CISA Releases Roadmap for AI

The Cybersecurity and Infrastructure Security Agency (CISA) provided a guiding vision and strategy to roadmap CISA AI-related efforts that ensure alignment with a whole-of-government AI strategy following the release of President Biden’s AI security and privacy Executive Order. CISA’s Roadmap for Artificial Intelligence provides a vision of leveraging AI to advance cyber defenses, protecting critical infrastructure from malicious AI, and the secure development of AI prioritizing security as a core integral requirement.

CISA Goals and Lines of Effort (LOE):

CISA’s Strategic 2023-2025 plan listed four strategic goals as guiding principles:

  1. Cyber Defense,
  2. Risk Reduction and Resilience
  3. Operational Collaboration
  4. Agency Unification

To drive all four strategic goals, CISA provided five lines of effort (LOE):

  1. Responsibly use AI to support our mission.
  2. Assure AI systems.
  3. Protect critical infrastructure from malicious use of AI.
  4. Collaborate with and communicate on key AI efforts with the interagency, international partners and the public.
  5. Expand AI expertise in our workforce. Each LOE objective encompasses a detailed outcome and measurable approach to track progress and overall success.

Security Takeaways:

  • CISA plans to establish AI governance by creating its own NIST AI Risk Management Framework profile developing security and privacy controls.
  • The development of AI adoption strategies that incorporate cyber defense, eliminates AI development bias, and explores full lifecycle AI system support for identifying, testing, evaluating, and deploying AI and enabling the responsible, ethical, and safe use of AI.
  • Driving secure by design philosophy, CISA desires to address security and resiliency concerns early in the adoption of AI to empower a timely risk assessment, identify best practices for vulnerability testing, and promote an understanding of vulnerability management integrations.
  • Like President Biden’s EO, CISA plans to operationalize a Joint Cyber Defense Collaborative (JCDC.AI) working group to encourage information partnerships across all enterprise sectors to promote risk awareness, and advance risk management practices associated with AI risk.
    • CISA intends to publish emerging risk documents and evaluate risk management approaches to identify the most suitable framework for assessing and treating AI risk associated with critical infrastructure.
    • Adoption of AI red teaming methods to identify flaws, vulnerabilities, or logic errors, such as harmful or discriminatory outputs from an AI system, unforeseen or undesirable system behaviors, limitations, or potential risks associated with the misuse of the system.  
  • CISA intends to support, develop, and drive the whole-of-DHS AI policy issues supporting the U.S. governmental strategy ensuring all CISA stakeholders are in alignment and all AI-focused guidance is developed in collaboration with relevant US interagency and international partners.
  • A desire to increase AI expertise across the CISA workforce will be accomplished through identifying existing AI expertise, developing existing and new AI talent, and recurringly educating CISA’s entire workforce on the current and future capabilities of AI.

In summary, CISA’s 2023 – 2025 Strategic Plan expands upon the President’s EO while incorporating additional initiatives that promote focus and security supporting the critical infrastructure industry. The efforts described in this plan promote the beneficial use and integration of AI to enhance existing security capabilities while deterring the malicious use of AI and ultimately ensuring our nation’s AI systems are protected from cybersecurity threats. CISA’s AI roadmap is intended to build upon existing cybersecurity and risk management programs.

At CompliancePoint we offer a suite of cybersecurity services that will allow your organization to better defend against and respond to cyber incidents. Contact us at to learn more.

Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.