TLP:CLEAR

Y&NFRA

C

Cu

RITYAG

PrinciplesfortheSecureIntegrationofArtificialIntelligenceinOperationalTechnology

Publication:December3,2025

U.S.CybersecurityandInfrastructureSecurityAgencyAustralianSignalsDirectorate’sAustralianCyber

SecurityCentre

U.S.NationalSecurityAgency’sArtificialIntelligenceSecurityCenter

U.S.FederalBureauofInvestigation

CanadianCentreforCyberSecurity

GermanFederalOfficeforInformationSecurityNetherlandsNationalCyberSecurityCentre

NewZealandNationalCyberSecurityCentre

UnitedKingdomNationalCyberSecurityCentre

ThisdocumentismarkedTLP:CLEAR.Disclosureisnotlimited.SourcesmayuseTLP:CLEARwheninformationcarries

minimalornoforeseeableriskofmisuse,inaccordancewithapplicablerulesandproceduresforpublicrelease.Subjecttostandardcopyrightrules,TLP:CLEARinformationmaybedistributedwithoutrestriction.Formoreinformation,see

TrafficLightProtocol(TLP)DefinitionsandUsage

.

TLP:CLEAR

PrinciplesfortheSecureIntegrationofArtificialIntelligenceinOperationalTechnologyTLP:CLEAR

CISA|ASD’sACSC|NSAAISC|FBI|CyberCentre|BSI|NCSC-NL|NCSC-NZ|NCSC-UK

Page2of25TLP:CLEAR

TableofContents

Introduction 3

ImportantTerminology 3

Scope 4

TypesofAITechniques 4

AIApplicationsAccordingtothePurdueModel 5

PrinciplesfortheSecureIntegrationofAIinOT 7

Principle1–UnderstandAI 7

1.1UnderstandtheUniqueRisksofAIandPotentialImpacttoOT 7

1.2UnderstandtheSecureAISystemDevelopmentLifecycle 9

1.3EducatePersonnelonAI 10

Principle2–ConsiderAIUseintheOTDomain 11

2.1ConsidertheOTBusinessCaseforAIUse 11

2.2ManageOTDataSecurityRisksforAISystems 12

2.3UnderstandingtheRoleofOTVendorsinAIIntegration 13

2.4EvaluateChallengesinAI-OTSystemIntegration 14

Principle3–EstablishAIGovernanceandAssuranceFrameworks 16

3.1EstablishGovernanceMechanismsforAIinOT 16

3.2IntegratingAIIntoExistingSecurityandCybersecurityFrameworks 17

3.3ConductThoroughAITestingandEvaluation 17

3.4NavigatingRegulatoryandComplianceConsiderationsforAIinOT 18

Principle4–EmbedOversightandFailsafePracticesIntoAIandAI-EnabledOTSystems 18

4.1EstablishMonitoringandOversightMechanismsforAIinOT 18

4.2EmbedSafetyandFailsafeMechanisms 20

Conclusion 21

Resources 21

Disclaimer 22

Acknowledgements 22

VersionHistory 22

Appendix:Terminology 23

References 25

PrinciplesfortheSecureIntegrationofArtificialIntelligenceinOperationalTechnologyTLP:CLEAR

CISA|ASD’sACSC|NSAAISC|FBI|CyberCentre|BSI|NCSC-NL|NCSC-NZ|NCSC-UK

Page3of25TLP:CLEAR

Introduction

SincethepublicreleaseofChatGPTinNovember2022,artificialintelligence(AI)hasbeenintegratedintomanyfacetsofhumansociety.Forcriticalinfrastructureownersandoperators,AIcanpotentiallybeusedtoincreaseefficiencyandproductivity,enhancedecision-making,savecosts,andimprovecustomer

experience.Despitethemanybenefits,integratingAIintooperationaltechnology(OT)environmentsthatmanageessentialpublicservicesalsointroducessignificantrisks—suchasOTprocessmodelsdriftingovertimeorsafety-processbypasses—thatownersandoperatorsmustcarefullymanagetoensurethe

availabilityandreliabilityofcriticalinfrastructure.

