The U.S. government has taken a significant step towards enhancing national security by unveiling new security guidelines to protect critical infrastructure against artificial intelligence (AI)-related threats. The Department of Homeland Security (DHS) announced on Monday that the guidelines are a result of a comprehensive effort to assess AI risks across all sixteen critical infrastructure sectors.
The new guidance focuses on addressing threats both to and from AI systems, ensuring safe and responsible use of the technology without compromising individuals’ privacy and civil liberties. It highlights the potential risks associated with the use of AI to augment attacks on critical infrastructure, adversarial manipulation of AI systems, and shortcomings in AI tools that could lead to unintended consequences.
To mitigate these risks, the guidelines recommend establishing an organizational culture of AI risk management, understanding individual AI use context and risk profile, developing systems to assess and track AI risks, and prioritizing actions to address safety and security concerns.
The announcement comes shortly after the Five Eyes intelligence alliance, comprising Australia, Canada, New Zealand, the U.K., and the U.S., released a cybersecurity information sheet emphasizing the importance of secure deployment and configuration of AI systems. The alliance warned that malicious cyber actors could exploit AI capabilities for malicious purposes, underscoring the need for robust security measures.
Furthermore, recent research has highlighted vulnerabilities in AI systems, including prompt injection attacks that can manipulate AI models to produce harmful outputs. Cybercriminals and nation-state actors are increasingly leveraging AI for espionage, influence operations, and other malicious activities, posing a significant security threat.
As the use of AI continues to grow, it is crucial for organizations to implement best practices to secure AI deployment environments, review AI model sources, and enforce strict access controls to prevent exploitation by malicious actors. The government’s new security guidelines aim to provide a framework for critical infrastructure owners and operators to assess and mitigate AI risks effectively.