What is the Framework for Artificial Intelligence Cybersecurity Practices (FAICP), from ENISA?
The proposed FAICP framework is the response from the European Union Agency for Cybersecurity (ENISA) to the EU Artificial Intelligence Act ("AI Act"), that lays down harmonised rules for the placing on the market, the putting into service, and the use of artificial intelligence systems in the European Union.
The FAICP is a framework for AI good cybersecurity practices necessary for securing the ICT infrastructures and the hosted AI, taking into account the AI life cycle (from system concept to decommissioning), and all elements of the AI supply chain, associated actors, processes and technologies.
The FAICP framework consisting of three layers:
- Basic cybersecurity relevant to AI,
- AI specific cybersecurity, and
- Sector-specific cybersecurity for AI.
The framework adopts the view that AI systems are hosted by an ICT infrastructure and, as such, the stakeholders need to first conduct their basic cybersecurity practices (Layer I).
Then they need to pay attention to additional cybersecurity challenges that the AI systems reveal due to their dynamic and socio-technical nature and complement their efforts with additional cybersecurity practices (Layer II).
Finally, the use of AI systems in various economic sectors require further cybersecurity practices to be applied (Layer III).
Understanding the Framework for AI Cybersecurity Practices (FAICP)
Layer I – Cybersecurity Foundations
AI systems are hosted in ICT infrastructures and in this first layer of the proposed framework, we emphasise the need to start by securing the ICT-hosted ecosystem as a whole using basic cybersecurity practices.
We present the basic cybersecurity principles and procedures as described in various standards, methods and best practices that need to be applied by AI stakeholders.
However, due to the dynamic, constantly evolving nature of AI systems, the cybersecurity foundations built in this layer leave some additional open issues that will be outlined and further analysed in Layer II, where additional cybersecurity practices will accompany the basic ones described in this layer.
The key elements of this layer are:
- security management of the ICT infrastructure hosting AI systems;
- security management;
- cybersecurity certification;
- cybersecurity legislation and policies that affect AI systems.
ICT encompasses the infrastructure and assets that enable digital computing. All organisations rely on the secure operations of ICT for their business/digital activities, regardless of whether the ICT is hosted in-house or owned by a third party (cloud provider, supply chain business partner).
The components of any ICT infrastructure can be viewed as a scalable pyramid of six building blocks:
The first building block (Infrastructure) consists of all physical assets, used in the 2nd building block (Telecom) where all types of networks and telecom equipment are placed.
These are necessary for the 3rd block (IT applications and technologies), which also contains assets related to AI systems.
The 4th block (Domain/sectoral e/m-services) includes all digital services, while the 5th block (Data and data processes) includes all the types of data used in the previous blocks.
Finally, the 6th block (Users/procedures) includes all users that interact with all components from the previous blocks, i.e. internal and external physical entities (e.g. persons, enterprises), smart objects (e.g. IoT) and operational procedures.
Any ICT system is a cyber-physical system, since the first and last blocks (Users and Infrastructure) of the ICT are the physical layers, whereas the four intermediate blocks are the cyber layers.
Cybersecurity of an ICT infrastructure should cover the following dimensions (also known as ‘CIA’): confidentiality, integrity/authenticity and availability/non-repudiation (Figure 3) for all six blocks and all assets within the layers of the ICT infrastructure.
Layer II – AI Fundamentals and Cybersecurity
In the previous section we addressed the various blocks within an ICT infrastructure and discussed the characteristics of the first blocks and the related tools and legislation.
AI systems are part of the 3rd block, see Figure 2.
In this chapter, we assume that AI systems are supported by a trusted hardware infrastructure and focus on the particularities of these types of systems, their properties, threats, risks and related tools and legislation.
The key elements of this layer are:
- AI legislation
- Types of AI
- AI assets and procedures
- AI threat assessment
- AI security management
- AI-related standards
- Ethical and trustworthy AI
- Networks and initiatives
Layer III – Sector-Specific Cybersecurity Good Practices
AI is a technology that has entered all economic sectors (e.g. automotive, health, maritime, finance).
The third layer of the FAICP framework provides additional recommendations and best practices available in order to address cybersecurity issues in the AI systems used in some of these sectors.
While almost every economic sector already relies on AI systems, we have identified below only those sectors for which we managed to find relevant cybersecurity guidelines.
Additionally, ENISA’s reports can be used to identify sectoral threats (e.g. 5G, AI, supply chain).