Artificial intelligence can boost efficiencies within U.S. civilian critical infrastructure. At the same time, AI introduces novel risks. This paper identifies and builds on existing best practices that can be used to scope and prioritize AI cybersecurity mitigations should Congress decide to regulate AI use in critical infrastructure.
Principles for Reducing AI Cyber Risk in Critical Infrastructure: A Prioritization Approach
AI-enabled technologies bring benefits to the systems behind daily life: transportation, utilities, healthcare, and more. But they also will pose unique risks to that same critical infrastructure. Assessing those risks is a challenge, given the rate of AI development, its scale, and interdependencies of civil systems. Congress is currently considering whether regulation will be needed to prevent potentially debilitating impacts on public health and safety, the economy, or national security.
In MITRE’s Principles for Reducing AI Cyber Risk in Critical Infrastructure: A Prioritization Approach, author; Chris Sledjeski, senior principal in MITRE’s Cyber Infrastructure Protection Innovation Center, says established cybersecurity best practices can help with scoping risk mitigation efforts and to inform the broader risk management discussion on AI assurance. It is necessary to adapt these existing best practices to identify, evaluate, prioritize, and mitigate AI-introduced risks to national critical functions. Also required: close collaboration with public and private stakeholders, particularly Sector Risk Management Agencies. Cooperation and information-sharing on these fronts will aid in the adoption and efficacy of any cybersecurity requirements applied to AI use in critical infrastructure high-risk functions.