News from the AI & ML world
DeeperML
@openssf.org
//
Global cybersecurity agencies, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners, have jointly released guidance on AI data security best practices. The new Cybersecurity Information Sheet (CSI) aims to address the critical importance of securing data used to train and operate AI systems, emphasizing that the accuracy, integrity, and trustworthiness of AI outcomes are directly linked to the quality and security of the underlying data. The guidance identifies potential risks related to data security and integrity throughout the AI lifecycle, from initial planning and design to post-deployment operation and monitoring.
Building on previous guidance, the new CSI provides ten general best practices organizations can implement to enhance AI data security. These steps include ensuring data comes from trusted, reliable sources using provenance tracking to verify data changes, using checksums and cryptographic hashes to maintain data integrity during storage and transport, and employing quantum-resistant digital signatures to authenticate and verify trusted revisions during training and other post-training processes. The guidance also recommends using only trusted infrastructure, such as computing environments leveraging zero trust architecture, classifying data based on sensitivity to define proper access controls, and encrypting data using quantum-resistant methods like AES-256.
The guidelines also emphasize the importance of secure data storage using certified devices compliant with NIST FIPS 140-3, which covers security requirements for cryptographic modules, and privacy preservation of sensitive data through methods like data masking. Furthermore, the agencies advise secure deletion of AI training data from repurposed or decommissioned storage devices. Owners and operators of National Security Systems, the Defense Industrial Base, federal agencies, and critical infrastructure sectors are urged to review the publication and implement its recommended best practices to mitigate risks like data supply chain poisoning and malicious data tampering.
References :
Building on previous guidance, the new CSI provides ten general best practices organizations can implement to enhance AI data security. These steps include ensuring data comes from trusted, reliable sources using provenance tracking to verify data changes, using checksums and cryptographic hashes to maintain data integrity during storage and transport, and employing quantum-resistant digital signatures to authenticate and verify trusted revisions during training and other post-training processes. The guidance also recommends using only trusted infrastructure, such as computing environments leveraging zero trust architecture, classifying data based on sensitivity to define proper access controls, and encrypting data using quantum-resistant methods like AES-256.
The guidelines also emphasize the importance of secure data storage using certified devices compliant with NIST FIPS 140-3, which covers security requirements for cryptographic modules, and privacy preservation of sensitive data through methods like data masking. Furthermore, the agencies advise secure deletion of AI training data from repurposed or decommissioned storage devices. Owners and operators of National Security Systems, the Defense Industrial Base, federal agencies, and critical infrastructure sectors are urged to review the publication and implement its recommended best practices to mitigate risks like data supply chain poisoning and malicious data tampering.
Share:
References :
- industrialcyber.co: Global cybersecurity agencies release AI data security guidelines, highlight data integrity as weakness
- www.scworld.com: AI data security best practices outlined by CISA and partners
- Tenable Blog: Check out expert recommendations for protecting your AI system data. Plus, boost your IT department’s cybersecurity skills with a new interactive framework.
Classification:
- HashTags: #AIData #DataSecurity #BestPractices
- Company: Google
- Target: AI Systems
- Product: AI
- Feature: AI Security
- Type: Research
- Severity: Informative