very own information-sharing practices, contributing to a unified method to AI-related cybersecurity threats throughout essential infrastructure.”
Points associated to AI equity and ethics, in addition to AI security matters — equivalent to dangers to human life, well being, property or the atmosphere — aren’t lined by the playbook, CISA mentioned.
The playbook was developed primarily based on the outcomes of two tabletop workouts in 2024 involving over 150 contributors. The primary train, hosted by Microsoft in June, explored the distinctive challenges posed by AI cybersecurity incidents. The second train, hosted by Scale AI in September, highlighted the necessity for enhanced operational collaboration and knowledge sharing. CISA plans to periodically replace the playbook with new suggestions.
Source link