Singapore’s Cyber Security Agency (CSA) has published an extensive set of guidelines and a companion guide aimed at securing artificial intelligence (AI) systems, a move signaling the nation’s proactive stance on managing cybersecurity risks associated with AI. The new resources, titled “Guidelines on Securing AI Systems” and the “Companion Guide on Securing AI Systems,” were developed in consultation with AI and cybersecurity experts across sectors. The CSA emphasizes the need for both system owners and developers to adopt a lifecycle approach to AI security to address potential vulnerabilities effectively.

AI systems, while beneficial across sectors, introduce unique cybersecurity risks. According to the CSA, these systems are vulnerable to a range of novel attacks, including adversarial machine learning, which maliciously alters AI model behavior. The CSA’s publications focus on enhancing trust in AI by encouraging organizations to integrate robust security practices and risk management strategies throughout the AI system lifecycle, from planning and development to deployment and end-of-life.

The “Guidelines on Securing AI Systems” outline several key principles for AI security. It suggests that AI should be designed with security in mind, also known as “secure by design” and “secure by default.” This approach, the CSA notes, will help organizations preemptively manage security risks before they evolve into significant threats. Unlike traditional software, which is generally rule-based, AI systems depend on machine learning and neural networks, making them more adaptive yet inherently more vulnerable to manipulation.

A foundational element of the guidelines is conducting a thorough risk assessment before implementing an AI solution. Risk assessments allow organizations to evaluate potential threats, prioritize security resources, and customize defense strategies based on specific use cases. The guidelines recommend continuous monitoring and feedback loops to maintain security as AI systems evolve.

The CSA advocates for a structured, lifecycle-based approach to AI security, broken down into five stages: planning and design, development, deployment, operations and maintenance, and end-of-life.

1. Planning and Design: At this initial stage, Singapore’s Cyber Security Agency encourages organizations to build security awareness among all personnel involved in AI development, including developers, decision-makers, and cybersecurity practitioners. Conducting a comprehensive security risk assessment is also crucial to identify potential vulnerabilities early in the AI lifecycle.

2. Development: A key focus during development is securing the AI supply chain. Given the dependency on third-party models, data, and APIs, the guidelines stress the importance of assessing supply chain components and ensuring suppliers adhere to established security standards. Additionally, the CSA suggests using software bills of materials (SBOMs) and vulnerability scanning to detect risks introduced through external libraries and open-source models.

3. Deployment: Once an AI system is ready for deployment, organizations must establish secure environments and apply infrastructure security principles. Incident management procedures should also be put in place to ensure a rapid response to any unexpected behavior or security incidents in the AI system.

4. Operations and Maintenance: During this phase, CSA emphasizes the need for continuous monitoring of AI system inputs and outputs. The guidelines highlight the importance of monitoring for adversarial attacks, data drift, and model degradation, which can impact the system’s accuracy and security. It also recommends a secure-by-design approach to system updates to prevent security gaps.

5. End of Life: Proper disposal of data and models is critical when decommissioning AI systems, particularly if sensitive data is involved. Secure disposal practices minimize the risk of data breaches and unauthorized model access.

To complement the guidelines, the “Companion Guide on Securing AI Systems” provides practical security measures and control mechanisms that organizations can adopt at various stages of the AI lifecycle. These are categorized into classical cybersecurity practices and AI-specific controls to address unique AI vulnerabilities.

The companion guide is designed as a “living document” that will be updated regularly, reflecting the fast-paced advancements in AI and cybersecurity. Its recommendations span from traditional controls, such as secure coding and access management, to AI-specific measures like adversarial testing and model hardening. The guide also includes case studies and references to resources like the MITRE ATLAS framework, helping organizations better understand AI-related threats and appropriate responses.

Need Help?

If you’re wondering how Singapore’s Cyber Security Agency AI guidelines, or any other government’s guidelines, bills or regulations could impact you, reach out to BABL AI. Their Audit Experts are ready to provide valuable assistance while answering your questions and concerns.