PRESS RELEASE | April 15, 2024. NSA Publishes Guidance for Strengthening AI System Security

FORT MEADE, Md. – The National Security Agency (NSA) is releasing a Cybersecurity Information Sheet (CSI) today, “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems.”The CSI is intended to support National Security System owners and Defense Industrial Base companies that will be deploying and operating AI systems designed and developed by an external entity.

“AI brings unprecedented opportunity, but also can present opportunities for malicious activity. NSA is uniquely positioned to provide cybersecurity guidance, AI expertise, and advanced threat analysis,” said NSA Cybersecurity Director Dave Luber.

The CSI is the first release from NSA’s Artificial Intelligence Security Center (AISC), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre (NCSC-NZ), and United Kingdom National Cyber Security Centre (NCSC-UK).

While intended for national security purposes, the guidance has application for anyone bringing AI capabilities into a managed environment, especially those in high-threat, high-value environments.  It builds upon the previously released Guidelines for Secure AI System Development and Engaging with Artificial Intelligence.

This is the first guidance led by the Artificial Intelligence Security Center (AISC) and postures the center to support one of its central goals: improving the confidentiality, integrity, and availability of AI systems.

NSA established the AISC in September of 2023 as a part of the Cybersecurity Collaboration Center (CCC). The AISC was formed to detect and counter AI vulnerabilities; drive partnerships with industry and experts from U.S. industry, national labs, academia, the IC, the DoD, and select foreign partners; develop and promote AI security best practices; and ensure NSA’s ability to stay in front of adversaries’ tactics and techniques.

The AISC plans to work with global partners to develop a series of guidance on AI security topics as the field evolves, such as on data security, content authenticity, model security, identity management, model testing and red teaming, incident response, and recovery.

Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.