The U.S. Department of Homeland Security (DHS) has released new guidelines on the safe and secure deployment of artificial intelligence in the nation’s critical infrastructure. Developed in collaboration with representatives from businesses, government agencies, and public organizations, the document aims to assist companies in implementing AI in vital sectors in a secure manner.
These recommendations are focused on safeguarding systems such as energy supply, water supply, transportation, and digital networks that are essential for people’s lives and safety. While AI has been increasingly utilized to enhance services – from quickly detecting earthquakes to preventing disruptions in electricity supply and improving mail delivery – there is a concern that vulnerabilities in AI systems could be exploited by malicious actors for attacks.
The recommendations address several key areas:
- Suppliers of cloud and computing services are advised to enhance security during AI development and deployment, including vetting equipment and software suppliers and safeguarding data centers from potential threats.
- AI developers are encouraged to follow the Secure by Design approach in model development, assess risks related to bias or vulnerabilities in models, and provide independent checks for critical systems.
- Owners and operators of critical infrastructure are urged to implement AI with cybersecurity in mind, protect customer data, and ensure transparency in AI usage for service delivery.
- Civil society, universities, and research centers are recommended to actively participate in setting standards and conducting research to evaluate the societal impact of AI.
- Government agencies are advised to enhance collaboration at all levels, including international cooperation, to protect citizens and support security-related research.
The Department of Homeland Security has identified three main categories of vulnerabilities when using AI: AI-based attacks, attacks on AI systems, and errors in technology design and implementation. The recommendations put forth measures for all stakeholders involved in AI development and use to mitigate risks and ensure the security of the United States’ critical infrastructure.
Earlier, the Transportation Security Administration (TSA) in the U.S. introduced new regulations to safeguard transportation infrastructure from cyber threats. These measures are intended to supplement the temporary directives established after the 2021 attack on the Colonial Pipeline. The new rules represent one of the final cybersecurity initiatives by the Joe Biden administration to fortify critical infrastructure security before the change in administration.