DHS highlights AI as a threat and asset to critical infrastructure in new priority guidance

Artificial intelligence is one of the emergent technologies the Department of Homeland Security is monitoring under its 2024-2025 Strategic Guidance and National Priorities for U.S. Critical Infrastructure Security and Resilience plan, as AI and other advanced systems become part of the broader global threat vector to digital networks.

Dated June 14 and released publicly on Thursday, the guidance focuses on efforts to improve the security and durability of the U.S.’s infrastructure and mitigate disruptions. In an increasingly digitized world, key societal systems, such as the electrical grid, water treatment facilities, transportation systems, health care facilities and more operate on an automated and digital level.

As innovation continues to expand emerging systems like AI, DHS said it will focus on fortifying cyber components of critical infrastructure against AI-related risks. 

“We must continue to proactively address AI as a transformative and general-purpose technology and consider the implications of other emerging technologies on critical infrastructure,” the guidance reads. 

The guidance notes that AI systems are also capable of helping defend critical infrastructure operations and recommends that critical infrastructure operators and sector risk management agencies identify where AI technologies could be deployed internally to support cybersecurity efforts and threat detection –– while adhering to the National Institute of Standards and Technology’s AI Risk Management Framework and other relevant DHS guidance.

“While we must look to mitigate new risks, we must also recognize that new AI-enabled systems and other emerging technologies will also provide new tools to help mitigate threats to critical infrastructure,” the document reads. 

DHS also noted that quantum information systems are another area of concern for critical infrastructure security. Although still in its infancy, quantum computing poses a theoretical threat to all digital systems. The advent of a fault-tolerant quantum computer has the potential ability to process larger swaths of data at faster rates than their classical counterparts, rendering current encryption methods vulnerable to attack.

“DHS has also provided guidance regarding the emergence of cryptographically relevant quantum computers in the coming years that pose risks for sensitive data maintained by critical infrastructure entities,” the guidance says, referencing the draft documents jointly produced by DHS and NIST and released in late 2023.  

The Cybersecurity and Infrastructure Security Agency will helm coordination efforts to address these risks to critical infrastructure as directed by DHS Secretary Alejandro Mayorkas. These priority areas will also be addressed in the forthcoming 2025 National Infrastructure Risk Management Plan, which will replace the 2013 National Infrastructure Protection Plan.