CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology.
This guidance aims to help critical infrastructure owners and operators integrate artificial intelligence (AI) into operational technology (OT) systems securely, balancing the benefits of AI—such as increased efficiency, enhanced decision-making, and cost savings—with the unique risks it poses to the safety, security, and reliability of OT environments.
The document focuses on machine learning (ML), large language models (LLMs), and AI agents due to their complex security challenges, but is also applicable to systems using traditional statistical modeling and logic-based automation.
Key Principles for Secure AI Integration:
- Understand AI: Educate personnel on AI risks, impacts, and secure development lifecycles.
- Assess AI Use in OT: Evaluate business cases, manage OT data security risks, and address immediate and long-term integration challenges.
- Establish AI Governance: Implement governance frameworks, test AI models continuously, and ensure regulatory compliance.
- Embed Safety and Security: Maintain oversight, ensure transparency, and integrate AI into incident response plans.
Critical infrastructure owners and operators are encouraged to adopt these principles to maximize AI benefits while mitigating risks. For further details, review the full guidance.
For more information on related resources, visit CISA’s Artificial Intelligence and Industrial Control Systems webpages.
Read the original article: