Blog
The Intersection of AI and Cybersecurity: Organizational Governance
By: Peter Dewar, Linea Solutions
This article covers how to use the NIST AI framework to successfully integrate AI into operational use, as well as some of the pitfalls that can come from bad actors external to the organization using AI for nefarious purposes.
This is an excerpt from NCPERS Spring 2025 issue of PERSist.
Artificial Intelligence (AI) is revolutionizing various sectors, including pension fund management. While AI offers opportunities for enhanced productivity and member services, it also introduces new cybersecurity challenges. Implementing robust cybersecurity governance frameworks, such as the National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework (AI RMF) 1.0, is essential for managing these risks effectively.
The NIST AI Risk Management Framework (AI RMF) 1.0
Released in January 2023, the NIST AI RMF 1.0 is designed to help organizations manage risks associated with AI systems. It provides a voluntary, rights-preserving, and non-sector-specific framework that emphasizes flexibility, allowing organizations of all sizes to implement its guidelines. The framework is structured around four core functions: Govern, Map, Measure, and Manage. These functions guide organizations in establishing governance structures, understanding and documenting AI systems, assessing risks, and implementing strategies to manage those risks.
Integrating AI into Cybersecurity Governance
Incorporating AI into business operations necessitates a comprehensive governance strategy. Organizations can utilize the NIST AI RMF 1.0 to create a culture of AI by assembling an AI team, creating a governance charter, and developing an AI use policy. Understanding opportunities, building excitement, refining use cases, training, iterating, and maintaining are crucial steps in this process.
Despite its benefits, integrating AI into cybersecurity is not without challenges. Adversaries can exploit AI systems, using techniques like adversarial attacks to deceive machine learning models. Additionally, the reliance on large datasets raises concerns about data privacy and the potential for biases in AI algorithms. Organizations must implement robust validation processes, ensure transparency in AI decision-making, and maintain human oversight to mitigate these risks.
AI has become an indispensable component of modern cybersecurity strategies. Its ability to detect threats proactively, automate responses, and augment human expertise positions organizations to better defend against the ever-evolving landscape of cyber threats. However, careful implementation and ongoing vigilance are necessary to address the associated challenges and fully realize AI's potential in enhancing cybersecurity.
Bio: Peter Dewar, President, Linea Secure, leads the cybersecurity practice for the Linea group of companies that provide services across the United States and Canada. Under his leadership Linea has developed a Pension Cyber Security Framework (PCSF) to complement the generalized standards for protecting information systems. The PCSF focuses on the business process employed, services provided, and technology utilized by pension and benefits organizations, and devises controls to minimize and mitigate the inherent cybersecurity risk experienced by the industry.
Peter has a Master's degree in Information Systems from the George Washington University, a Bachelor's degree in Information Systems from the University of the District of Columbia, is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and has received certificates of achievements from the Harvard Kennedy School of Government, Gartner CIO Academy, and International Foundation of Employee Benefit Plans.
Comments
There have been no comments made on this article. Why not be the first and add your own comment using the form below.
Leave a comment
Please complete the form below to submit a comment on this article. A valid email address is required to submit a comment though it will not be displayed on the site.
HTML has been disabled but if you wish to add any hyperlinks or text formatting you can use any of the following codes: [B]bold text[/B], [I]italic text[/I], [U]underlined text[/U], [S]
strike through text[/S], [URL]http://www.yourlink.com[/URL], [URL=http//www.yourlink.com]your text[/URL]