The U. K. state has introduced its “world-first” AI Cyber Code of Practice for companies developing AI techniques. The deliberate framework outlines 13 guidelines designed to mitigate risks like as AI-driven attacks, system problems, and data threats.
The voluntary code applies to engineers, program users, and information custodians at organisations that create, install, or control AI systems. Another pertinent rules apply to vendors of artificial intelligence that solely sell models or components.
” From achieving AI techniques against hacking and destroy, to ensuring they are developed and deployed in a safe manner, the Code will help designers build safe, innovative AI items that generate growth”, the Department for Science, Innovation, and Technology said in a media release.
Suggestions include implementing AI safety training programs, developing treatment strategies, carrying out risk assessments, maintaining stock, and communicating with end-users about how their information is being used.
To provide a structured guide, TechRepublic has collated the Code’s rules, who they apply to, and case advice in the following table.
| Principle | primarily applies to people | Example recommendation |
|---|---|---|
| Increase awareness of the risks and threats to AI security | System operators, developers, and data custodians | Train employees on the risks of AI security and update training as new threats emerge. |
| Design your AI system so that it has the best functionality and performance. | System operators and developers | Before creating an AI system, assess security risks and establish mitigation plans. |
| Evaluate the risks and manage the threats to your AI system. | System operators and developers | Regularly assess risks and manage AI-specific attacks like data poisoning. |
| Ensure that people are accountable for AI systems | System operators and developers | Ensure AI decisions are explainable and users understand their responsibilities. |
| Identify, track, and protect your assets | System operators, developers, and data custodians | Keep track of AI components and protect sensitive information. |
| Secure your infrastructure | System operators and developers | Apply security measures to AI models and enact restrictions on access to them. |
| Secure your supply chain | System operators, developers, and data custodians | Before adapting models that aren’t well-documented or secured, conduct a risk assessment. |
| Document your data, models, and prompts | Developers | Release model component cryptographic hashes that are made available to other parties to verify their authenticity. |
| Conduct appropriate testing and evaluation | System operators and developers | Make sure it is impossible to reverse engineer non-public aspects of the model or training data. |
| End-users and affected entities communication and procedures associated with them | System operators and developers | Convey to end-users where and how their data will be used, accessed, and stored. |
| Maintain regular security updates, patches, and mitigations | System operators and developers | Provide system operators with security patches and updates, as well as security updates. |
| Monitor your system’s behaviour | System operators and developers | Analyze AI system logs for anomalies and security risks continuously. |
| Ensure proper data and model disposal | System operators and developers | After transferring or sharing ownership, you can safely dispose of training data or models. |
The government’s release of the AI Opportunities Action Plan, which outlines the 50 ways it will expand the AI sector and make the nation a “world leader,” comes just a few weeks after the release of the Code. A significant component of this was the nurturing AI talent.
Stronger measures for cyber security in the United Kingdom.
The Code’s release comes just one day after the U. K.’s National Cyber Security Centre urged software vendors to eradicate so-called “unforgivable vulnerabilities” , , which are vulnerabilities with mitigations that are, for example, cheap and well-documented, and are therefore easy to implement.
Ollie N, the NCSC’s head of vulnerability management, said that for decades, vendors have “prioritised’ features’ and ‘ speed to market’ at the expense of fixing vulnerabilities that can improve security at scale”. Ollie N added that tools like the Code of Practice for Software Vendors will help eliminate a lot of flaws and make sure security is “baked into” the software.
International coalition to develop cyber security workforce
In addition to the Code, the U. K. has launched a new International Coalition on Cyber Security Workforces, partnering with Canada, Dubai, Ghana, Japan, and Singapore. The coalition vowed to work together to close the skill gap in cyber security.
Members of the coalition pledged to align their approaches to cyber security workforce development, adopt common terminology, share best practices and challenges, and maintain an ongoing dialogue. Progress is undoubtedly needed in this field given that only a quarter of cybersecurity professionals are women.
Why this Cyber Code matters for businesses
According to recent research, 99 % of U.K. businesses have experienced at least one cyber incident in the last year, making up 87 % of the country’s businesses. Moreover, only 54 % of U. K. IT professionals are confident in their ability to recover their company’s data after an attack.
In December, the head of the NCSC warned that the U. K.’s cyber risks are “widely underestimated”. Businesses are encouraged to take proactive steps to protect their AI systems and reduce their exposure to cyber threats, even though the AI Cyber Code of Practice is still voluntary.
