CISA Issues New AI Security Guidance for Critical Infrastructure
AI is creeping into the systems that keep the lights on. Security is struggling to keep up.
That growing gap is what prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to issue guidance on the risks AI poses to operational technology. The agency is especially concerned about how AI implementations might lead to data breaches and other threats across the many operational technology (OT) environments that manage essential public services.
OT refers to the systems that keep power grids, water treatment, and industrial processes running. It includes hardware and software, such as industrial control systems and monitoring systems.
In recent years, utility systems, pipelines, and building control systems have been repeatedly hacked because they have not historically been supported by adequate cybersecurity measures. With these systems now connected to the internet and using sensors connected to the Industrial Internet of Things (IIoT), this problem has become all the more apparent.
“A major challenge will be addressing skill gaps in OT teams, especially where it relates to AI,” Floris Dankaart, lead product manager for Managed eXtended Detection and Response (MXDR) at cybersecurity consulting firm NCC Group, told TechRepublic. “OT environments are typically much more structured than IT environments, which might be at odds with many modern AI applications.”
ChatGPT broadly used in OT environments
One of the drivers behind this CISA document has been the rise of AI across the enterprise and the broader business world.
Even in traditional OT environments such as pipelines, power plants, and utilities, ChatGPT and other generative AI tools are widely used due to their convenience. If organizations ban them, staff will still find a way, even if it is only to look something up on their phones.
This directly puts control systems, monitoring software, and building control applications at risk. These systems have increasingly become a target for hackers. Two reasons: they have not historically been supported by adequate cybersecurity measures, and they are now connected to the internet and using sensors.
The introduction to the bulletin reads:
“Since the public release of ChatGPT in November 2022, artificial intelligence (AI) has been integrated into many facets of human society. For critical infrastructure owners and operators, AI can potentially be used to increase efficiency and productivity, enhance decision-making, save costs, and improve customer experience. Despite the many benefits, integrating AI into operational technology (OT) environments that manage essential public services also introduces significant risks — such as OT process models drifting over time or safety-process bypasses — that owners and operators must carefully manage to ensure the availability and reliability of critical infrastructure.”
Global support
These guidelines were issued in cooperation with many other agencies from around the world.
This included the Australian Signals Directorate’s Australian Cyber Security Centre; US National Security Agency’s Artificial Intelligence Security Center; US Federal Bureau of Investigation; Canadian Centre for Cyber Security; German Federal Office for Information Security; Netherlands National Cyber Security Centre; New Zealand National Cyber Security Centre; and United Kingdom National Cyber Security Centre.
“That kind of coordination is rare and signals the importance of this issue,” said Dankaart. “Equally important, most AI-guidance addresses IT, not OT.”
The CISA directive provides critical infrastructure owners and operators with a wealth of information on integrating AI into OT environments. It is built around four key principles:
- Understand AI: Understand the unique risks and potential impacts of AI integration into OT environments, the importance of educating personnel on these risks, and the secure AI development lifecycle.
- Consider AI use in the OT domain: Assess the specific business case for AI in OT environments, manage OT data security risks, the role of vendors, and the immediate and long-term challenges of AI integration.
- Establish AI governance and assurance frameworks: Implement robust governance mechanisms, integrate AI into existing security frameworks, continuously test and evaluate AI models, and consider regulatory compliance.
- Embed safety and security practices into AI and AI-enabled OT systems: Implement oversight mechanisms to ensure the safe operation and cybersecurity of AI-enabled OT systems, maintain transparency, and integrate AI into incident response plans.
Heightened risk
As generative AI becomes prevalent across industrial environments, critical infrastructure becomes more vulnerable.
AI data, models, and deployment software can be manipulated to produce incorrect results or to bypass security and functional safety measures or guardrails. Bad actors can gain entry and cause severe harm to vital services. Imagine fake prompt injections being used to shut down power grids, empty water supplies, or interfere with air traffic control.
Fortunately, traditional cybersecurity measures like access control, auditing, and encryption can be applied to AI-enabled OT systems. The CISA guidance details how to mitigate these risks. However, a lack of cybersecurity know-how within the OT sector could derail these efforts. Utilities, power plants, and other industrial facilities have markedly improved in recent years in their ability to deal with cyberthreats. But they lack the sophistication of their IT cousins.
Dankaart recommends that industrial organizations remain cautious when implementing AI. They should start by understanding how AI applies to the intended use case. They should begin with small pilot projects and pay attention to security every step of the way.
Also read: Malicious Chrome extensions exposed AI chats for hundreds of thousands of users, showing how quickly everyday tools can become security liabilities.
About Author
