The US National Security Agency [3], in collaboration with various organizations [2], has released new joint guidance on deploying AI systems securely [3]. The guidance aims to enhance the confidentiality [2], integrity [2], and availability of AI systems [2].
Description
The guidance [2] [3], from the NSA’s Artificial Intelligence Security Center (AISC) [2] [3], outlines best practices in three categories: preparing IT networks for AI implementation [3], security measures during deployment [3], and longer-term best practices [3]. Recommendations include managing deployment environment governance [3], validating AI systems [1] [3], enforcing strict access controls [3], and preparing for disaster recovery [3]. The Cybersecurity Information Sheet on ‘Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems’ covers access controls [4], audits [1] [4], penetration testing [1] [4], logging [1] [4], monitoring [1] [4], and patching [4], emphasizing the importance of secure design and validation before deployment [4]. Dr. Andrew Bolster highlights the trend of focusing on secure software development processes for AI system security [4], with recommendations for collaborative efforts between Data Science and operational Cybersecurity teams [4]. This shared responsibility model aims to establish a proactive and resilient posture for managing application security [4]. Organizations are encouraged to review and apply this guidance [2], along with previously published joint guidance on securing AI systems [2], to reduce the risks of intellectual property theft or misuse [3]. Organizations launching AI systems are advised to manage environment governance [1], strengthen architecture and configurations [1], and defend deployment networks from threats [1]. Recommendations include systems validation [1], API security [1], model behavior monitoring [1], access controls [1] [3] [4], penetration testing [1] [4], audits [1] [4], logging [1] [4], monitoring [1] [4], patches [1], user training [1], and disaster recovery preparations [1]. Secure by design systems are preferred for AI deployment [1].
Conclusion
The guidance provided by the NSA’s AISC on deploying AI systems securely is crucial for organizations looking to enhance the security of their AI systems. By following the best practices outlined in the guidance, organizations can reduce the risks of intellectual property theft or misuse [3]. It is important for organizations to prioritize secure software development processes and collaborate between Data Science and operational Cybersecurity teams to establish a proactive and resilient posture for managing application security. As AI systems continue to evolve, it is essential for organizations to stay updated on the latest security measures and best practices to ensure the security and integrity of their AI systems.
References
[1] https://www.scmagazine.com/brief/new-five-eyes-ai-security-guidelines-unveiled
[2] https://www.redpacketsecurity.com/cisa-joint-guidance-on-deploying-ai-systems-securely-20-04-2024/
[3] https://www.infosecurity-magazine.com/news/nsa-launches-guidance-secure-ai/
[4] https://professionalsecurity.co.uk/news/government/deploying-ai-systems-best-practices/
