Sign up to save your podcasts
Or
Share Adapting cybersecurity frameworks to manage frontier AI risks: A defense-in-depth approach
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Adapting cybersecurity frameworks to manage frontier AI risks: A defense-in-depth approach
The complex and evolving threat landscape of frontier AI development requires a multi-layered approach to risk management (“defense-in-depth”). By reviewing cybersecurity and AI frameworks, we outline three approaches that can help identify gaps in the management of AI-related risks.
First, a functional approach identifies essential categories of activities (“functions”) that a risk management approach should cover, as in the NIST Cybersecurity Framework (CSF) and AI Risk Management Framework (AI RMF).
Second, a lifecycle approach instead assigns safety and security activities across the model development lifecycle, as in DevSecOps and the OECD AI lifecycle framework.
Third, a threat-based approach identifies tactics, techniques, and procedures (TTPs) used by malicious actors, as in the MITRE ATT&CK and MITRE ATLAS databases.
We recommend that frontier AI developers and policymakers begin by adopting the functional approach, given the existence of the NIST AI RMF and other supplementary guides, but also establish a detailed frontier AI lifecycle model and threat-based TTP databases for future use.
---
Outline:
(00:18) Executive Summary
(09:23) 1 | Introduction
(11:34) 2 | Defense-in-depth for frontier AI systems
(12:07) 2.1 | Commonalities between domains implementing defense-in-depth
(16:30) 2.2 | Defense-in-depth in nuclear power
(20:20) 2.3 | Cybersecurity as a model for AI
(20:25) 2.3.1 | Cybersecurity defense-in-depth in the 2000s and beyond
(22:26) 2.3.2 | Complementary approaches to address evolving capabilities and threats
(27:59) 2.3.3 | Benchmarking measures to the appropriate level of risk
(30:55) 2.4 | Three approaches to AI defense-in-depth
(35:05) 3 | Functional approach
(37:44) 3.1 | What does this look like in cybersecurity?
(40:52) 3.2 | Why take a functional approach?
(42:00) 3.3 | Usage for frontier AI governance
(42:54) 3.3.1 | The NIST AI RMF
(44:30) 3.3.2 | Tailoring the AI RMF to frontier AI safety and security concerns
(48:36) 3.3.3 | Providing detailed controls
(51:06) 3.3.4 | Defense-in-depth using the NIST AI RMF
(54:00) 3.4 | Limitations and future work
(55:37) 4 | Lifecycle approach
(57:32) 4.1 | What does this look like in cybersecurity?
(58:24) 4.1.1 | Security Development Lifecycle (SDL) framework
(01:00:12) 4.1.2 | The DevSecOps framework
(01:02:02) 4.2 | Why take a lifecycle approach?
(01:04:40) 4.3 | Usage for frontier AI governance
(01:05:04) 4.3.1 | Existing descriptions of the AI development lifecycle
(01:08:55) 4.3.2 | Proposed lifecycle framework
(01:12:10) 4.3.3 | Discussion of proposed framework
(01:12:15) “Shifting left” on AI safety and security
(01:17:55) Deployment and post-deployment measures
(01:19:22) 4.4 | Limitations and future work
(01:21:29) 5 | Threat-based approach
(01:23:27) 5.1 | What does this look like in cybersecurity?
(01:26:11) 5.1.1 | An alternative threat-based approach: the kill chain
(01:27:41) 5.2 | Why take a threat-based approach?
(01:30:29) 5.3 | Usage for frontier AI governance
(01:30:34) 5.3.1 | Existing work
(01:34:05) 5.3.2 | Proposed threat-based approaches
(01:35:24) An “effect on model” approach
(01:37:21) An “effect on world” approach
(01:40:15) 5.3.3 | Application to national critical functions
(01:43:38) 5.4 | Limitations and future work
(01:46:21) 6 | Evaluating and applying the suggested frameworks
(01:46:34) 6.1 | Context for applying frameworks
(01:48:56) 6.2 | Application to existing measures
(01:51:59) 6.2.1 | Functional
(01:56:13) 6.2.2 | Lifecycle
(01:58:12) 7 | Conclusion
(01:58:37) 7.1 | Overview of Next Steps
(02:00:29) 7.2 | Recommendations
(02:01:15) Acknowledgments
(02:02:50) Appendix A: Relevant frameworks in nuclear reactor safety and cybersecurity
(02:03:14) Appendix A-1: Defense-in-depth levels in nuclear reactor safety
(02:04:18) Appendix A-2: Relevant cybersecurity frameworks
(02:04:24) Defense-in-depth frameworks
(02:07:11) NIST SP 800-172: Defense-in-depth against advanced persistent threats
(02:10:06) Appendix A-3: The NIST Cybersecurity Framework (CSF)
(02:12:42) Common uses of the NIST CSF
(02:14:26) Appendix B: NIST AI Risk Management Framework
(02:15:20) Appendix B-1: Govern
(02:20:19) Appendix B-2: Map
(02:25:35) Appendix B-3: Measure
(02:31:04) Appendix B-4: Manage
The original text contained 123 footnotes which were omitted from this narration.
