At the end of 2024, we’ve reached a moment in artificial intelligence (AI) development where government involvement can help shape the trajectory of this extremely pervasive technology.

In the most recent example, the Department of Homeland Security (DHS) has released what it calls a “first-of-its-kind” framework designed to ensure the safe and secure deployment of AI across critical infrastructure sectors. The framework could be the catalyst for what could become a comprehensive set of regulatory measures, as it brings into focus the significant role AI will play in securing key infrastructure systems.

As Secretary Alejandro N. Mayorkas put it, “AI offers a once-in-a-generation opportunity to improve the strength and resilience of U.S. critical infrastructure, and we must seize it while minimizing its potential harms. The framework, if widely adopted, will go a long way to better ensure the safety and security of critical services that deliver clean water, consistent power, internet access and more.”

Mayorkas’ statement underscores the urgency of getting it right, as today’s decisions will profoundly shape how AI impacts vital systems in the future.

Key features of the DHS AI framework

The framework lays out clear roles and responsibilities for the parties involved in AI development and deployment for critical infrastructure.

Risk management guidance: DHS suggests an approach that incorporates ongoing risk management, advising stakeholders to continually identify, assess and mitigate potential AI risks. The recommendation includes adopting transparent mechanisms to track AI decisions that could impact essential services.

Ethical standards for developers: The guidelines stress the importance of incorporating ethical considerations into AI design, and make a push for responsible practices that minimize harm and ensure equitable treatment.

Collaboration across sectors: Recognizing the interconnected nature of infrastructure, DHS is promoting collaboration between public and private sectors to share best practices and vulnerabilities effectively. Information sharing is always a great way to minimize the risks brought about by both deliberate attacks and unintended failures.

Incident response preparedness: The framework also outlines how AI developers and operators should prepare for potential incidents; clear protocols must be in place to quickly address issues before they escalate.

Explore AI cybersecurity solutions

What are the responsibilities of AI developers?

One of the most notable aspects of the DHS report is the explicit focus on the responsibilities of AI developers.

The guidelines set a new precedent by outlining clear expectations, especially for those creating AI tools meant to operate in or interact with critical infrastructure.

This focus on developers is particularly important because they are at the forefront of creating technology that directly influences critical systems. The decisions made during the design, development and deployment phases can have significant consequences and impact everything from public safety to national security. By giving developers a structured set of responsibilities, DHS is hoping to create a culture of accountability and foresight in the AI community.

As such, AI developers are encouraged to take the following actions to align with the new guidelines.

Design with risk in mind: Developers are urged to build AI systems that prioritize safety and resilience from the ground up, especially when the technology is intended to interact with critical services like power grids or communication networks. This means integrating fail-safes, conducting stress tests and simulating potential failure scenarios during the design phase.

Adopt explainable AI practices: Transparency is crucial for AI developers. The framework urges the adoption of explainable AI techniques that allow human operators to understand why certain decisions were made. This practice boosts trust while also providing an audit trail that can be useful in identifying the root causes of any issues that arise.

Collaborate for broader impact: Developers should not just work alone but actively engage with a broader community of stakeholders, including policymakers, users and other tech creators. After all, collaboration helps ensure that AI tools are safe, reliable and ready to operate under real-world conditions.

By following these guidelines, developers can help build AI systems that meet technical standards and also align with societal values and safety requirements. The focus on explainable AI, risk-based design and collaboration creates a balanced approach that can maximize the benefits of AI and minimize its potential downsides.

Why does this matter now?

The release of the AI framework is a good reminder that AI technology is not evolving in a vacuum. Today, AI is more pervasive than ever before, but its use in critical infrastructure demands the highest level of care and responsibility. With the focus on developers as important players in minimizing risks, the DHS is creating an environment where AI can thrive without compromising essential public services.

It’s important to note that the responsibility for secure AI extends beyond the developer stage. Tech organizations will play a key role as well. Arvind Krishna, Chairman and CEO of IBM, says, “The DHS Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure is a powerful tool to help guide the responsible deployment of AI across America’s critical infrastructure, and IBM is proud to support its development. We look forward to continuing to work with the Department to promote shared and individual responsibilities in the advancement of trusted AI systems.”

Secretary Mayorkas echoes those sentiments, adding, “The choices organizations and individuals involved in creating AI make today will determine the impact this technology will have in our critical infrastructure tomorrow.”

The secretary’s words capture the essence of why this framework matters: We need to shape the future of AI in a way that protects and enhances the services that are foundational to our society.

The post DHS: Guidance for AI in critical infrastructure appeared first on Security Intelligence.

As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.

The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?

Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should we be looking out for?

To get the answers to these pressing questions, we spoke with Jake Braun, former Principal Deputy National Cyber Director under President Biden and lecturer and senior advisor at Harris School of Public Policy at the University of Chicago.

