Summary
The AI Cybersecurity Collaboration Playbook from the Cybersecurity and Infrastructure Security Agency helps organizations share artificial intelligence cybersecurity information to improve AI system security and resilience. CISA encourages using the playbook to improve information sharing practices for a unified approach to cyber threats. The playbook facilitates collaboration, guides information sharing on incidents and vulnerabilities with the Joint Cyber Defense Collaborative, and delineates sharing protections. The Cybersecurity Information Sharing Act of 2015 protects non-federal entities when they share cyber threat indicators and defensive measures. CISA acts as a central hub, analyzing shared data and disseminating it to relevant partners.
FAQs
What is the AI Cybersecurity Collaboration Playbook?
The playbook offers guidance for organizations across the AI community—including AI providers, developers, and adopters—to voluntarily share AI-related cybersecurity information with the Cybersecurity and Infrastructure Security Agency (CISA) and other partners through the Joint Cyber Defense Collaborative (JCDC).
What is the purpose of this playbook?
The playbook aims to facilitate collaboration, guide JCDC partners on sharing information related to AI system incidents and vulnerabilities, delineate information-sharing protections and mechanisms, and outline CISA’s actions upon receiving shared information to strengthen collective defense.
What are the goals of the playbook?
The playbook is intended to foster operational collaboration among government, industry, and international partners and will be periodically updated to ensure adaptability to the dynamic threat landscape as AI adoption accelerates.
What topics are outside the scope of the playbook?
AI safety topics, such as risks to human life, health, property, or the environment, and issues related to AI fairness and ethics are outside the scope of this playbook.
What are the benefits of sharing information through JCDC?
Companies benefit from enhanced coordination, government support, and the ability to collaborate on AI cybersecurity issues within a trusted environment.
What protections are in place for information sharing?
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) creates protections for non-federal entities to share cyber threat indicators and defensive measures for a cybersecurity purpose. These protections include non-waiver of privilege, protection of proprietary information, exemption from disclosure under the Freedom of Information Act (FOIA), and prohibition on use in regulatory enforcement.
How can information be shared with JCDC?
Information can be shared via email at CISA.JCDC@cisa.dhs.gov, following the Traffic Light Protocol (TLP) marking system.
What is TLP?
CISA leverages the Traffic Light Protocol (TLP) as its primary dissemination control marking system. All data shared within JCDC via email should be clearly marked with the relevant TLP designation.
What kind of information should be proactively shared?
JCDC encourages partners to proactively share actionable information as early as possible for an AI cybersecurity incident or vulnerability. Key information on malicious activity, trends, pre-release publications, and assessments.
What are examples of proactive information categories?
Observed malicious activity, suspicious behavior, JCDC partner priorities, threat assessments, system configuration information, blogs and publications, and new best security practices and lessons learned.
What should be included when sharing information about an incident or vulnerability?
A description of the incident or vulnerability, how it was detected, affected AI artifacts and systems, affected users or victims, broader impacts of the attack, mitigations, attribution and malicious actor profile, and technical data and analysis.
What actions does CISA take upon receiving shared information?
CISA aggregates and validates the information, analyzes and enriches the data, and coordinates internally and externally to take appropriate defensive action.
What is enhanced coordination?
Enhanced coordination involves increasing information sharing and expanding collaboration when routine operations cannot fully address or understand a cybersecurity issue.
What additional actions can AI security specialists and stakeholders take?
Flag opportunities for technical exchanges, identify priority issues for the AI community, promote post-mortem analyses and knowledge sharing, and become a JCDC partner.