Key AI cybersecurity issues identified by ENISA

The European Union’s cybersecurity agency, the European Network and Information Security Agency (ENISA), published a suite of reports on the cybersecurity challenges of AI. The reports propose that the whole cybersecurity and privacy context (requirements, threats, vulnerabilities and controls) needs to be aligned with the context and reality of each organisation, considering that security and privacy are closely related and equally important.

ENISA has reviewed the EU landscape of AI and IT security in the area of research and innovation and identified six gaps in research innovation, including the lack of adequate information and knowledge about the potential of AI solutions in IT security, as well as the lack of adequate documentation of deployment projects and demonstration activities. ENISA plans to develop a roadmap and set up an observatory for research and development in cybersecurity with a focus on AI.

ENISA also dedicated a report on a multi-layer framework for good cybersecurity practices for AI, addressing three layers of AI: basic cybersecurity relevant to AI, AI-specific cybersecurity, and sector-specific cybersecurity for AI, for the audience of AI stakeholders and national competent authorities (NCAs). While distinguishing between different stakeholders, the report concludes that the EU institutions and member states need to work together to create a globally accepted ethical framework to develop universally acceptable policies.

The reports were published to coincide with the AI Cybersecurity Conference organised by ENISA, which explored the cybersecurity implications of AI chatbots, research and innovation, and legal and industrial compliance challenges.