UK and US develop new global guidelines for AI-focused security

In testament to the UK’s leadership in the realm of AI safety, agencies from no fewer than 17 other countries have confirmed that they will endorse and co-seal the new guidelines.

The Guidelines for Secure AI System Development have been pieced together by the National Cyber Security Centre (NCSC), itself a part of GCHQ, and the Cyber Security and Infrastructure Security Agency (CISA) in the US in co-operation with industry experts and 21 other international agencies and ministries from across the world (including those from all members of the G7 group of nations and from the Global South).

These all-new, UK-led guidelines are the first of their kind to be agreed globally. They will help developers of any systems using AI to make informed cyber security decisions at every stage of the development process, whether those systems have been created from scratch or otherwise built on top of tools and services provided by others.

The guidelines help developers ensure that cyber security is both an essential pre-condition of AI system safety and integral to the development process from the outset and throughout. This is known as a ‘secure by design’ approach.

The official launched took place at an event hosted by the NCSC, at which 100 key industry, Government and international partners gathered for a panel discussion on the shared challenge of securing AI. Panellists included representatives from Microsoft, The Alan Turing Institute and UK, American, Canadian and German cyber security agencies.

Development at pace

NCSC CEO Lindy Cameron said: “We know that AI is developing at a phenomenal pace and, as a result, there’s a need for concerted international action, across Governments and industry, in order to keep up. These new guidelines mark a significant step forward in shaping a truly global and common understanding of the cyber risks and mitigation strategies around AI to ensure that security is not a postscript to development, but instead a core requirement throughout.”

Cameron added: “I’m proud that the NCSC is leading crucial efforts to raise the AI cyber security bar. A more secure global cyber space will help us all to safely and confidently realise this technology’s wonderful opportunities.”

In a keynote speech delivered at Chatham House back in June, Cameron warned about the perils of retrofitting security into AI systems in years to come, stressing the need to ‘bake’ security into AI systems as they’re developed.

These new guidelines are intended as a global, multi-stakeholder effort fashioned to address that issue, building on the UK Government’s AI Safety Summit’s legacy of sustained international co-operation on AI risks.

Collective commitment

CISA director Jen Easterly explained: “Publication of the Guidelines for Secure AI System Development marks a key milestone in our collective commitment, involving Governments across the world, to ensure the development and deployment of AI capabilities that are ‘secure by design’.”

Easterly added: “As nations and organisations embrace the transformative power of AI, this international collaboration, led by CISA and the NCSC, underscores the global dedication to fostering transparency, accountability and secure practices. The domestic and international unity in advancing ‘secure by design’ principles and cultivating a resilient foundation for the safe development of AI systems worldwide could not come at a more important time in our shared technology revolution.”

Further, Easterly outlined: “This joint effort reaffirms our mission to protect critical infrastructure and reinforces the importance of international partnership in securing our digital future.”

Michelle Donelan, Science and Technology Secretary, commented: “I believe the UK is an international standard bearer on the safe use of AI. The NCSC's publication of these new guidelines will put cyber security at the heart of AI development at every stage such that protecting against risk is considered throughout.”

Donelan also said: “Just weeks after we brought world-leaders together at Bletchley Park to reach the first international agreement on safe and responsible AI, we are once again uniting nations and companies in this truly global effort. In doing so, we are driving forward in our mission to harness this decade-defining technology and seize its potential to transform the NHS, revolutionise public services and create the new, high-skilled, high-paid jobs of the future.”

*The guidelines can be accessed on the NCSC’s website at www.ncsc.gov.uk

List of international signatories

The full list of international signatories to the new guidelines is as follows:

Australia – Australian Signals Directorate’s Australian Cyber Security Centre

Canada – Canadian Centre for Cyber Security 

Chile – Chile’s Government CSIRT

Czechia - Czechia’s National Cyber and Information Security Agency

Estonia – Information System Authority of Estonia and the National Cyber Security Centre of Estonia

France – French Cyber Security Agency

Germany – Germany’s Federal Office for Information Security

Israel – Israeli National Cyber Directorate

Italy – Italian National Cyber Security Agency

Japan – Japan’s National Centre of Incident Readiness and Strategy for Cyber Security (NISC: Japan’s Secretariat of Science, Technology and Innovation Policy, Cabinet Office)

New Zealand – New Zealand National Cyber Security Centre

Nigeria – Nigeria’s National Information Technology Development Agency

Norway – Norwegian National Cyber Security Centre

Poland – Poland’s NASK National Research Institute

Republic of Korea – Republic of Korea National Intelligence Service

Singapore – Cyber Security Agency of Singapore

United Kingdom of Great Britain and Northern Ireland – National Cyber Security Centre

United States of America – Cyber Security and Infrastructure Agency, the National Security Agency and the Federal Bureau of Investigations