The UK's National Cyber Security Centre has teamed up with the US Cybersecurity and Infrastructure Security Agency to develop the world's first cybersecurity guidelines for AI.
The "Guidelines for Secure AI System Development" are designed to help developers of AI systems make informed cybersecurity decisions at every stage of the development process, according to the UK's National Cyber Security Centre (NCSC).
The guidelines apply to systems developed from scratch as well as those based on third-party tools and services. 17 other countries, including the United States, have pledged their support and participation in the new guidelines.
The goal of the guidelines is to raise the level of cybersecurity in AI and ensure that AI is designed, developed, and deployed securely. They promote a "security by design" approach, which ensures that cybersecurity is an essential requirement for the security of AI systems and is integrated from the outset and throughout the development process.
The guidelines are divided into four main areas: secure design, secure development, secure implementation, and secure operation and maintenance. They provide recommended behaviors to improve security.
- Secure design and development address issues such as understanding risk, threat modeling, supply chain security, and documentation.
- Secure implementation emphasizes the need for infrastructure and model protection, incident management, and responsible release.
- Secure Operation and Maintenance provides guidance on logging and monitoring, update management, and information sharing.
You can find the guidelines on the NCSC website.
International support for UK cyber guidelines
NCSC Chief Executive Lindy Cameron described the guidelines as "a significant step in shaping a truly global, common understanding of the cyber risks and mitigation strategies around AI to ensure that security is not a postscript to development but a core requirement throughout."
NCSC developed the guidelines in collaboration with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Industry experts and 21 other international agencies and ministries from around the world, including all members of the G7 and the Global South, also participated in the drafting process.
International signatories include Australia, Canada, Chile, Czech Republic, Estonia, France, Germany, Israel, Italy, Japan, New Zealand, Nigeria, Norway, Poland, Singapore, South Korea, the United Kingdom, and the United States.