Notice: You are viewing a detailed profile of an entity in our US Agency Mapping resource, in which we have compiled all information relevant for the regulation of advanced AI technologies in the US. To see an overview of all entities, return to the entity overview page.
Index
Department of Commerce (DoC)
International Trade Administration (ITA)
US Patent and Trade Administration (USPTO)
Bureau of Industry and Security (BIS)
National Institute of Standards and Technology (NIST)
US AI Safety Institute (USAISI)
National Telecommunication and Information Administration (NTIA)
Department of Energy (DoE)
Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
Advanced Scientific Computing Research (ASCR)
Office of Critical and Emerging Technology (OCET)
Department of Homeland Security (DoHS)
Cybersecurity and & Infrastructure Security Agency (CISA)
Office of Cyber, Infrastructure, Risk, and Resilience (CIRR)
Department of Homeland Security (DoHS)
Cybersecurity and & Infrastructure Security Agency (CISA)
The Cybersecurity and Infrastructure Security Agency (CISA) leads federal cybersecurity efforts and coordinates critical infrastructure security and resilience in the US. Its mission is to understand, manage, and reduce risks to cyber and physical infrastructure in the United States. In accordance with their AI roadmap, they support the development of the DHS approach on AI policy issues.
Jen Easterly - Executive Director, and Lisa Einstein - Chief AI Officer
Authority & Role
CISA derives its authority from the Cyber Security and Infrastructure Security Agency Act of 2018. CISA’s authorities include securing federal information systems, protecting critical infrastructure, and providing technical assistance to government agencies.
List of authorities granted to CISA under the Cyber Security and Infrastructure Security Agency Act of 2018:
| Authority / Task | Description | Section / Subsection | Additional References |
|---|---|---|---|
| Leadership: Lead cybersecurity and critical infrastructure security programs | Lead cybersecurity and critical infrastructure security programs, operations, and associated policy for the Agency, including national cybersecurity asset response activities | 2202(c)(1) | |
| Collaboration: Coordinate with Federal and non-Federal entities | Coordinate with Federal entities, including Sector-Specific Agencies, and non-Federal entities, including international entities, to carry out the cybersecurity and critical infrastructure activities of the Agency | 2202(c)(2) | Sector-Specific Agencies |
| Information Security: Secure Federal information and information systems | Carry out the responsibilities of the Secretary to secure Federal information and information systems consistent with relevant laws | 2202(c)(3) | Subchapter II of chapter 35 of title 44, United States Code; Cybersecurity Act of 2015 (contained in division N of the Consolidated Appropriations Act, 2016 (Public Law 114–113)) |
| Coordination: Coordinate national effort for critical infrastructure | Coordinate a national effort to secure and protect against critical infrastructure risks | 2202(c)(4) | |
| Technical Support: Provide technical assistance | Provide analyses, expertise, and other technical assistance to critical infrastructure owners and operators | 2202(c)(5) | Sector-Specific Agencies |
| Communications: Emergency communications | Carry out emergency communications responsibilities | 2202(c)(9) | Title XVIII |
| Engagement: Stakeholder outreach and engagement | Carry out cybersecurity, infrastructure security, and emergency communications stakeholder outreach and engagement | 2202(c)(10) | Sector-Specific Agencies |
Programs
In November 2023, CISA released their 2023-2024 Roadmap for Artificial Intelligence. Lines of effort include:
1) Responsibly Use AI to Support [Their] Message
| Objective Number | Objective Description |
|---|---|
| 1.1 | Establish governance and oversight processes for CISA’s use of AI |
| 1.2 | Collect, review, and prioritize AI use cases to support CISA missions |
| 1.3 | Develop an adoption strategy for the next generation of AI-enabled technologies |
| 1.4 | Incorporate cyber defense, incident management, and redress procedures into AI systems and processes |
| 1.5 | Examine holistic approaches to limiting bias in AI use at CISA |
| 1.6 | Responsibly and securely deploy AI systems to support CISA’s cybersecurity mission |
2) Assure AI Systems
CISA will assess and assist secure by design AI-based software adoption across a diverse array of stakeholders:
| Objective Number | Objective Description |
|---|---|
| 2.1 | Assess cybersecurity risks of AI adoption in critical infrastructure sectors |
| 2.2 | Engage critical infrastructure stakeholders to determine security and resilience challenges of AI adoption |
| 2.3 | Capture the breadth of AI systems used across the federal enterprise |
| 2.4 | Develop best practices and guidance for acquisition, development, and operation of secure AI systems |
| 2.5 | Drive adoption of strong vulnerability management practices for AI systems |
| 2.6 | Incorporate AI systems into Secure by Design initiative |
3) Protect Critical Infrastructure From Malicious Use of AI
They will continue working with the Information Technology Sector Coordinating Council’s AI Working Group for advice and feedback. Additionally, CISA is launching Joint Cyber Defense Collaborative (JCDC) to focus specifically on AI-related threats, vulnerabilities, and mitigations.
| Objective Number | Objective Description |
|---|---|
| 3.1 | Regularly engage industry stakeholder partners that are developing AI tools to assess and address security concerns to critical infrastructure and evaluate methods for educating partners and stakeholders |
| 3.2 | Use CISA partnerships and working groups to share information on AI-driven threats |
| 3.3 | Assess AI risks to critical infrastructure |
4) Collaborate with and communicate on key AI efforts with the interagency, international partners and the public
| Objective Number | Objective Description |
|---|---|
| 4.1 | Support the development of a whole-of-DHS approach on AI policy issues |
| 4.2 | Participate in interagency policy meetings and interagency working groups on AI |
| 4.3 | Develop CISA policy positions that take a strategic, national level perspective for AI policy documents, such as memoranda and other products |
| 4.4 | Ensure CISA strategy, priorities, and policy framework align with interagency policies and strategy |
| 4.5 | Engage with international partners surrounding global AI security |
5) Expand AI Expertise in [Their] Workforce
| Objective Number | Objective Description |
|---|---|
| 5.1 | Connect and amplify AI expertise that already exists in CISA’s workforce |
| 5.2 | Recruit interns, fellows, and staff with AI expertise |
| 5.3 | Educate CISA’s workforce on AI |
| 5.4 | Ensure internal training not only reflects technical expertise, but also incorporates legal, ethical, and policy considerations of AI implementation across all aspects of CISA’s work |
Open-Source AI
CISA also recently created a blog post about open source AI.
References
https://www.cisa.gov/sites/default/files/2023-11/2023-2024_CISA-Roadmap-for-AI_508c.pdf
https://www.congress.gov/115/plaws/publ278/PLAW-115publ278.pdf
Index
Department of Commerce (DoC)
International Trade Administration (ITA)
US Patent and Trade Administration (USPTO)
Bureau of Industry and Security (BIS)
National Institute of Standards and Technology (NIST)
US AI Safety Institute (USAISI)
National Telecommunication and Information Administration (NTIA)
Department of Energy (DoE)
Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
Advanced Scientific Computing Research (ASCR)
Office of Critical and Emerging Technology (OCET)
Department of Homeland Security (DoHS)
Cybersecurity and & Infrastructure Security Agency (CISA)
Office of Cyber, Infrastructure, Risk, and Resilience (CIRR)