CISA Incident: Government Data on ChatGPT

Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA) in the United States, unintentionally uploaded sensitive information to a public version of ChatGPT. The episode, reported by Politico, has raised significant concerns about the security of government data.

Incident Details

According to sources from the Department of Homeland Security (DHS), Gottumukkala uploaded confidential CISA contracting documents. This triggered multiple internal cybersecurity alerts designed to prevent the theft or unauthorized disclosure of government material from federal networks.

Internal Policies and Alternatives

Gottumukkala had obtained special permission to use ChatGPT, despite most DHS staff being excluded from using it. The DHS encourages its employees to use approved AI-powered tools, such as DHSChat, which is configured to prevent queries or documents entered from leaving federal networks.

Data Sovereignty and Implications

The incident underscores the importance of data sovereignty and control in the use of artificial intelligence tools, especially when dealing with sensitive government information. Choosing platforms and models with adequate security guarantees and the ability to operate within controlled infrastructures is crucial to mitigate the risks of unauthorized disclosure.