Guidelines for Secure AI System Development Issued by NSA, NCSC-UK, CISA, and Partners

The National Security Agency (NSA), UK National Cyber Security Centre (NCSC-UK), U.S Cybersecurity and Infrastructure Security Agency (CISA), and other collaborators have jointly released a “Guidelines for Secure AI System Development,” a Cybersecurity Information Sheet (CSI).

The report aims to assist developers, providers, and system owners in creating, deploying, and operating secure Artificial Intelligence (AI) systems. This includes systems used in National Security Systems (NSS), by the Department of Defense (DoD), and the Defense Industrial Base (DIB).

Rob Joyce, NSA Cybersecurity Director, emphasized the importance of incorporating security into AI development, stating, “We wish we could rewind time and bake security into the start of the internet. We have that opportunity today with AI. We need to seize the chance.”

Key points from the CSI include:

  1. Security Vulnerabilities: AI systems face security vulnerabilities, with a specific mention of “adversarial machine learning” (AML) attacks. These attacks exploit fundamental weaknesses in machine learning (ML) systems, spanning hardware, software, workflows, and supply chains.
  2. Secure by Design: The CSI emphasizes that secure design principles should be integral to AI systems. Providers of AI components are urged to implement security controls within their ML models, pipelines, and systems by design and by default.
  3. Four Key Areas: The CSI focuses on four critical areas of AI system development: secure design, secure development, secure deployment, and secure operation.
  4. Collaborative Authorship: The UK National Cyber Security Centre (NCSC-UK) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) collaborated in co-authoring the CSI with NSA and other partners.

The issuing agencies stress that while the CSI provides essential guidance for securing AI systems, it does not replace general cybersecurity best practices and risk management programs. Recommendations within the CSI should be considered in conjunction with established cybersecurity practices and incident response strategies.