AI security standard 27090

Earlier today I blogged about the tedium and risks of ISO's slow processes, both consequences of the effort needed to align all those involved in standardisation and produce worthwhile, generally-acceptable standards.

Here's another topical example.

ISO/IEC 27090 "Cybersecurity — Artificial Intelligence — Guidance for addressing security threats and compromises to artificial intelligence systems" is at FDIS stage and will hopefully emerge from the sausage machine "soon-as", meaning this year. Hopefully.

ISO/IEC JTC 1/SC 27's standard development project on 27090 kicked-off way back in 2022, the year that ChatGPT rudely burst onto the scene. Clearly a lot has happened in AI since then, with social, commercial, security and safety implications all over the place.

However, the ISO sausage machine will extrude a cybersecurity standard focused largely on active, deliberate, malicious attacks on AI systems as indicated by the very first clause of section 5:

The possibility of risks involving AI including natural and accidental threats (design flaws, bugs and power issues ...), insider threats, and impacts or consequences beyond whichever organisation owns the AI system (not least, humankind and the biosphere) are underrepresented.

Consider for instance this set of 'severe' (potentially existential) AI risks examined in a scary new MIT study involving subjective assessments by a panel of over 200 AI experts:

Those risks aren't covered by 27090, at least not specifically and explicitly.

Likewise, the standard won't cover the potentially valuable uses of AI for security, safety, privacy management and governance purposes, such as the current excitement over Mythos ... which in turn fuels the rapidly-escalating battles between AI-enabled black and white hats. See for instance Risk Ferguson's intriguing whitepaper "Assume autonomy", or any news headline concerning Ukraine and Russia's drone wars. Would anyone be surprised to learn that Israeli, American and Iranian spooks are using AI for offensive and defensive purposes, right now?

This kind of stuff wasn't exactly mainstream in 2022, but at least some of it was predictable (indeed, predicted!), so how come 27090 is so narrowly focused on those few 'threats'? Hmmm, I'm not sure.

To be fair to the team, it is extremely difficult to standardise anything in such a fluid, rapidly-evolving and complex technological field. Risks and controls are emerging as we collectively get to grips with AI, meaning changes on a daily basis, whereas the timescale needed to prepare, agree and release an ISO standard is about 3+ years.

On a more positive note, once standards emerge, ISO continues to build upon them, enhancing the good bits and quietly dropping the worst. The best standards become platforms anchored on bedrock, stabilising markets and achieving wide acceptance. Will ISO/IEC 27090 make the grade? We'll see.

And so the world turns.