This includes threats to artificial intelligence systems from both conventional sources and other AIs.
The ETSI Securing Artificial Intelligence group was initiated to anticipate that autonomous mechanical and computing entities may make decisions that act against the relying parties either by design or as a result of malicious intent. The conventional cycle of networks risk analysis and countermeasure deployment represented by the Identify-Protect-Detect-Respond cycle needs to be re-assessed when an autonomous machine is involved. The intent of the ISG SAI is therefore to address 3 aspects of artificial intelligence in the standards domain:
-
Securing AI from attack e.g. where AI is a component in the system that needs defending
-
Mitigating against AI e.g. where AI is the ‘problem’ or is used to improve and enhance other more conventional attack vectors
-
Using AI to enhance security measures against attack from other things e.g. AI is part of the ‘solution’ or is used to improve and enhance more conventional countermeasures.
The purpose of the ETSI ISG SAI is to develop the technical knowledge that acts as a baseline in ensuring that artificial intelligence is secure. Stakeholders impacted by the activity of ETSI’s group include end users, manufacturers, operators and governments.
The first meeting of the group will initiate three main activities:
AI Threat Ontology
Currently, there is no common understanding of what constitutes an attack on AI and how it might be created, hosted and propagated. The work to be undertaken here will seek to define what would be considered an AI threat and how it might differ from threats to traditional systems. Hence, the AI Threat Ontology specification seeks to align terminology across the different stakeholders and multiple industries. ETSI specifications will define what is meant by these terms in the context of cyber and physical security and with a narrative that should be readily accessible to all. This threat ontology will address AI as system, attacker and defence.
