The US National Security Agency (NSA) released a cybersecurity information (CSI) sheet on April 15 aimed at helping private defense and security companies securely implement AI systems developed by other organizations. The NSA, the US intelligence agency primarily responsible for surveilling foreign communications, released the guidance through its newly formed Artificial Intelligence Security Center (AISC).
“AI brings unprecedented opportunity, but also can present opportunities for malicious activity. NSA is uniquely positioned to provide cybersecurity guidance, AI expertise, and advanced threat analysis,” said Dave Luber, the NSA’s cybersecurity director, in the AISC’s press release.
Although the new AI guidance was developed with national security goals in mind, its tenets can be adopted by just about any public or private organization looking to implement AI systems in its operations.
The new guidance builds on two of its previous AI reports focused on the secure development and the secure operation and maintenance of AI systems. The overarching goals of the new guidance, titled “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems,” are to:
- Assure that known cybersecurity vulnerabilities in AI systems are appropriately mitigated; and
- Provide methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services.[1]
The NSA established the AISC in September 2023 in conjunction with the FBI and signals intelligence agencies of Canada, the UK, Australia, and New Zealand to improve the confidentiality, integrity, and availability of AI systems. The AISC is part of the Cybersecurity Collaboration Center (CCC), and aims to:
- Detect and counter AI vulnerabilities;
- Drive partnerships with industry and experts from US industry, national labs, academia, the IC, the DoD, and select foreign partners;
- Develop and promote AI security best practices;
- And ensure NSA’s ability to stay in front of adversaries’ tactics and techniques.
[1] https://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-DEPLOYING-AI-SYSTEMS-SECURELY.PDF