Robustness, Security and Safety

Robustness, Security and Safety

Under all conditions, AI systems should remain robust, secure and safe. This ensures that if any adverse conditions are then met, the AI systems remains in safe condition and does not pose any threat to the user. 

Furthermore, safety mechanisms should be implemented, throughout the entire lifecycle of the AI system so that harm is recognised and repaired immediately. Deployers should always employ a risk management approach when meeting the requirements of this principle. This maintains the safety of the users and integrity of the system if the system begins to perform differently to its defined purpose. 

 

The recommendation by OECD provides two ways to maintain robust, safe and secure AI systems. 

1- Traceability and subsequent analysis and inquiry

2-Applying a risk management approach 

Traceability can help to understand outcomes and prevent future mistakes. In addition to this it provides a level of accountability to the deployers and implements trust into the AI systems. 

 A risk Management approach is crucial in meeting the needs of this principle. When applied throughout the lifecycle of an AI system this can help to identify, assess and mitigate any unwanted behaviour or outcomes. Ensure to document this system to track all outcomes as this can help to uphold the principle and maintain security. 

Steps for Implementation

Establish Clear Objectives and Standards

  • Define robustness, security, and safety requirements based on the context in which the AI system will operate.
  • Align objectives with international standards like ISO/IEC 27001 (Information Security) and ISO/IEC 23894 (AI System Risk Management).
  • Create metrics to measure robustness, security, and safety.

Risk Assessment

  • Conduct a thorough risk assessment to identify potential vulnerabilities and safety concerns.
  • Evaluate risks related to adversarial attacks, data breaches, and operational safety failures.
  • Use frameworks such as the National Institute of Standards and Technology (NIST) AI Risk Management Framework.

Secure Data and Models

  • Ensure data integrity by applying encryption and access controls.
  • Regularly audit datasets for biases, anomalies, or inconsistencies that may compromise safety or security.
  • Protect machine learning models against extraction, poisoning, and evasion attacks.

Enhance Explainability and Transparency

  • Design systems that provide clear explanations of decision-making processes, especially in safety-critical applications.
  • Document robustness, security, and safety measures to build trust and accountability.
  • Provide users and stakeholders with detailed safety and security disclosures.

Regular Updates and Maintenance

  • Continuously update software and hardware to address emerging threats and vulnerabilities.
  • Maintain a robust patch management strategy for ongoing improvement.
  • Use version control systems to track changes and ensure backward compatibility.

Evaluate and Report

  • Periodically review system performance to ensure it meets robustness, security, and safety goals.
  • Publish reports detailing efforts, results, and ongoing improvements in these areas.
  • Use feedback from evaluations to enhance future implementations.