In my opinion, it is interesting to observe the adoption of the Cyber Resilience Act in Strasbourg in March12th (2024), and then to see the Canadian Center for Cyber Security (Cyber Center) announce in April15th (2024) that they've joined the National Security Agencyβs (NSA) Artificial Intelligence Security Centre (AISC), the Federal Bureau of Investigation (FBI) and others in releasing guidance to deploying AI systems securely.
Based on my understanding, the established regulation addresses the following,
Challenges?
- A low level of cybersecurity of products, reflected by widespread vulnerabilities,
- An insufficient understanding & access to information by users preventing them from choosing products with adequate cybersecurity properties,
- And, a fragmented legal landscape across EU member states.
Objectives?
- Uniformity of cybersecurity requirements,
- Increased transparency for users,
- And, empower businesses to produce a wide range of effective cybersecurity products.
My favorite takeaway is the unification of cybersecurity requirements for all EU businesses, particularly for microenterprises and small and medium-sized enterprises, which cuts red tape, frees up resources for innovation, and fosters a fairer market!
That said, I believe, with innovation accelerating- AI/ML security is a continuous cycle: identify risks, implement controls, and monitor for problems. Kindly refer to the sources below for specific actionable guidance.
Sources:
- Cyber Resilience Act: https://lnkd.in/gZ79UVrg
- Canadian Cyber Center accouncement: https://lnkd.in/gaNJSvhd
- NSA announcement: "Deploying AI Systems Securely", https://lnkd.in/gfWcvqsW
- Full guidence/report by NSA: https://lnkd.in/gSgMmrFB
Top comments (0)