Thisguidance—co-authoredbytheCybersecurityandInfrastructureSecurityAgency(CISA)andAustralianSignalsDirectorate’sAustralianCyberSecurityCentre(ASD’sACSC)incollaborationwiththeNational

SecurityAgency’sArtificialIntelligenceSecurityCenter(NSAAISC),theFederalBureauofInvestigation

(FBI),theCanadianCentreforCyberSecurity(CyberCentre),theGermanFederalOfficeforInformation

Security(BSI),theNetherlandsNationalCyberSecurityCentre(NCSC-NL),theNewZealandNationalCyberSecurityCentre(NCSC-NZ),andtheUnitedKingdomNationalCyberSecurityCentre(NCSC-UK),hereafterreferredtoasthe“authoringagencies”—providescriticalinfrastructureownersandoperatorswithpracticalinformationforintegratingAIintoOTenvironments.Thisguidanceoutlinesfourkeyprinciplescritical

infrastructureownersandoperatorscanfollowtoleveragethebenefitsofAIinOTsystemswhilereducingrisk:

1.UnderstandAI.UnderstandtheuniquerisksandpotentialimpactsofAIintegrationintoOTenvironments,theimportanceofeducatingpersonnelontheserisks,andthesecureAI

developmentlifecycle.

2.ConsiderAIUseintheOTDomain.AssessthespecificbusinesscaseforAIuseinOTenvironmentsandmanageOTdatasecurityrisks,theroleofvendors,andtheimmediateandlong-term

challengesofAIintegration.

3.EstablishAIGovernanceandAssuranceFrameworks.Implementrobustgovernancemechanisms,integrateAIintoexistingsecurityframeworks,continuouslytestandevaluateAImodels,and

considerregulatorycompliance.

4.EmbedSafetyandSecurityPracticesIntoAIandAI-EnabledOTSystems.ImplementoversightmechanismstoensurethesafeoperationandcybersecurityofAI-enabledOTsystems,maintaintransparency,andintegrateAIintoincidentresponseplans.

TheauthoringagenciesencouragecriticalinfrastructureownersandoperatorstoreviewthisguidanceandactiontheprinciplessotheycansafelyandsecurelyintegrateAIintoOTsystems.

ImportantTerminology

ThescopeofthisguidancespecificallycovershowcriticalinfrastructureownersandoperatorscanhelpensurethesafetyandsecurityofAIsystemsinOTenvironments.Assuch,theauthoringagenciesusethefollowingspecificdefinitionsfortermsinthisguidanceinordertoavoidconflationwiththeirdefinitionsinothercontexts:

PrinciplesfortheSecureIntegrationofArtificialIntelligenceinOperationalTechnologyTLP:CLEAR

CISA|ASD’sACSC|NSAAISC|FBI|CyberCentre|BSI|NCSC-NL|NCSC-NZ|NCSC-UK

Page4of25TLP:CLEAR

Artificialintelligence(AI)isasystemthatusesmachine-andhuman-basedinputstomakepredictions,recommendations,ordecisionsinfluencingrealorvirtualenvironments.1

Safetyreferstophysicalsafety(formally,functionalsafety)inanOTenvironment.OTsystems

controlphysicalsystemsthatcanharmpeopleorproperty,suchassystemsthatdeliverbiologicalorchemicalagents,controloperationsforadamorwastewatertreatment,orautomatetheflowofvehicletraffic.Inthisguidance,“safety”asawordonitsownalwaysreferstofunctionalsafety.

Security(usedinterchangeablyinthisguidancewith“informationsecurity”and“cybersecurity”)referstoensuringthesecurityproperties—suchasconfidentiality,integrity,andavailability—ofinformationandinformationsystems.

See

Appendix:Terminology

forafulllistofdefinitionswithinthescopeofthisguidanceandsourcesforthesedefinitions.

Scope

Machinelearning(ML),statisticalmodeling,andalgorithmiccalculationsareallsubsetsofAItechniquesthathavebeenusedincriticalinfrastructureengineeringprocessesformanyyears.WhileMLand

traditionalstatisticalmodelingarebothusedforpredictingoutcomesormakingdecisionsbasedondata,theydifferintheirapproach,assumptions,applications,andconsiderationsforsecureintegrationwithOTsystems.ThescopeofthisguidancefocusesonML-andlargelanguagemodel(LLM)-basedAIandAI

agentsbecauseintegratingOTwiththesetypesofAIsystemsinvolvesmorecomplexsafetyandsecurityconsiderations.However,thisguidancemayalsobeappliedtosystemsaugmentedwithtraditional

statisticalmodelingandotherlogic-basedautomation.ThefollowingsubsectionsdefinethesedifferentAItechniques.

