Cyber & IT Supervisory Forum - Additional Resources

A multilayer framework for good cybersecurity practices for AI June 2023

(5) Do you offer practical trainings to the AI stakeholders and can elaborate to which stakeholders? If yes, please elaborate.

For these two questions, none of the 10 MS reported on ongoing specific modules on AI cybersecurity, although these concerns are expected to be addressed in AI courses. Regarding the practical trainings, self-learning material was mentioned by one MS.

(6) Do you organise national, regional and cross-border cybersecurity exercises enabling the upskilling of the AI stakeholders? If yes, please elaborate.

Despite existing cross-border cybersecurity exercises, nothing specific to AI security was reported in response to this question.

Conclusions MS recognise the need to consider the security of AI at all levels of education and a good engagement with the educational community on cybersecurity topics. However, they do not yet provide specific courses or training dedicated to AI security. Regarding awareness campaigns and guidance, it is worth mentioning that one MS mentioned a label for digitally responsible businesses to cover both cybersecurity, privacy, and trustworthy AI, while another mentioned a report on self-assessment guidance for AI/ML risk over the life cycle. Figure 12 illustrates this tendency.

Figure 12 : Overview of AI-related ‘Human capital’ answers

Human Capital

10 12

0 2 4 6 8

1 (M)

2 (M)

3 (M)

4.

5.

6.

Answers AI-related

From the lab to the market According to the coordinated plan on AI, supporting AI research and innovation related to threats and attacks on AI and offering solutions for testing promising AI solutions is critical to ensure cybersecurity obligations in the uptake of developments from the lab to the market.

(7) What type of support (funding/scholarships/collaboration opportunities) do you offer to increase the cybersecurity capabilities of newly innovative solutions that rely on AI? (M)

Two MS mentioned projects where AI is used as an enabler of cybersecurity and one MS mentioned involvement on research initiatives about the secure use of AI. Two other MS reported on the opening of calls regarding AI.

(8) Have you informed national AI stakeholders on cybersecurity requirements set by the NCAs for their AI products and how do you do it? (M)

Most of the MS are not yet applying any information regarding cybersecurity requirements for AI products and expect the AI Act to provide guidance on how to do it. One of the MS mentioned some workshops and labs with this aim, while another mentioned the existence of a direct contact with national and international stakeholders to inform them about new requirements.

29