欧盟AI网络安全与标准化报告.pdf

该【欧盟AI网络安全与标准化报告 】是由【翩仙妙玉】上传分享，文档一共【37】页，该文档可以免费在线阅读，需要了解更多关于【欧盟AI网络安全与标准化报告 】的内容，可以使用淘豆网的站内搜索功能，选择自己适合的文档，以下文字是截取该文章内的部分文字，如需要获得完整电子版，请下载此文档到您的设备，方便您编辑和打印。:..CYBERSECURITYOFAIANDSTANDARDISATIONMARCH20230:..CYBERSECURITYOFAIANDSTANDARDISATIONABBREVIATIONSAbbreviationDefinitionAIArtificialIntelligenceCEN-mitteeforStandardisation–mitteeforElectrotechnicalStandardisationCENELECCIAConfidentiality,IntegrityandAvailabilityENEuropeanStandardanisationmunicationsStandardsInstituteGRGroupReportmunicationsTechnologyISGIndustrySpecificationGroupanizationforStandardizationITInformationTechnologymitteeMLMachineLearningNISTNationalInstituteofStandardsandTechnologyR&DResearchAndDevelopmentSAISecurityofArtificialIntelligencemitteeSDOStandards-anisationTRTechnicalReportTSTechnicalSpecificationsWIWorkItem1:..CYBERSECURITYOFAIANDSTANDARDISATIONABOUTENISATheEuropeanUnionAgencyforCybersecurity,ENISA,istheUnion’,theEuropeanUnionAgencyforCybersecuritycontributestoEUcyberpolicy,enhancesthetrustworthinessofICTproducts,servicesandprocesseswithcybersecuritycertificationschemes,cooperateswithMemberStatesandEUbodies,,capacitybuildingandawarenessraising,theAgencyworkstogetherwithitskeystakeholderstostrengthentrustintheconnectedeconomy,toboostresilienceoftheUnion’sinfrastructure,and,ultimately,tokeepEurope’:.eu.******@,******@,,(S)ENISA:,wewouldliketothanktheENISAAdHocExpertGrouponArtificialIntelligence(AI)cybersecurityforthevaluablefeed-:..CYBERSECURITYOFAIANDSTANDARDISATIONLEGALNOTICEThispublicationrepresentstheviewsandinterpretationsofENISA,(EU)No2019/,-?EuropeanUnionAgencyforCybersecurity(ENISA),2023-“Unlessotherwisenoted,)licencehttps:///licenses/by//).Thismeansthatreuseisallowed,providedthatappropriatecreditisgivenandanychangesareindicated”.Coverimage?.ForanyuseorreproductionofphotosorothermaterialthatisnotundertheENISAcopyright,-92-9204-616-3,,TP-03-23-011-EN-C3:..:---––--::..-:..CYBERSECURITYOFAIANDSTANDARDISATIONEXECUTIVESUMMARYTheoverallobjectiveofthepresentdocumentistoprovideanoverviewofstandards(existing,beingdrafted,underconsiderationandplanned)relatedtothecybersecurityofartificialintelligence(AI),,andinparticularmachinelearning,andbyadoptingabroadviewofcybersecurity,passingboththe‘traditional’confidentiality–integrity–,thereportexamineshowstandardisationcansupporttheimplementationofthecybersecurityaspectsembeddedinthe(2021)206final)(draftAIAct).ThereportdescribesthestandardisationlandscapecoveringAI,bydepictingtheactivitiesofthemainStandards-anisations(SDOs),(suchasISO-IEC27001andISO-IEC9001),inessence,,whilethereportfocusesonsoftwareaspects,thenotionofAIcanincludebothanisationalelementsbeyondsoftware,-specificanalysis,andthefactthatsomeaspectsofcybersecurityarestillthesubjectofresearchanddevelopment,,existingstandardsseemnottoaddressspecificaspectssuchastheponents,ormetricson,forexample,,ascybersecuritycanbeconsideredasinstrumentaltothecorrectimplementationoftrustworthinessfeaturesofAIand–conversely–,itisnotedthatthereisariskthattrustworthinessishandledseparatelywithinAI-specificandcybersecurity-,,thereportstressestheimportanceoftheinclusionofcybersecurityaspectsintheriskassessmentofhigh-,,itnotesthatthegovernancesystemsdrawnupbythedraftAIActandthe6:..CYBERSECURITYOFAIANDSTANDARDISATIONCybersecurityAct(CSA),(EU)2019/881oftheEuropeanParliamentandoftheCouncilof17April2019onENISA(theEuropeanUnionAgencyforCybersecurity)municationstechnologycybersecuritycertificationandrepealingRegulation(EU)No526/2013(CybersecurityAct)(https://eur-).7:..(existing,beingdrafted,underconsiderationandplanned)relatedtothecybersecurityofartificialintelligence(AI),(2021)206final)(thedraftAIAct)-anisations(SDOs)andpublicsector/,inparticular:?munity;?munity,AIcybersecurityexpertsandAIexperts(designers,developers,machinelearning(ML)experts,datascientists,etc.)withaninterestindevelopingsecuresolutionsandinintegratingsecurityandprivacybydesignintheirsolutions;?businesses(includingsmallandmedium-sizedenterprises)thatmakeuseofAIsolutionsand/orareengagedincybersecurity,,integrityandavailability(CIA)securitymodel,:?definitionoftheperimeteroftheanalysis(Chapter2):introductiontotheconceptsofAIandcybersecurityofAI;?inventoryofstandardisationactivitiesrelevanttothecybersecurityofAI(Chapter3):overviewofstandardisationactivities(bothAI-specificandnon-AIspecific)supportingthecybersecurityofAI;?analysisofcoverage(Chapter4):analysisofthecoverageofthemostrelevantstandardsidentifiedinChapter3withrespecttotheCIAsecuritymodelandtotrustworthinesscharacteristicssupportingcybersecurity;?wrap-upandconclusions(Chapter5):buildingontheprevioussections,mendationsonactionstoensurestandardisationsupporttothecybersecurityofAI,:..:,,andwhatitisnot,isstilllargelyunresolved–partlyduetotheinfluenceofmarketingbehindtheterm‘AI’.Evenatthescientificlevel,,numerousforumshaveadopted/:Example–DefinitionofAI,asincludedinthedraftAIActInitsdraftversion,theAIActproposesadefinitioninArticle3(1):‘artificialintelligencesystem’(AIsystem)meanssoftwarethatisdevelopedwithoneormoreofthetechniquesandapproacheslistedinAnnexIandcan,foragivensetofhuman-definedobjectives,generateoutputssuchascontent,predictions,mendations,:?Machinelearningapproaches,includingsupervised,unsupervisedandreinforcementlearning,usingawidevarietyofmethodsincludingdeeplearning;?logic-andknowledge-basedapproaches,includingknowledgerepresentation,inductive(logic)programming,knowledgebases,inferenceanddeductiveengines,(symbolic)reasoningandexpertsystems;?statisticalapproaches,Bayesianestimation,searchandoptimisationmethodsInlinewithpreviousENISAwork,whichconsidersitthedrivingforceintermsofAItechnologies,,,theUnitedNationsEducational,anization(UNESCO)inthe‘Firstdraftofthemendationontheethicsofartificialintelligence’,mission’sHigh-(https://.eu/publications/securing-machine-learning-algorithms).9:..CYBERSECURIT