The Canadian Centre for Cyber Security (Cyber Centre) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the following international partners in releasing cyber security guidance on supply chain risks and mitigations for artificial intelligence (AI) and machine learning (ML):
- Japan’s National Cybersecurity Office (NCO)
- New Zealand National Cyber Security Centre (NCSC-NZ)
- Republic of Korea’s National Intelligence Service (NIS)
- Singapore’s Cyber Security Agency (CSA)
- United Kingdom’s National Cyber Security Centre (NCSC-UK)
- United States’ National Security Agency (NSA)
AI and ML systems allow organizations to improve their efficiency in various ways, including by making informed decisions, streamlining processes and improving customer experience.
If not securely managed, adopting AI or ML systems and using pre-trained models and third-party data sets can introduce unique supply chain risks and expose your organization to existing vulnerabilities and compromises. Organizations should know what to look out for when developing or incorporating AI and ML into their systems.
This joint guidance is intended for organizations and staff that deploy or develop AI or ML systems and components. The risks and mitigation in this joint guidance should inform organizations’ questions and requirements for vendors when sourcing third-party AI or ML systems and components. It aims to highlight the importance of AI and ML supply chain security and address key risks and mitigations that should be considered when developing or procuring an AI system.
Consult the full joint guidance: Artificial intelligence and machine learning – Supply chain risks and mitigations