The Department for Science, Innovation and Technology (DSIT) has published a code of practice for maintaining high levels of cyber security when developing and using AI technologies.
It sets out how organisations using AI can protect themselves from a range of cyber threats such as AI attacks and system failures. It has been developed with the National Cyber Security Centre (NCSC) is intended to help developers build secure, innovative AI products that drive growth and fuel the Plan for Change.
The code of practice is based on 13 principles: raise awareness of threats and risks; design AI systems for security; evaluate threats and managing risks; enable human responsibility for systems; identify, track and protect assets; secure infrastructure; secure the supply chain; document data, models and prompts; conduct appropriate testing and evaluation; communicate and set up processes with end users and affected entities; maintain regular security updates, patches and mitigations; monitor the system’s behaviour; and ensure proper data and model disposal.
DSIT emphasised the importance of implementing cyber security training programmes which are focused on AI vulnerabilities, developing recovery plans following potential cyber incidents, and carrying out robust risk assessments.
It added that the code is voluntary, but will form the basis of a new global standard for secure AI through the European Telecommunications Standards Institute (ETSI).
Leading the way
Minister for Cyber Security Feryal Clark MP said: “The UK is leading the way in setting global benchmarks for secure innovation, ensuring AI is developed and deployed in an environment that protects critical systems and data which are central to delivering our Plan for Change.
“This will not only create the opportunities for businesses to thrive, secure in the knowledge that they can be better protected than ever before but support them in delivering cutting edge AI products that drive growth, improve public services, and put Britain at the forefront of the global AI economy.”
Ollie Whitehouse, chief technology officer of the NCSC, said: “The new code of practice, which we have produced in collaboration with global partners, will not only help enhance the resilience of AI systems against malicious attacks but foster an environment in which UK AI innovation can thrive.”
DSIT has also published an implementation guide for the code, and the Government response to its call for evidence on AI cyber security. The latter says there was overwhelming support for each of the 12 principles in the code – from 83% to 90% - along with feedback on the need for more detailed guidance.
