The UK government has introduced a new cyber security code of practice focused on artificial intelligence, claiming it as a world-first. The Department for Science, Innovation and Technology (DSIT) believes this standard will protect AI systems from cyber attacks, increase productivity, and foster a global coalition to combat the cyber skills shortage.
This code is part of the government’s strategy to use AI as a driving force for economic growth, echoing similar initiatives from the previous administration. It aims to set a global benchmark through the European Telecommunications Standards Institute (ETSI) to define baseline security standards for AI, which faces unique risks like data poisoning and model obfuscation. The government highlights that AI needs specific standards due to its different data management operations compared to traditional software.
The code aligns with the government’s broader goals, making economic growth a key political priority. The UK wants to keep pace with France, which has put forth 25 recommendations for building an AI-driven economy by 2024.
Cyber Security Minister Feryal Clark emphasized the UK’s role in establishing global benchmarks for secure AI innovation. She stated that the code would help businesses operate confidently, secure in their ability to protect critical systems and data. This initiative aims not only to enable businesses to thrive but also to support the development of cutting-edge AI technologies that enhance public services and position the UK as a leader in the global AI sector.
An implementation guide has also been released to help developers understand the requirements for diverse AI systems. This code is built on 13 secure software development principles, which advocate for designing AI with security in mind, ensuring human oversight, and maintaining secure infrastructures and software supply chains.
Ollie Whitehouse, chief technology officer at the National Cyber Security Centre (NCSC), noted that this code is a collaborative effort with global partners. It aims to boost the resilience of AI systems while creating an environment for UK innovation to flourish. He stressed that establishing this security standard helps enhance digital technology’s resilience and strengthens the UK’s reputation as a safe place to work and live online.
The release of this code comes shortly after a National Audit Office report highlighted significant gaps in the cyber resilience of 58 critical government IT systems. The report indicated that the government does not fully understand the vulnerabilities posed by at least 228 outdated systems across various departments. Additionally, it pointed out that one in three cyber security positions in the government were either vacant or held by temporary personnel, which is often more costly.
This code will be submitted to the ETSI’s Securing AI Committee, with the aim of contributing to the development of a global standard. The UK has also joined forces with Japan, Singapore, and Canada to launch the International Coalition on Cyber Security Workforces, emerging from a summit in West Sussex. This coalition aims to unite countries in addressing cyber threats and bridging the global cyber skills gap.