The Cybersecurity and Infrastructure Security Agency (CISA) released joint guidance with U.S. and international partners that covers key principles for securely integrating artificial intelligence (AI) into operational technology (OT) systems.The document published Wednesday was co-authored by CISA and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in collaboration with partners including the Federal Bureau of Investigation (FBI) and National Security Agency’s Artificial Intelligence Security Center (NSA AISC).The four main principles covered in the document are: understanding AI risks, considering AI use cases, establishing AI governance frameworks, and embedding safety and security practices into AI and AI-enabled OT systems.“AI holds tremendous promise for enhancing the performance of operational technology environments – but that promise must be matched with vigilance. OT systems are the backbone of our nation’s critical infrastructure, and integrating AI into these environments demands a thoughtful, risk-informed approach,” CISA Acting Director Madhu Gottumukkala said in a statement accompanying the guidance.
Integration of AI into OT systems can include the use of models to detect anomalies or predict maintenance needs. Securely deploying these systems includes ensuring the protection of OT data, defending against AI-specific threats such as prompt injection, and implementing failsafes to prevent downtime of critical systems.These safety measures are especially crucial due to the impact of OT disruptions on physical systems and critical infrastructure, and the frequent targeting of OT systems by adversaries and threat groups.Related reading:
Understanding unique AI security and resilience risks in OT
Securely integrating AI in OT begins with understanding the unique challenges and limitations of AI, including model drift, hallucinations, lack of explainability for AI model decision-making and the risks associated with using sensitive OT data for model training.Traditional cybersecurity measures must be extended to account for AI-specific threats like data poisoning and prompt injection, and extra consideration must be given to protecting the data that goes into AI models and internet-connected AI systems, such as those that rely on cloud computing.CISA and its partners recommend OT owners and operators fully understand the measures that go into each stage of the AI lifestyle, from secure design and development of the models themselves to continuous monitoring and maintenance of deployed systems, with further guidance provided by the CISA and UK National Cyber Security Centre (NCSC) joint Guidelines for Secure AI System Development.The document emphasizes proper training of personnel to prevent overreliance on AI systems and ensure staff understand how to troubleshoot AI systems and properly interpret AI outputs.“The guidance also encourages caution around LLM-first approaches for making safety decisions in OT environments, based on unpredictability and limited explainability, creating unacceptable risk when human safety and operational continuity are on the line,” noted Marcus Fowler, CEO of Darktrace Federal, in comments to SC Media.
Data security risks and working with vendors on AI-OT integration
The guidance document encourages owners and operators to consider whether AI is the best solution for their use case while recognizing the challenges and complexities that come with integrating AI into critical OT systems.For example, an AI system designed to predict industrial generator failures could potentially decrease downtime and maintenance costs by detecting problems early but could also risk premature replacements if not working properly.Data security considerations for AI-OT integration add another layer of risk that must be considered when weighing these use cases, as OT datasets can be a valuable target for adversaries aiming to target critical infrastructure and physical systems. AI integration can create a new attack surface with potentially new vulnerabilities and internet-exposed access paths that further put these systems and data at risk, the guidance states.CISA and partners emphasize the importance of demanding transparency from vendors with regard to AI system security and data handling, including by ensuring vendors provide software bill of materials (SBOMs) for a clear view of AI system supply chains, vulnerability notifications, clear data usage policies and information about the ability to disable AI features if necessary.The guidance further recommends operators deploy systems with push-based architecture that pushes data outward from OT networks into AI systems rather than providing AI systems with persistent access into OT systems, and testing AI systems for safety impacts using test infrastructure prior to deployment in production environments.“Beyond remote access, an important defence is to reduce standing privileges in the environment so that in the event an identity is compromised the ‘blast radius’ is limited. This is especially important in the age of identity attacks and hybrid environments where one compromised identity can open up paths to privileged access on dozens of systems on-prem and in the cloud that organization’s aren’t aware of,” James Maude, field CTO at BeyondTrust, commented in an email to SC Media.
Governance and compliance considerations for AI in OT
Senior leadership, subject experts in OT, information technology (IT) and AI, and cybersecurity teams should all be included as key stakeholders in governance frameworks when it comes to AI-OT integration, the document states. Further clear roles, responsibilities and expectations should be established for everyone involved in the development, deployment, operation and maintenance of AI systems in OT environments.AI systems should be included in existing cybersecurity governance and assurance frameworks, including regular security audits and risk assessments, security controls such as encryption, access control and intrusion detection and continuous validation and verification procedures to ensure AI systems meet regulatory requirements.While few current OT regulatory standards specifically address AI integration, the guidance document points to specific standards from the European Telecommunications Standards Institute’s (ETSI’s) Technical Committee Securing Artificial Intelligence to consider, including ETSI TR 104 128 on cybersecurity for AI models and systems, ETSI TS 104 223 on baseline cybersecurity requirements for AI systems and ETSI TR 104 048 on data supply chain security. The guidance also notes that risk assessments for AI systems should incorporate AI-specific tactics, techniques and procedures (TTPs) in threat modeling, such as those included in the MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS) Matrix.
Human oversight, failsafes key for secure AI-OT integration
The CISA joint guidance concludes with a section emphasizing the importance of human-in the-loop decision-making, failsafe mechanisms and anomaly detection when integrating AI into OT systems.The guidance recommends the use of behavioral analytics to help recognize issues with models that could lead to performance, safety or security risks.“It’s encouraging to see a strong focus on behavioral analytics, anomaly detection, and the establishment of safe operating bounds that can identify AI drift, model changes, or emerging security risks before they impact operations. This shift from static thresholds to behavior-based oversight is essential for defending cyber-physical systems where even small deviations can carry significant risk,” said Fowler.The ability for AI systems to “fail gracefully” is crucial for preventing major disruptions to critical operations, the document states, recommending that incident response plans include mechanisms for bypassing and replacing AI systems. Additionally, human oversight and the ability for humans to intervene in decision-making processes improve reliability and allow for quicker responses to errors and emergencies. “Taken together, these principles reflect a maturing understanding that AI in OT must be paired with continuous monitoring, and transparent and distinct identity controls,” said Fowler.
The National Testing Agency announced the restrictions on Tuesday, aiming to disrupt cheating networks that allegedly use Telegram to sell fake exam papers and spread misinformation before the NEET re-test scheduled for June 21.
