The CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology provide a comprehensive framework to help critical infrastructure owners and operators securely integrate AI into their OT systems. The guidance outlines four key principles: first, understanding AI and its unique risks in OT environments; second, carefully considering AI use cases in the OT domain while managing data security risks; third, establishing robust AI governance and assurance frameworks that include continuous testing, security audits, and regulatory compliance; and fourth, embedding strong safety and security practices, such as maintaining human oversight, ensuring transparency, using secure deployment methods, and integrating AI into incident response plans. These principles emphasize ongoing monitoring, validation, and refinement of AI models to maintain operational safety, security, and reliability in critical infrastructure systems.
Publication's URL
https://www.cisa.gov/resources-tools/resources/principles-secure-integration-artificial-intelligence-operational-technologyAdditional documents on this topic
- CISA Primary Mitigations to Reduce Cyber Threats to Operational Technology
- OWASP Practical Guide for Secure MCP Server Development
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★
- ETSI EN 304 223: Securing Artificial Intelligence (SAI) – Baseline Cyber Security Requirements for AI Models and Systems
- CSA Data Security within AI Environments