US and UK Agencies Team Up for AI Security

Artificial intelligence (AI) technology continues to develop and expand rapidly. The emergence of the technology has prompted security concerns and we’ve seen recent efforts to address the vulnerabilities of AI. President Biden issued an Executive Order to establish new standards for AI security and privacy practices. The Cybersecurity and Infrastructure Security Agency (CISA) released its Roadmap for Artificial Intelligence which provides a vision of leveraging AI to advance cyber defenses, protecting critical infrastructure from malicious AI, and the secure development of AI that prioritizes security.

Guidelines for Secure AI Systems Development

The latest round of AI guidance is the Guidelines for Secure AI Systems Development, a joint effort from CISA, the UK National Cyber Security Centre (NCSC), and more than a dozen other domestic and international cybersecurity organizations. The guidelines provide essential recommendations for AI system development and emphasize the importance of adhering to Secure by Design principles. The approach prioritizes ownership of security outcomes for customers, embraces transparency and accountability, and establishes organizational structures where secure design is a top priority.

The guidelines apply to all types of AI systems and provide suggestions and mitigations that will help data scientists, developers, and other key stakeholders make informed decisions about the secure design, deployment, and operation of their machine learning AI systems.

The new guidelines are broken down into these four key areas:

Secure Design

The Secure Design section contains guidelines that apply to the design stage of the AI system development life cycle. It covers understanding risks and threat modeling, as well as specific topics and trade-offs to consider in system and model design.

Secure Development

The Secure Development section contains guidelines that apply to the development stage of the AI system development life cycle, including supply chain security, documentation, and asset and technical debt management.

Secure Deployment

The Secure Deployment section contains guidelines that apply to the deployment stage of the AI system development life cycle, including protecting infrastructure and models from compromise, threat or loss, developing incident management processes, and responsible release.

Secure Operation and Maintenance

The Secure Operation and Maintenance section contains guidelines that apply to the secure operation and maintenance stage of the AI system development life cycle. It provides guidelines on actions particularly relevant once a system has been deployed, including logging and monitoring, update management and information sharing.

CISA and NCSC’s Guidelines for Secure AI System Development is a call to action for all stakeholders to be well-aware of the design, development, deployment, and operation of their AI systems to enable risk informed decisions for leveraging AI use in a safe and secure manner. AI systems are subject to many vulnerabilities, in addition to standard cyber threats, acting on the Secure by Design principle proposed in this guideline encourages the necessary preconditions required for the safety, resiliency, privacy, and reliability of AI systems.

At CompliancePoint we can help your organization design and implement a cybersecurity program that will allow it to better defend against and respond to cyber incidents. Contact us at connect@compliancepoint.com to learn more about our suite of services.