Inaugural CISA Tabletop Exercise Tackles Private Sector AI Risk Management


The US’s Cybersecurity and Infrastructure Security Agency (CISA) ran its first tabletop exercise with the private sector late last week. The exercise focused on artificial intelligence security incidents.

Led by the Joint Cyber Defense Collaborative (JCDC), the AI Cyber Tabletop Exercise on June 13, 2024, aimed to capture information beyond conventional cybersecurity incidents to help identify information-sharing opportunities, protocols for public-private engagement, and areas for operational collaboration on AI security incidents.

The primary objectives of this exercise were to:

  • Explore the information-sharing opportunities for cyber incidents involving an AI-enabled system.
  • Examine industry participants’ response procedures and best practices when dealing with a multistage AI incident.
  • Identify areas for improvement in industry and government AI incident response plans, information sharing, and overall organizational resilience during and following a significant AI incident.
  • Assess information-sharing capabilities, needs, and priorities for operational collaboration on cyber incidents involving an AI-enabled system between interagency government partners, industry, and international participants.

CISA will incorporate lessons learned from this exercise into an AI Security Incident Collaboration Playbook to inform operational collaboration across government, industry, and international partners.
A second tabletop exercise will test and validate the Playbook with AI companies and critical infrastructure entities that are integrating AI in their operational environments.