NSA Launches Guidance for Secure AI Deployment
22-Apr-24
New guidance on how to deploy AI systems securely has been published by the US National Security Agency in collaboration with six government agencies from the US and other Five Eyes countries.
The guidance, launched on April 15, is the first document published by the NSA’s Artificial Intelligence Security Center (AISC), created in September 2023.
It provides a list of best practices divided into three categories that refer to the three main steps of AI deployment:
1. Secure the deployment environment
2. Continuously protect the AI system
3. Secure AI operation and maintenance
The first set of best practices is designed to help organizations prepare their IT networks to implement AI systems securely. They cover the following domains:
1. Manage deployment environment governance 2. Ensure a robust deployment environment architecture, 3. Harden deployment environment configurations, 4. Protect deployment networks from threats with a zero trust mindset
The second set of recommendations refers to the security measures organizations should take while deploying AI systems. The NSA advised them to treat AI tools like other types of software, with vulnerabilities, weaknesses, or malicious code or properties.
They include specific security measures, such as the following:
1. Validate the AI system before and during use, 2. Secure exposed APIs, 3. Actively monitor model behavior, 4. Protect model weights
Finally, the last set of recommendations outlines longer-term best practices when using AI systems.
They are specific security measures organizations should take when incorporating AI tool use within their organization-approved IT processes and procedures. They include the following:
1. Enforce strict access controls, 2. Ensure user awareness and training, 3. Conduct audits and penetration testing, 4. Implement robust logging and monitoring
