CISA & NCSC Discloses Guidelines for Secure AI System Development

The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) released the Guidelines for Secure AI System Development to address the integration of artificial intelligence (AI), cybersecurity, and critical infrastructure.

The Guidelines underline the significance of implementing Secure by Design principles and offer crucial advice for AI system development, complementing the U.S. Voluntary Commitments to Ensuring Safe, Secure, and Trustworthy AI.

The approach places a high value on customers owning security outcomes, radical transparency and accountability, and organizational structures that place a high focus on secure design.

“Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorized parties,” according to the guidelines released by CISA and NCSC.

The Guidelines for Secure AI System Development

New security flaws in AI systems must be considered in addition to the usual cyber security risks. As AI is developing rapidly, security is frequently neglected in favor of other factors.

Within the AI system development life cycle, the guidelines are divided into four major areas: secure design, secure development, secure deployment, and secure operation and maintenance.

Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register for Free

Secure Design

Guidelines for the design phase of the AI system development life cycle are included in this section such as:

• Raise staff awareness of threats and risks
• Model the threats to your system
• Design your system for security as well as functionality and performance
• Consider security benefits and trade-offs when selecting your AI model

Secure Development

This section includes suggestions relevant to the development stage of the AI system development life cycle such as:

• Secure your supply chain
• Identify, track, and protect your assets
• Document your data, models, and prompts
• Manage your technical debt

Secure Deployment

This section includes guidelines that apply to the deployment stage of the AI system development life cycle such as:

• Secure your infrastructure
• Protect your model continuously
• Develop incident management procedures
• Release AI responsibly
• Make it easy for users to do the right things

Secure Operation and Maintenance

Guidelines for the secure operation and maintenance phase of the AI system development life cycle are included in this section.

• Monitor your system’s behavior
• Monitor your system’s input
• Follow a secure-by-design approach to updates
• Collect and share lessons learned

CISA strongly advises all stakeholders, including data scientists, developers, managers, decision-makers, and risk owners, to read this guidance to aid in their decision-making about the development, implementation, and management of their machine learning artificial intelligence systems.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.