Both Lisa Einstein's role as CISA's first Chief AI Officer and the agency's AI Pilot Program showcase the potential and challenges of AI in cybersecurity.
On August 1, 2024 the Cybersecurity and Infrastructure Security Agency (CISA) named their first ever Chief Artificial Intelligence Officer, Lisa Einstein. Before being appointed, Einstein acted as CISA’s Senior Advisor for AI from 2023, and as the Executive Director of CISA’s Cybersecurity Advisory Committee from 2022. There, she piloted CISA’s 2023-2024 AI Roadmap, which created standards for AI use and addressed many concerns about malicious AI use.
Cybersecurity officials like CISA Director Jen Easterly have praised Einstein’s expertise and work to make AI a bigger focus at the agency, saying: “I am proud of how our team at CISA has come together in the last two years to understand and respond to rapid advancements in AI—many of which have significant implications for our core missions of cyber defense and critical infrastructure security. Lisa Einstein has been central to that effort. Beyond her technical expertise, she’s an inspirational leader who has brought together colleagues across the agency around a clear and impactful vision. I could not be more thrilled to have her take on this important new role, which will help us continue to build AI expertise into the fabric of our agency and ensure we are equipped to effectively leverage the power of AI well into the future.”
In the press release, Einstein expressed her gratitude for the new role and emphasized the need for better AI tools and collaboration when producing them: “I care deeply about CISA’s mission – if we succeed, the critical systems that Americans rely on every day will become safer, more reliable, and more capable. AI tools could accelerate our progress. But we will only reap their benefits and avoid harms from their misapplication or abuse if we all work together to prioritize safety, security, and trustworthiness in the development and deployment of AI tools”.
Already, CISA is making headway on these goals. On July 29, 2024 CISA released information about the Pilot for Artificial Intelligence-Enabled Vulnerability Detection, which ran from late 2023 to early 2024. The point of the pilot was to see if the current software products that use AI to detect vulnerabilities were more efficient than similar products that didn’t use AI. The primary testing focus were the latest AI products, like those using Large Language Models (LLMs). They found that AI tools are most effective when used to supplement existing methods for vulnerability detection rather than replace them. Still, AI use could prove to be problematic - the learning curve for using AI can be steep, and the tools can sometimes behave unpredictably. As AI tools continue to advance, CISA plans to continue monitoring and testing AI tools to enhance its capabilities.
Lisa Einstein's appointment as CISA's first Chief Artificial Intelligence Officer is a key milestone in the agency's evolving approach to cybersecurity. The success of initiatives like the AI-Enabled Vulnerability Detection pilot highlights the potential of AI in enhancing cybersecurity, while also emphasizing the need for careful oversight. With Einstein at the helm, CISA is well-positioned to integrate AI into its operations effectively and responsibly.