In late April, the Cybersecurity and Infrastructure Security Agency (CISA) released Mitigating AI Risk: Safety and Security Guidelines for Critical Infrastructure Owners and Operators.
These new guidelines are designed to bolster security while enabling the use of AI across the 16 sectors of critical infrastructure, including verticals like communications, energy, finance, healthcare, information technology and several others.
The guidelines focus on both the opportunities AI affords and the ways the technology could be weaponized for misuse by cybercriminals or other threat actors.
What is CISA?
CISA is part of the U.S. Department of Homeland Security, established to protect the nation's critical infrastructure against cyber threats. They also work to ensure resilience and rapid response during emergency situations.
CISA plays a pivotal role in protecting the nation's cybersecurity posture, offering a range of policies, services and collaborative efforts.
Keynote: AI and the Future of Machine Identity Management
About CISA's guidelines for AI in critical infrastructure
The new cross-sector analysis presented in Mitigating AI Risk is a major step, and a first of its kind, designed to help infrastructure owners and operators alleviate risk as AI continues to become more prevalent in today's business operations.
The guidelines focus on three categories of system-level risk:
- Attacks using AI: Using AI to enhance, plan or scale cyber-physical attacks on critical infrastructure.
- Attacks targeting AI systems: Deeply targeted attacks on AI models that support critical infrastructure.
- Failures in AI design and implementation: Shortcomings in planning, structuring, implementing or executing AI tools or systems, which can lead to malfunctions or unexpected consequences.
To reduce these risks, CISA states that owners and users need to "govern, map, measure, and manage" their use of AI. Their guidelines employ a strategy built from NIST's AI risk management framework.
Govern
Establish a culture with AI in mind, but with a focus on risk management. It’s important to emphasize safety and security, as well as radical transparency in AI usage.
Map
Gain a comprehensive understanding of your company's AI uses and risks. That way, you can evaluate and mitigate effectively.
Measure
Once you have that comprehensive understanding, you can assess, analyze and track AI impacts using repeatable methods and metrics.
Manage
With keen understanding and specific metrics, you can prioritize and build risk management controls that allow you to fully leverage AI technology while decreasing risks.
The Generative AI Identity Crisis: Emerging AI Threatscapes and Mitigations
The role of machine identity security in AI system security
Machine identities help to secure trust and confidentiality, allowing you to authenticate and authorize machine-to-machine connections.
Machine identity security is essential to securing AI systems within critical infrastructure, providing visibility and automation over these machine identities, so you can swiftly identify unique versions and instances of AI systems, making it easy to deactivate any components that deviate from their intended behavior.
However, not all machine identity security platforms are made the same, and modern-day businesses need a single, centralized control plane to govern, map, measure and manage the machine identities related to their AI systems. That way, if a specific instance of a particular system’s version started acting erratically or outside its parameters, you could "pull the plug" and keep it from impacting other systems or outputs further downstream.
Harness the power of AI to slay machine identity complexity in seconds
As critical infrastructure sectors continue to adopt AI, machine identity security will continue to stand as the foundation of security.
With more AI inputs, more models and more outputs flowing through businesses every day, the verification and validation of AI systems has never been more important.
To learn more about how Venafi can help you maintain trust and security across your use of AI technologies, check out this detailed keynote from Machine Identity Management Summit 2023.