DHS Releases Framework for Safe, Secure Deployment of AI in Critical Infrastructure

The Department of Homeland Security (DHS) released a set of recommendations for the safe and secure development and deployment of Artificial Intelligence (AI) in critical infrastructure, the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” (“Framework”).

This first-of-its kind resource was developed by and for entities at each layer of the AI supply chain: cloud and compute providers, AI developers, and critical infrastructure owners and operators – as well as the civil society and public sector entities that protect and advocate for consumers. The Artificial Intelligence Safety and Security Board (“Board”), a public-private advisory committee established by DHS Secretary Alejandro N. Mayorkas, identified the need for clear guidance on how each layer of the AI supply chain can do their part to ensure that AI is deployed safely and securely in U.S. critical infrastructure. This product is the culmination of considerable dialogue and debate among the Board, composed of AI leaders representing industry, academia, civil society, and the public sector. The report complements other work carried out by the Administration on AI safety, such as the guidance from the AI Safety Institute, on managing a wide range of misuse and accident risks.

America’s critical infrastructure – the systems that power our homes and businesses, deliver clean water, allow us to travel safely, facilitate the digital networks that connect us, and much more – is vital to domestic and global safety and stability. These sectors are increasingly deploying AI to improve the services they provide, build resilience, and counter threats. AI is, for example, helping to quickly detect earthquakes and predict aftershocks, prevent blackouts and other electric-service interruptions, and sort and distribute mail to American households. These uses do not come without risk, and vulnerabilities introduced by the implementation of this technology may expose critical systems to failures or manipulation by nefarious actors. Given the increasingly interconnected nature of these systems, their disruption can have devastating consequences for homeland security.

“AI offers a once-in-a-generation opportunity to improve the strength and resilience of U.S. critical infrastructure, and we must seize it while minimizing its potential harms. The Framework, if widely adopted, will go a long way to better ensure the safety and security of critical services that deliver clean water, consistent power, internet access, and more,” said Secretary Alejandro N. Mayorkas. “The choices organizations and individuals involved in creating AI make today will determine the impact this technology will have in our critical infrastructure tomorrow. I am grateful for the diverse expertise of the Artificial Intelligence Safety and Security Board and its members, each of whom informed these guidelines with their own real-world experiences developing, deploying, and promoting the responsible use of this extraordinary technology. I urge every executive, developer, and elected official to adopt and use this Framework to help build a safer future for all.”

If adopted and implemented by the stakeholders involved in the development, use, and deployment of AI in U.S. critical infrastructure, this voluntary Framework will enhance the harmonization of and help operationalize safety and security practices, improve the delivery of critical services, enhance trust and transparency among entities, protect civil rights and civil liberties, and advance AI safety and security research that will further enable critical infrastructure to deploy emerging technology responsibly. Despite the growing importance of this technology to critical infrastructure, no comprehensive regulation currently exists.

DHS identified three primary categories of AI safety and security vulnerabilities in critical infrastructure: attacks using AI, attacks targeting AI systems, and design and implementation failures. To address these vulnerabilities, the Framework recommends actions directed to each of the key stakeholders supporting the development and deployment of AI in U.S. critical infrastructure as follows:

  • Cloud and compute infrastructure providers play an important role in securing the environments used to develop and deploy AI in critical infrastructure, from vetting hardware and software suppliers to instituting strong access management and protecting the physical security of data centers powering AI systems. The Framework encourages them to support customers and processes further downstream of AI development by monitoring for anomalous activity and establishing clear pathways to report suspicious and harmful activities.
  • AI developers develop, train, and/or enable critical infrastructure to access AI models, often through software tools or specific applications. The Framework recommends that AI developers adopt a Secure by Design approach, evaluate dangerous capabilities of AI models, and ensure model alignment with human-centric values. The Framework further encourages AI developers to implement strong privacy practices; conduct evaluations that test for possible biases, failure modes, and vulnerabilities; and support independent assessments for models that present heightened risks to critical infrastructure systems and their consumers.
  • Critical infrastructure owners and operators manage the secure operations and maintenance of key systems, which increasingly rely on AI to reduce costs, improve reliability and boost efficiency. They are looking to procure, configure, and deploy AI in a manner that protects the safety and security of their systems. The Framework recommends a number of practices focused on the deployment-level of AI systems, to include maintaining strong cybersecurity practices that account for AI-related risks, protecting customer data when fine-tuning AI products, and providing meaningful transparency regarding their use of AI to provide goods, services, or benefits to the public. The Framework encourages critical infrastructure entities to play an active role in monitoring the performance of these AI systems and share results with AI developers and researchers to help them better understand the relationship between model behavior and real-world outcomes.
  • Civil society, including universities, research institutions, and consumer advocates engaged on issues of AI safety and security, are critical to measuring and improving the impact of AI on individuals and communities. The Framework encourages civil society’s continued engagement on standards development alongside government and industry, as well as research on AI evaluations that considers critical infrastructure use cases. The Framework envisions an active role for civil society in informing the values and safeguards that will shape AI system development and deployment in essential services.
  • Public sector entities, including federal, state, local, tribal, and territorial governments, are essential to the responsible adoption of AI in critical infrastructure, from supporting the use of this technology to improve public services to advancing standards of practice for AI safety and security through statutory and regulatory action. The United States is a world leader in AI; accordingly, the Framework encourages continued cooperation between the federal government and international partners to protect all global citizens, as well as collaboration across all levels of government to fund and support efforts to advance foundational research on AI safety and security.

Featured

  • TSA Intercepts 6,678 Firearms at Airport Security Checkpoints in 2024

    During 2024, the Transportation Security Administration (TSA) intercepted a total of 6,678 firearms at airport security checkpoints, preventing them from getting into the secure areas of the airport and onboard aircraft. Approximately 94% of these firearms were loaded. This total is a minor decrease from the 6,737 firearms stopped in 2023. Throughout 2024, TSA managed its “Prepare, Pack, Declare” public awareness campaign to explain the steps for safely traveling with a firearm. Read Now

  • 2024 Gun Violence Report: Fewer Overall Incidents, but School Deaths and Injuries Are on the Rise

    Omnilert, provider of gun detection technology, today released its compilation of Gun Violence Statistics for 2024 summarizing gun violence tragedies and their adverse effects on Americans and the economy. While research showed a decrease in overall deaths and injuries, the rising number of school shootings and fatalities and high number of mass shootings underscored the need to keep more people safe in schools as well as places of worship, healthcare, government, retail and commerce, finance and banking, hospitality and other public places. Read Now

  • Survey: Only 7 Percent of Business Leaders Using AI in Physical Security

    A new survey from Pro-Vigil looks at video surveillance trends, how AI is impacting physical security, and more. Read Now

  • MetLife Stadium Uses Custom Surveillance Solution from Axis Communications

    Axis Communications, provider of video surveillance and network devices, today announced the implementation of a custom surveillance solution developed in collaboration with the MetLife Stadium security team. This new, tailored solution will help the venue augment its security capabilities, providing high-quality video at unprecedented distances and allowing the security team to identify details from anywhere in the venue. Read Now

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3