Madhu Gottumukkala, the Acting Director of the Cybersecurity and Infrastructure Security Agency, ignited internal security alarms by uploading confidential documents to ChatGPT. This incident prompts critical inquiries regarding cybersecurity protocols at CISA.
The Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), the preeminent cybersecurity authority in the United States, was implicated in a noteworthy security breach last year.
Madhu Gottumukkala uploaded sensitive government documents to a public iteration of ChatGPT. Information acquired by Politico from four Department of Homeland Security (DHS) officials indicates that this act activated multiple automated security alerts.
These alerts are intended to safeguard against theft or inadvertent release of government documents from federal systems. Notably, these systems reportedly issued alarms several times during the initial week of August alone.
Gottumukkala leveraged a specific exemption to gain access to the AI chatbot, a privilege he sought from CISA’s Chief Information Officer shortly after assuming his duties in May. At that juncture, the application was restricted solely to standard DHS personnel.
Although the uploaded files were not classified, they were contract documents labeled “For Official Use Only,” denoting sensitive content designated for internal circulation.
The incident is rendered more contentious by the technical characteristics of the tool employed. Inputs submitted to the public version of ChatGPT are relayed to OpenAI, the developer, and could theoretically be utilized to refine the model or address queries from other users.
Conversely, officially sanctioned AI tools within the Department of Homeland Security, such as the in-house “DHSChat,” are designed to ensure that no data or search inquiries exit the secure federal networks.
OpenAI boasts a user base exceeding 700 million active participants, thereby accentuating the risk of potential data exposure.
Simultaneously, CISA is endeavoring to mitigate the repercussions. Spokesperson Marci McCarthy asserted that the usage was approved, temporally limited, and conducted under security protocols. She further contested the established timeline, claiming that the director ceased using the tool in mid-July.
This assertion contradicts statements from officials who reported that security sensors continued to detect uploads into early August. An internal probe is currently underway to ascertain whether the incident inflicted any substantive damage.
This debacle forms part of a series of controversies surrounding Gottumukkala, who allegedly previously failed a counterintelligence polygraph examination.
Source link: Notebookcheck.net.