TypesofAITechniques

Traditionalstatisticalmodelingusesmathematicalformulastoaccuratelydescribetherelationships

betweenvariables.Itassumesthatthedatafollowscertaindistributionsandthattherelationshipsare

eitherlinearorcanbeapproximatedbylinearmodels.Statisticalmodelingusestechniquessuchas

regressionanalysis,hypothesistesting,andconfidenceintervalstodirectlyestimatemodelparameters

andmakepredictions.Itiscommonlyusedfortaskssuchasforecasting,optimization,andassistingin

operatordecision-making.Non-machine-learning-basedAIsystemsemployalgorithmstoautomate

decision-makingandcontrolprocesses;inOTsystems,thisincludesladderlogicautomationroutinesandaclassofsafetyinstrumentedsystems.

Machinelearningsystemsusealgorithmstolearnfromdataandmakepredictionsordecisionswithoutbeingexplicitlyprogrammed.TheMLmodelcanhandlecomplexrelationshipsandnon-linearinteractionsbetweenvariables.MLmodelsusevarioustechniques—suchassupervised,unsupervised,and

reinforcementlearning—whendevelopingrepresentationsandmakingpredictionsbasedondata.MLis

1ThisdocumentusesthisAIdefinitionfrom

15U.S.C.9401(3)

;however,definitionsofAImayvaryamonggroupsandjurisdictions.

Page5of25TLP:CLEAR

commonlyusedinfieldslikecomputervision,naturallanguageprocessing,androboticsfortaskssuchasimageclassification,speechrecognition,andautonomousdriving.

LargelanguagemodelsareadvancedMLmodelsdesignedtounderstandanaturallanguagepromptandgeneratearesponsethathumanscanunderstand.LLMsusepatternsinlanguageandmultimodal

datasetsintheproductionofcomplexresponsestouserprompts.LLMengineersusuallybuildin

randomnesswhengeneratingoutputs2sothattheLLMsdontalwaysproducethesameresponsetothesameinputs.LLMscanpowergenerativeAIapplicationsthatsupportcriticalinfrastructureentitiesby

enhancingdecision-making,automatingroutinetasks,andoptimizingmaintenanceschedules,withthegoalofimprovingefficiencyandreliabilityinoperations.

AIagentsareatypeofsoftwarethatcanprocessdata,performdecision-makingcapabilities,andinitiateautonomousactionsusingAIandMLmodels.TherearemanytypesofagenticAIsystems,including

systemsthatuseLLMstopowergenerativeAIapplicationsoragentsandsystemsthatcombinedifferentMLtechniques,perspectivesofanalysis,decision-makingmethodologies,andautonomousaction

capabilities.LikeLLMs,theycanenhancedecision-making,automateroutinetasks,andoptimize

maintenanceschedules,whichenablesthemtoimproveandstreamlinecriticalinfrastructureoperations.Implementingerror-checkingcanimproveAIagentsperformancebyavoidingproblemsandensuringitsoutputsarewithintheexpectedbounds.

AIApplicationsAccordingtothePurdueModel

ThePurdueModelisstillawidelyacceptedframeworkforunderstandingthehierarchicalrelationships

betweenOTandITdevicesandnetworks.

Table1

showsexamplesofestablishedandpotentialAI

applicationsincriticalinfrastructureaccordingtothePurdueModel.3MLtechniques,suchaspredictive

models,aretypicallyusedinoperationallayers(03),whileLLMsaretypicallyusedinthebusinesscontext(45),potentiallyondataexportedfromtheOTnetwork.

Table1.AIApplicationsAccordingtothePurdueModel

Level

Description

ExampleAIUses

Level0:FieldDevices

Sensors,actuators,andother

devicesthatinteractwithphysicalprocesses.

OTdatasource:FielddevicesmaygenerateOTdatathatcanbeusedfortrainingAImodels(primarily

predictiveMLmodels)oridentifyingsignificantdeviations.

2SanderShulhoff,“BasicLLMSettings,”LearnPrompting,lastmodifiedMarch10,2025,

/docs/intermediate/configuration_hyperparameters

.

3TheversionofthePurdueModelusedinthisguidancewassourcedfromManuelHumbertoSantanderPelaez,

“ControllingNetworkAccesstoICSSystems,”Diaries(blog),SANSTechnologyInstituteInternetStormCenter,July3,2023,

/diary/30000

.

