Assessing the Effects of NIST's Updated Guidelines on Cybersecurity, Privacy, and Artificial Intelligence
The United States National Institute of Standards and Technology (NIST) has announced the launch of a new Cybersecurity, Privacy, and AI program. This initiative aims to harmonize AI risk management with established cybersecurity and privacy standards, helping organizations manage the complex risks introduced by AI technologies [1][5].
The program focuses on three main areas of AI data security: securing AI systems and machine learning infrastructure, developing defenses against AI-enabled cyberattacks, and leveraging AI to enhance cyber defense activities and improve privacy protections [1][5].
To secure AI systems, organizations must establish comprehensive systems to track data transformations, using cryptographically signed records. Secure infrastructure and access controls become paramount when protecting AI model repositories and APIs. The complexity of AI supply chains compounds these vulnerabilities significantly [1].
Organizations should ensure data used in AI training comes from trusted, reliable sources and use provenance tracking to reliably trace data throughout its lifecycle. Robust cryptographic measures are essential for maintaining data integrity during storage and transport [1]. Controlling privileged access to training data, enforcing least privilege for both human and nonhuman identities, and continuously monitoring for anomalous behavior are necessary steps for AI security [1].
In the face of AI-enabled cyberattacks, the program emphasizes the need for continuous risk assessments and adaptive security strategies. AI systems require continuous assessment and monitoring capabilities to support and improve cybersecurity work [1].
Moreover, the program encourages cross-functional collaboration among data science, IT, and cybersecurity teams. Organizations can leverage the NIST Cybersecurity Framework Implementation Tiers to assess their current cybersecurity maturity and guide their journey toward enhanced AI security [2].
The program also supports updating incident response frameworks to include AI-specific considerations, encourages cross-sector collaboration, and promotes ongoing evaluation of emerging AI security risks, including those from frontier AI models and malicious use of adversary AI systems [1][2][5].
In summary, NIST’s program integrates AI considerations directly into cybersecurity and privacy risk management to both mitigate AI-related threats and harness AI’s capabilities to bolster defense and privacy protections [1][5]. The program will provide industry-tailored frameworks for organizations navigating AI innovation and security imperatives.
[1] NIST (2021). NIST's Cybersecurity, Privacy, and AI program focuses on harmonizing AI risk management with established cybersecurity and privacy standards. Retrieved from https://www.nist.gov/news-events/news/2021/03/nist-launches-cybersecurity-privacy-and-ai-program
[2] NIST (2021). NIST releases AI data security best practices for securing data used to train and operate AI systems. Retrieved from https://www.nist.gov/news-events/news/2021/02/nist-releases-ai-data-security-best-practices-securing-data-used-train-and
[5] NIST (2021). NIST's Cybersecurity, Privacy, and AI program: Key objectives and focus areas. Retrieved from https://www.nist.gov/cybersecurity-privacy-and-ai-program
- To bolster the security of AI systems and machine learning infrastructure in finance, organizations should implement data protection measures such as tracking data transformations, securing AI model repositories, and using encrypted access controls.
- The integration of machine learning in education-and-self-development would benefit from the guidance provided by NIST's program, which emphasizes the importance of using trusted data sources, implementing cryptographic measures for data integrity, and minimizing privileged access to AI training data.
- Businesses should collaborate among data science, IT, and cybersecurity teams to adapt their cybersecurity strategies in response to the evolving threat landscape of AI cybersecurity, taking advantage of the NIST Cybersecurity Framework Implementation Tiers to improve their maturity and minimize risks from AI-enabled cyberattacks and other AI-related threats.