---
First published:
October 13th, 2023
Source:
https://www.iaps.ai/research/adapting-cybersecurity-frameworks
View all episodes
By Institute for AI Policy and StrategyThe complex and evolving threat landscape of frontier AI development requires a multi-layered approach to risk management (“defense-in-depth”). By reviewing cybersecurity and AI frameworks, we outline three approaches that can help identify gaps in the management of AI-related risks.
First, a functional approach identifies essential categories of activities (“functions”) that a risk management approach should cover, as in the NIST Cybersecurity Framework (CSF) and AI Risk Management Framework (AI RMF).
Second, a lifecycle approach instead assigns safety and security activities across the model development lifecycle, as in DevSecOps and the OECD AI lifecycle framework.
Third, a threat-based approach identifies tactics, techniques, and procedures (TTPs) used by malicious actors, as in the MITRE ATT&CK and MITRE ATLAS databases.
We recommend that frontier AI developers and policymakers begin by adopting the functional approach, given the existence of the NIST AI RMF and other supplementary guides, but also establish a detailed frontier AI lifecycle model and threat-based TTP databases for future use.
---
Outline:
(00:18) Executive Summary
(09:23) 1 | Introduction
(11:34) 2 | Defense-in-depth for frontier AI systems
(12:07) 2.1 | Commonalities between domains implementing defense-in-depth
(16:30) 2.2 | Defense-in-depth in nuclear power
(20:20) 2.3 | Cybersecurity as a model for AI
(20:25) 2.3.1 | Cybersecurity defense-in-depth in the 2000s and beyond
(22:26) 2.3.2 | Complementary approaches to address evolving capabilities and threats
(27:59) 2.3.3 | Benchmarking measures to the appropriate level of risk
(30:55) 2.4 | Three approaches to AI defense-in-depth
(35:05) 3 | Functional approach
(37:44) 3.1 | What does this look like in cybersecurity?
(40:52) 3.2 | Why take a functional approach?
(42:00) 3.3 | Usage for frontier AI governance
(42:54) 3.3.1 | The NIST AI RMF
(44:30) 3.3.2 | Tailoring the AI RMF to frontier AI safety and security concerns
(48:36) 3.3.3 | Providing detailed controls
(51:06) 3.3.4 | Defense-in-depth using the NIST AI RMF
(54:00) 3.4 | Limitations and future work
(55:37) 4 | Lifecycle approach
(57:32) 4.1 | What does this look like in cybersecurity?
(58:24) 4.1.1 | Security Development Lifecycle (SDL) framework
(01:00:12) 4.1.2 | The DevSecOps framework
(01:02:02) 4.2 | Why take a lifecycle approach?
(01:04:40) 4.3 | Usage for frontier AI governance
(01:05:04) 4.3.1 | Existing descriptions of the AI development lifecycle
(01:08:55) 4.3.2 | Proposed lifecycle framework
(01:12:10) 4.3.3 | Discussion of proposed framework
(01:12:15) “Shifting left” on AI safety and security
(01:17:55) Deployment and post-deployment measures
(01:19:22) 4.4 | Limitations and future work
(01:21:29) 5 | Threat-based approach
(01:23:27) 5.1 | What does this look like in cybersecurity?
(01:26:11) 5.1.1 | An alternative threat-based approach: the kill chain
(01:27:41) 5.2 | Why take a threat-based approach?
(01:30:29) 5.3 | Usage for frontier AI governance
(01:30:34) 5.3.1 | Existing work
(01:34:05) 5.3.2 | Proposed threat-based approaches
(01:35:24) An “effect on model” approach
(01:37:21) An “effect on world” approach
(01:40:15) 5.3.3 | Application to national critical functions
(01:43:38) 5.4 | Limitations and future work
(01:46:21) 6 | Evaluating and applying the suggested frameworks
(01:46:34) 6.1 | Context for applying frameworks
(01:48:56) 6.2 | Application to existing measures
(01:51:59) 6.2.1 | Functional
(01:56:13) 6.2.2 | Lifecycle
(01:58:12) 7 | Conclusion
(01:58:37) 7.1 | Overview of Next Steps
(02:00:29) 7.2 | Recommendations
(02:01:15) Acknowledgments
(02:02:50) Appendix A: Relevant frameworks in nuclear reactor safety and cybersecurity
(02:03:14) Appendix A-1: Defense-in-depth levels in nuclear reactor safety
(02:04:18) Appendix A-2: Relevant cybersecurity frameworks
(02:04:24) Defense-in-depth frameworks
(02:07:11) NIST SP 800-172: Defense-in-depth against advanced persistent threats
(02:10:06) Appendix A-3: The NIST Cybersecurity Framework (CSF)
(02:12:42) Common uses of the NIST CSF
(02:14:26) Appendix B: NIST AI Risk Management Framework
(02:15:20) Appendix B-1: Govern
(02:20:19) Appendix B-2: Map
(02:25:35) Appendix B-3: Measure
(02:31:04) Appendix B-4: Manage
The original text contained 123 footnotes which were omitted from this narration.
---
First published:
October 13th, 2023
Source:
https://www.iaps.ai/research/adapting-cybersecurity-frameworks