The CISA guidelines outline risk management strategies focusing on AI-related threats for critical infrastructure, covering aspects like Attacks Using AI, Attacks Targeting AI Systems, and AI Design and Implementation Failures. These guidelines, in line with the NIST AI RMF, integrate AI risk management into existing programs, with a core Govern function for organizational AI risk management. They stress context-specific risk assessments, urging sectors to tailor guidelines as needed based on sector-specific factors
The guidelines emphasize an 'AI lifecycle' approach to risk management, with stakeholders focusing on different stages depending on their role, like design, deployment, or maintenance. They suggest fostering a 'secure by design' culture, aligning security priorities with organizational goals, ultimately aiming to enhance AI safety and security practices for critical infrastructure. ```https://securityaffairs.com/162565/security/cisa-guidelines-infrastructure-ai-based-attacks.html