The Department of Homeland Security’s blueprint for artificial intelligence (AI) in critical infrastructure such as the power grid, emergency services and water and IT systems was unveiled Thursday. The question is whether it will be put into action.
The 35-page document, whose origins date to President Joe Biden’s executive order on AI a year ago, “will go a long way to better ensure the safety and security of critical services that deliver clean water, consistent power, internet access, and more,” DHS Secretary Alejandro Mayorkas said in a statement.
But the guidelines may be DOA if President-elect Donald Trump repeals the Biden Administration’s AI policy, as he has vowed. Trump and Tesla Inc. CEO Elon Musk, who has emerged as an influential confidante to Trump, are expected to take a deregulation stance toward AI.
“I of course cannot speak to the incoming administration’s approach to the [AI Safety and Security Board] that we have assembled,” Mayorkas said in a call with reporters. However, he said the framework “will endure” with the support of all 23 members of the board that helped craft the document. Its members include OpenAI CEO Sam Altman, NVIDIA Corp. CEO Jensen Huang, Alphabet Inc. CEO Sundar Pichai, and Microsoft Corp. CEO Satya Nadella.
“It is quite important that [AI regulation] should not impair our leadership in the world and not suffocate our inventiveness,” Mayorkas said. “This framework…could ward off precipitous regulation or legislation that does not move at the speed of business and does not embrace and support our innovative leadership.”
As part of its infrastructure plans amid AI growth, DHS recently said it had completed a handful of generative AI pilots. Under one project, the U.S. Citizenship and Immigration Services deployed a GenAI tool to help train immigration officers to interact with refugee and asylum seekers. Another project had Homeland Security Investigations use large language models (LLM) to create summaries of law enforcement reports. A third pilot program involved the Federal Emergency Management Agency using an LLM to aid state and local communities in drafting community-resilience plans.
The DHS plan “serves as an acknowledgement that the security and privacy fundamentals that have applied to software systems historically also apply to AI today” but recognizes AI poses “new risks in terms of privacy and automation,” David Brauchler, technical director at cybersecurity consultancy NCC Group, said in an email. “Organizations have a responsibility to ensure that the data of their users is safeguarded, and that these systems are properly protected with human oversight when implemented into critical risk applications such as national infrastructure.”
The threat to U.S. interests is real, according to Sam Rubin, vice president and global head of operations, Unit 42, at Palo Alto Networks Inc.
In an interview Thursday, Rubin pointed to “Insidious Taurus” aka Volt Typhoon, an operation tied to China state-sponsored cyber actors with the intent to infiltrate U.S. critical infrastructure IT networks, presumably to disrupt or destroy water supplies and other critical functions in the event of a major crisis or conflict with the U.S.
In a Jan. 31, 2024, hearing, FBI director Christopher Wray told the U.S. House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party that Volt Typhoon represented “the defining threat of our generation.”
Similarly, a hacker increased sodium hydroxide to dangerous levels in the Oldsmar, Fla., water supply in 2021 in an attempt to poison the local population within 24 to 36 hours. The plan was foiled when an employee of a water treatment plant noticed the rising levels and reported the problem.