1、 ARTIFICIAL INTELLIGENCE DHS Needs to Improve Risk Assessment Guidance for Critical Infrastructure Sectors Report to Congressional Addressees December 2024 GAO-25-107435 United States Government Accountability Office United States Government Accountability Office Highlights of GAO-25-107435,a report

2、 to congressional addressees December 2024 ARTIFICIAL INTELLIGENCE DHS Needs to Improve Risk Assessment Guidance for Critical Infrastructure Sectors What GAO Found Federal agencies with a lead role in protecting the nations critical infrastructure sectors are referred to as sector risk management ag

3、encies.These agencies,in coordination with the Department of Homeland Securitys(DHS)Cybersecurity and Infrastructure Security Agency(CISA),were required to develop and submit initial risk assessments for each of the critical infrastructure sectors to DHS by January 2024.Although the agencies submitt

4、ed the sector risk assessments to DHS as required,none fully addressed the six activities that establish a foundation for effective risk assessment and mitigation of potential artificial intelligence(AI)risks.For example,while all assessments identified AI use cases,such as monitoring and enhancing

5、digital and physical surveillance,most did not fully identify potential risks,including the likelihood of a risk occurring.None of the assessments fully evaluated the level of risk in that they did not include a measurement that reflected both the magnitude of harm(level of impact)and the probabilit

6、y of an event occurring(likelihood of occurrence).Further,no agencies fully mapped mitigation strategies to risks because the level of risk was not evaluated.Extent to Which the Sector Risk Management Agencies(SRMA)Have Addressed Six Activities in Their Sector Risk Assessments of Artificial Intellig