ETSI has released new technical specifications aimed at improving cybersecurity in artificial intelligence (AI) systems in response to the rise in digital threats.
Document entitled “Etsi TS 104 223” – Protecting Artificial Intelligence (SAI); Baseline Cybersecurity Requirements for AI Models and Systems’ sets a set of requirements designed to protect end users and provide actionable guidance for AI security.
This specification employs a lifecycle approach to AI security, sets its core principles that extend to a total of 72 trackable requirements across five different lifecycle phases. They are intended to enhance the security practices of all actors involved in the development and deployment of AI systems.
The advantages of this approach include the establishment of transparent, high-level security principles and practical provisions to protect AI. This requirement covers a wide range of stakeholders in the AI supply chain, including developers, vendors, integrators and operators. The goal is to provide the foundation for defending AI systems amidst rapidly evolving cyber threats.
According to ETSI, AI technology includes unique security challenges that traditional software does not exist. These include risks such as data addiction, model obfuscation, indirect rapid injection, and issues related to complex data management practices. The new specifications respond by merging established cybersecurity principles with current AI security research and new guidance specifically developed for these threats.
This specification was prepared by the ETSI Technical Committee (SAI), which consists of participants from international organizations, government agencies and cybersecurity experts. ETSI said this collaborative multidisciplinary development process makes the requirements more relevant globally and suitable for practical deployment in diverse contexts.
In addition to the main requirements document, ETSI has committed to releasing an implementation guide aimed at supporting small and medium-sized businesses (SMEs) and other stakeholders. This supplementary guide supports organizations to meet the security baselines specified in TS 104 223 in case studies covering a variety of deployment environments.
Scott Cadow, chairman of ETSI’s Technical Committee to Protect Artificial Intelligence, commented: It helps you do that – not only in Europe, but around the world. ”
“This publication is the global first to set a clear baseline to ensure AI, setting TC SAI on the path to giving trust to the security of AI for all stakeholders.”
ETSI’s focus on supporting end users with accessible guidance identifies an attempt to raise standards for AI security while encouraging practical implementation by organizations of all sizes. The new specifications and their support guide are intended to serve as the reference point for the international AI industry amid continuing concerns about digital safety and trust.
