This voice is automatically generated. Please let us know if you have any feedback.
The U.S. government and key Western allies on Wednesday released guidance to help critical infrastructure operators safely use artificial intelligence.
Guidance document describes four key principles for integrating AI into operational technology and details the issues that infrastructure operators should consider when implementing AI. This advice includes general risk awareness, needs and risk assessment, AI model governance, and operational failsafes.
CISA, FBI, and NSA worked with cybersecurity agencies in Australia, Canada, Germany, the Netherlands, New Zealand, and the United Kingdom to develop the guidance.
This document urges businesses to understand the inherent risks of AI, educate employees on the use of automated systems, create clear justifications for using AI, and Strong expectations for security Work with vendors to carefully assess the challenges of integrating AI into existing operational technology. The document also states that companies should develop clear AI use and accountability procedures, thoroughly test AI systems before deployment, and continually verify that AI complies with regulatory and safety requirements.
Companies will also need to oversee their AI systems, including through human-involved protocols that ensure AI models never take potentially dangerous actions without human oversight, the document said. The document states that AI systems require “fail-safe mechanisms to ensure that AI systems can be gracefully shut down without disrupting critical operations,” and that companies need to update their cyber incident response plans to account for new uses for AI.
Additionally, the guidance warns that “critical infrastructure owners and operators should review how they are integrating AI systems into their existing procedures and develop new safe use and implementation procedures that focus on integrating AI systems into their OT environments.”
emphasize vigilance
Since the AI frenzy began, the U.S. government has sought to temper critical infrastructure operators’ enthusiasm for the technology by warning about its risks.
Department of Homeland Security in November 2024 The proposed breakdown has been published It brings together the AI-related roles of different entities in critical infrastructure areas, from developers to cloud providers to infrastructure operators themselves. And in July, White House AI Action Plan Directed DHS to expand sharing of AI-related security alerts with infrastructure providers. Although the plan primarily touted the benefits of AI, it also acknowledged that “the use of AI in cyberinfrastructure and critical infrastructure exposes those AI systems to adversarial threats.”
Critical infrastructure systems are already Full of security vulnerabilitiesAnd government officials are concerned that infrastructure providers are creating new weaknesses by implementing AI in novel ways without adequate safeguards. Many infrastructure providers, especially in widely distributed communities like the water sector, have tight security budgets and lack dedicated security personnel, making it less likely that someone within the organization will hold back as executives race to deploy the latest and exciting technology.
