Last week, the Cybersecurity Coalition submitted comments in response to the National Institute for Standards and Technology (NIST) Cybersecurity and AI Workshop Concept Paper. 

The Concept Paper approaches the idea of creating a Community Profile on AI for the Cybersecurity Framework to provide practitioners with resources related to implementing the CSF with a focus on AI. The Concept Paper discusses some of the gaps in taxonomy and strategy when it comes to securing AI - and working to secure systems against AI tools. The Coalition agrees that AI introduces new challenges regarding cybersecurity, but AI advances do not - in and of themselves - necessarily require fundamental changes to the way organizations address cybersecurity.

At a time when there’s more noise than signal in some conversations about AI, this intersection of cybersecurity and AI is an excellent focus for standardization and measurement work. There is broad consensus that AI is software, and many foundational approaches to securing software laid out in the NIST CSF translate easily to AI models, tools, and systems. 

An AI profile for the Cybersecurity Framework would help organizations secure AI systems and tools - in the same manner that the CSF does this for cybersecurity risk. By building off this framework, an AI profile is more likely to find widespread adoption to promote safer AI implementation within many organizations. 

An AI profile also can help organizations defend against AI-enabled attacks and help accelerate innovation within their organizations. Standard guidance for the secure deployment of AI technologies can accelerate the adoption and deployment of AI tools. 

We are encouraged by this effort to provide further guidance on AI in cybersecurity by NIST and the National Cybersecurity Center of Excellence. The Coalition appreciates the opportunity to provide input and commends NIST for its openness and commitment to working with industry stakeholders.

‍