The current state of cybersecurity

According to Braun, the current state of cybersecurity in the country is showing significant progress. Still, he says, it remains a work in progress.

Recent initiatives, such as the White House’s efforts to modernize security policies, are moving the needle forward. Braun notes that the push towards using memory-safe programming languages like Rust to replace older, vulnerable languages and initiatives for improving BGP security are signs that national-level cybersecurity is receiving strategic attention.

“The focus has shifted from addressing specific vulnerabilities to eliminating entire classes of threats by enhancing infrastructure fundamentals,” he said.

Another exciting development is the government’s approach to the cybersecurity skills gap, as they move away from requiring traditional four-year degrees for cybersecurity roles. Instead, there’s a push towards skill-based training, aiming to fill gaps in cybersecurity staffing quickly and effectively.

“We need to move past the outdated notion that every cybersecurity role requires a Ph.D. or even a four-year degree,” Braun said. “Many of these roles can be filled by individuals with hands-on experience and targeted skills training, which allows us to broaden the talent pool and address critical workforce shortages more effectively.”

While challenges like over-regulation and fragmented compliance requirements still exist, there is notable progress in streamlining these areas to free up resources for actual security improvements.

What will government cybersecurity look like in 2025?

Government cybersecurity is expected to evolve into a more cohesive and strategically aligned effort. There will likely be continued work on harmonizing cybersecurity regulations, which will reduce the bureaucratic overhead for corporations and government entities alike.

“By 2025, I expect we will see a much more unified approach to cybersecurity regulations,” he said. “It will significantly reduce the burden on corporations and allow them to focus on real security measures rather than compliance paperwork.”

Another key area of focus, while not directly cybersecurity-related at first glance, is improving the resilience of critical infrastructure. The Bipartisan Infrastructure Law (BIL), the CHIPS Act and the Inflation Reduction Act have already laid the groundwork for enhancing cybersecurity in sectors like energy, transportation and telecommunications. These investments are expected to bring about significant improvements in the security posture of both public and private infrastructure — essentially ensuring that cybersecurity is built into the core of modernization efforts rather than being an afterthought.

One example Braun points to is modernizing the electrical grid and water systems, including enhanced cyber protections to prevent both physical and digital disruptions.

“Those three bills make up almost $2 trillion of investment in our infrastructure around the country,” he said. “And while cyber’s only called out explicitly in a few places, it’s kind of implicit in pretty much every single aspect of these bills. You can’t build a new wind farm and hook it up to the grid without there being cyber involved.”

Another effort that is expected to continue is the focus on public-private partnerships. While a distrust in information sharing still exists, the government recognizes that effective cybersecurity cannot be achieved in isolation. Increased collaboration with private sector companies will be critical for sharing threat intelligence, aligning security standards and responding swiftly to emerging threats.

Circling back to the skills gap issue, Braun expects there will be an increased emphasis on cybersecurity education and workforce development. Programs to re-skill workers, provide hands-on training, and promote diversity within the cybersecurity workforce will be expanded.

“While technology is inherently not secure because… just talk to any hacker at DefCon and they’ll tell you that you can hack pretty much anything… I do think that we’re being more strategic, and we’ve got more resources and more initiatives that are strategic and not just tactical going on now than we did before.”

What threats should we be aware of?

Despite the many reasons for optimism, potentially harmful threats are on the horizon. According to Braun, geopolitical tensions, particularly with Ukraine as well as China’s ambitions in Taiwan, pose significant cybersecurity challenges.

“These situations could dramatically influence the evolution of cyber threats and how we need to position ourselves defensively,” he said.

The outcome of these international developments will shape how cyber threats evolve and how the U.S. can position itself to defend against both state-sponsored and independent actors.

Braun suggests that The New Great Game over control of the internet — whether it will remain free and democratic or become fragmented and authoritarian — is another issue that governments around the world must pay attention to. The outcome can impact the future of digital freedom across the globe.

“China’s Belt and Road Initiative has put many smaller countries in a tough predicament, giving China leverage to push their authoritarian model of internet governance. This could lead to a fragmented global internet, which would have serious implications for cybersecurity and digital freedom.”

Facing cybersecurity in 2025 with proactive measures

Still, Braun is approaching 2025 with cautious optimism. He emphasized that while technology will always have inherent vulnerabilities, the strategic approach of the government — coupled with substantial investments — lays the foundation for the future of national cybersecurity to be more promising than it has been in previous years.

“The country will likely be better prepared due to the significant investments in infrastructure and security standards, as well as initiatives to enhance workforce capabilities,” he said. “The significant investments we’re making in infrastructure and cybersecurity standards are going to put us in a much better place. We’re seeing proactive measures, like bolstering cybersecurity in critical areas such as water utilities, which are crucial for both civilian and military stability.”

The post Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in appeared first on Security Intelligence.