The Cybersecurity and Infrastructure Security Agency (CISA) – along with Australian and other international government partners – released on Dec. 3 a new guide for the secure integration of artificial intelligence (AI) capabilities into operational technologies (OT).
The guide “provides four key principles that will help critical infrastructure OT owners and operators mitigate unique risks and achieve a balanced integration of AI into OT environments,” CISA said.
The agency said the four principles focus on:
- Understanding AI risks, impacts, and secure development lifecycles;
- Assessing business cases for AI use and integration into OT tech, managing OT data security risks, and immediately addressing long-term integration challenges;
- Putting in place AI governance frameworks, continuously testing AI models, and ensuring regulatory compliance; and
- Embedding safety and security and integrating AI into incident response plans.
“This joint guide focuses on machine learning – and large language model-based AI, and AI agents,” CISA said in a press release. “However, this guidance may also be applied to systems augmented with traditional statistical modeling and other logic-based automation.”
CISA Acting Director Madhu Gottumukkala said, “OT systems are the backbone of our nation’s critical infrastructure, and integrating AI into these environments demands a thoughtful, risk-informed approach. This guidance equips organizations with actionable principles that AI adoption strengthens – not compromises–the safety, security, and reliability of essential services.”?
Nick Andersen, executive assistant director for cybersecurity at CISA, added, “The integration of AI into critical infrastructure brings both opportunity and risk.”
“While AI can enhance the performance of OT systems that power vital public services, it also introduces new avenues for adversarial threats,” he continued.
Leave a Reply