WASHINGTON — The Trump administration is making progress on creating an information sharing and analysis center for the AI industry to improve its ties with the government as AI cyber threats proliferate, a U.S. official said on Tuesday.
“The administration is absolutely committed to making sure that we’re supporting this industry, making sure that we’re going to foster information sharing,” Nick Andersen, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, said during a talk at an event hosted by the Information Technology Industry Council. “We just want to make sure we take the opportunity to get that relationship right.”
President Donald Trump’s AI Action Plan called for the Department of Homeland Security, the Commerce Department’s Center for AI Standards and Innovation and the White House’s Office of the National Cyber Director to establish an AI-ISAC “to promote the sharing of AI-security threat information and intelligence across U.S. critical infrastructure sectors.”
It would be the first ISAC dedicated to a specific technology rather than a specific infrastructure sector, reflecting the government’s view that AI security is a cross-cutting issue spanning all sectors.
The ISAC would likely help AI companies exchange information about threats and brief the government about their findings, which could help federal agencies quickly alert businesses and infrastructure operators to new threats like sophisticated phishing attacks, autonomous malware and vulnerabilities in AI models.
There is no timeline for the creation of the ISAC, Andersen told reporters after his talk. A draft implementation memo is “working its way through” the interagency process, he said. “We’ve got a couple of different options that we want to be able to consider.”
The government wants to get the AI-ISAC right so the industry doesn’t feel the need to create “a separate, parallel group” later, Andersen said during his talk, and there is “an ongoing policy dialog about the best approach.”
CIPAC, CIRCIA and CISA hiring
Andersen also provided reporters with brief updates on other topics in CISA’s portfolio. He said the agency expected to make an announcement about its forthcoming cyber incident reporting regulation “in pretty short order — in the next couple of weeks, hopefully.” And he said CISA was working with DHS headquarters to fill its depleted ranks as part of a hiring initiative first reported by Cybersecurity Dive.
With CISA developing a replacement for the Critical Infrastructure Partnership Advisory Council framework (CIPAC), Andersen said the new program would reflect changes in the infrastructure security environment since CIPAC’s creation in 2006.
“CIPAC never made any explicit focus on cybersecurity,” Andersen said. “It just wasn’t part of what was chartered back in the day when it was originally launched.” The new framework will also let CISA convene topic-specific working groups to address issues such as the security of operational technology and undersea cables. CISA wants to be able to engage better with infrastructure operators that didn’t have a clear place under the original framework, Andersen said, and “give them a voice in the process.”