CSA Launches Guidelines on Securing Artificial Intelligence Systems

With the growing deployment of Artificial Intelligence (“AI“) systems, the associated cybersecurity risks have become a major concern, highlighting the importance of making AI secure by design and secure by default. To help organisations adopt AI in a secure manner, the Cyber Security Agency of Singapore (“CSA“) has launched the Guidelines on Securing AI Systems (“Guidelines“) and the accompanying Companion Guide for Securing AI Systems (“Companion Guide“) on 15 October 2024.

The Guidelines identify potential threats and risks in AI systems, such as supply chain attacks and Adversarial Machine Learning. It includes principles to guide decision-makers and practitioners on implementation of security controls and best practices to protect AI systems. The Guidelines recommend a holistic approach for the identification and mitigation of security risks, covering the five key stages in the AI life cycle:

  1. Planning and Design: Raise awareness of AI security threats and develop risk assessments. 
  2. Development: Supply chain security and protection of AI assets.
  3. Deployment: Secure infrastructure, establish incident management processes and AI benchmarking and red-teaming.
  4. Operations and Maintenance: Monitor for security anomalies and establish vulnerability disclosure processes.
  5. End of Life: Ensure secure and proper disposal of data and model artefacts.

The Companion Guide complements the Guidelines by providing practical measures and controls that system owners can consider to achieve compliance with the Guidelines. The Companion Guide is intended as a community-driven resource, which will continue to be updated to account for technological developments.

Click on the following links for more information (available on the CSA website at www.csa.gov.sg):


Disclaimer

Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.

The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.

Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.

CONTACTS

Head, Technology, Media & Telecommunications
+65 6232 0751
Brunei, Singapore,
Deputy Head, Technology, Media & Telecommunications
+65 6232 0786
Singapore,
Deputy Head, Technology, Media & Telecommunications
+65 6232 0738
Singapore,

Country

EXPERTISE

Share

Rajah & Tann Asia is a network of legal practices based in Asia.

Member firms are independently constituted and regulated in accordance with relevant local legal requirements. Services provided by a member firm are governed by the terms of engagement between the member firm and the client.

This website is solely intended to provide general information and does not provide any advice or create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on this website.

© 2024 Rajah & Tann Singapore LLP. All rights reserved. Rajah & Tann Singapore LLP (UEN T08LL0005E) is registered in Singapore under the Limited Liability Partnerships Act (Chapter 163A) with limited liability.