The Cybersecurity and Infrastructure Security Agency published security and security guidelines for critical infrastructure on Monday, a decision that occurs just a few days after the Ministry of Homeland Security has announced the training of a security and security board focused on the same subject. The directives for the owners and operators of critical infrastructure also fulfill CISA obligations under the October executive decree of the Biden administration on artificial intelligence.
The guidelines aim to approach both the opportunities made possible by artificial intelligence for critical infrastructure – which extends over 16 sectors, including agriculture and information technologies – and the ways they could be armed or poorly used. CISA requests operators and owners of critical infrastructure to govern, map, measure and manage their use of technology, incorporating the National Institute of Standards and Technology IA risk management framework.
“Based on the expertise of the CISA as a national coordinator for the security and resilience of critical infrastructure, the DHS directives are the transversal analysis of the AI specific risk agency for the critical infrastructure sectors and will serve key tools to help owners and operators to mitigate the risk of infrastructure”, the director of Cisa Jen Easterly in a declaration.
The guidelines emphasize a range of steps, including understanding the dependencies of AI providers with which operators could work and the inventory of AI use cases. They also encourage owners of critical infrastructure to create procedures to report IA security risks and continually test AI systems for vulnerabilities.
Opportunities related to the IA SPAN categories, in particular operational awareness, customer service automation, physical security and forecasts, according to directives. At the same time, the new document also warns that the risks of AI for critical infrastructure could include facilitated attacks with AI, attacks aimed at AI systems and “failures in the design and implementation of AI”, which could cause potential dysfunctions or other unexpected consequences.
“The AI can present transformative solutions for American critical infrastructure, and it also involves the risk of making these systems vulnerable in new ways to critical failures, physical attacks and cyber attacks. Our department takes measures to identify and mitigate these threats, “said internal security secretary Alejandro Mayorkas in a statement.
The DHS has been particularly active in recent months on artificial intelligence, especially with the release of its AI roadmap in March. Earlier this month, the Department announced that the Office of Management and Budget Alun Michael Boyce would direct its body AI, a group of 50 experts in technology that the agency aims to hire until 2024. The ministry also brought to the managers of the Technology Company – notably Sam Altman of Openai and Sundar Pichai from the alphabet – to help with its new board of directors critical infrastructure.