The Inner Circle

 View Only
Back to discussions
Expand all | Collapse all

Joint Cybersecurity Information Deploying AI Systems Securely

  • 1.  Joint Cybersecurity Information Deploying AI Systems Securely

    Posted 14 days ago
      |   view attached

    Hi All,

    Executive summary
    Deploying artificial intelligence (AI) systems securely requires careful setup and configuration that depends on the complexity of the AI system, the resources required (e.g., funding, technical expertise), and the infrastructure used (i.e., on premises, cloud, or hybrid). This report expands upon the 'secure deployment' and 'secure operation and maintenance' sections of the Guidelines for secure AI system development and incorporates mitigation considerations from Engaging with Artificial Intelligence (AI). It is for organizations deploying and operating AI systems designed and developed by another entity. The best practices may not be applicable to all environments, so the mitigations should be adapted to specific use cases and threat profiles. [1], [2]
    AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.
    This report was authored by the U.S. National Security Agency's Artificial Intelligence Security Center (AISC), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Signals Directorate's Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom's National Cyber Security Centre (NCSC-UK). The goals of the AISC and the report are to:
    1. Improve the confidentiality, integrity, and availability of AI systems;
    2. Assure that known cybersecurity vulnerabilities in AI systems are appropriately mitigated; and
    3. Provide methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services.



    ------------------------------
    Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
    ------------------------------