Page6of25TLP:CLEAR

Level

Description

ExampleAIUses

Level1:LocalControllers

Apparatusandsystemsdesignedtoofferautomatedregulationofaprocess,cell,orline;examples

includeprogrammablelogiccontrollers(PLCs)andremoteterminalunits(RTUs).

AIforlocalcontrol:SomemodernPLCsoredge

controllersexecutelightweight,pre-trainedpredictivemodelsforclassificationfortaskslikelocalanomalydetection,loadbalancing,andmaintainingaknownsafestate.

Level2:LocalSupervisory

Observationandmanagerial

oversightforanindividualprocess,line,orcell;examplesinclude

supervisorycontrolanddata

acquisition(SCADA)systems,

distributedcontrolsystems(DCSs),andhuman-machineinterfaces

(HMIs).

Qualitycontrol:AImodels(primarilypredictiveMLmodels)maybeusedforanalyzingdatafromtheSCADAsystemorDCStodetectearlysignsof

equipmentanomaliesandalertoperatorsthatcorrectiveactionmayberequired.

Level3:Site-Wide

Supervisory

Monitoring,supervisory,and

operationalsupportforallorpartoftheregionscoveredbythe

company;examplesinclude

manufacturingexecutionsystemsandhistorians.

Predictivemaintenance:AImodels(primarily

predictiveMLmodels)maybeusedforanalyzingaggregatedhistorianOTdataandpredicting

equipmentmaintenancerequirements.

Supportoperatordecision-making:AImodelsmayalsobeintegratedintolocalsupervisorysystemstoprovidesystemrecommendationsthatsupport

operatordecision-making,suchasoperationsmeasurement.

Levels4&5:

Enterprise&Business

Networks

ITsystemsthatmanagebusinessandcorporateprocessesand

decisions;inthecontextofcriticalinfrastructureandOT,examplesincludeOTdataanalysisand

autonomousdefenseforbothOTandITsystems.

Workflowoptimization:AIsystems(includingAIagentsandLLMs)maybeusedforimprovingbusinessprocesses,suchastheintersectionbetweenbusinessusecasesandengineering.

BehavioralanalyticsandprofilingofOTandITdata:AIcanbeusedforanalyzingOTdatainconjunctionwithITdatatomeasureoperations,performanomalyandthreatdetection,determinehardening

mitigations,andprovideinformationthatsupportsprioritizedresiliencydecisions.

Page7of25TLP:CLEAR

PrinciplesfortheSecureIntegrationofAIinOT

Principle1–UnderstandAI

1.1UnderstandtheUniqueRisksofAIandPotentialImpacttoOT

ThefollowingsectiondiscussesAIintegrationrisksandthepotentialimpacttoOToperations.

Table2

providesabroadoverviewofknownAIrisksthatcriticalinfrastructureownersandoperatorsshould

consider.(Note:Thisisanon-exhaustivelist;criticalinfrastructureownersandoperatorsshouldinvestigaterisksspecifictotheirorganization.)Subsequentsectionsofthisguidancediscussmitigationconsiderationsfortheserisks;seecross-referencesintheMitigationscolumnof

Table2.

Table2.AIRisksandImpactsinanOTEnvironment

AIRisksinanOTEnvironment

OTImpacts

Mitigations

CybersecurityRisks:AIdata,models,anddeploymentsoftwarecanbe

manipulatedtocauseincorrect

outcomesorbypasssecurityand

functionalsafetymeasuresor

guardrails.TraditionalcybersecurityrisksremainwithinAIsystems;assuch,securitymeasureslikeaccesscontrol,auditing,andencryptionstillapplyforsecuringAIandAI-enabledsystems.Inaddition,AI-enabled

systemsaresubjecttoAI-specificcybersecurityrisks,suchaspromptinjection.

Impactedsystemavailability,functionalsafetyrisks,

financiallosses,reputationaldamage,network/OT

compromise,cascading

compromise.

1.2UnderstandtheSecureAI

SystemDevelopmentLifecycle

2.4EvaluateChallengesinAI-OT

SystemIntegration

3.3ConductThoroughAITesting

andEvaluation

DataQuality:AImodelscanonlybeaseffectiveasthequalityoftheir

trainingdata.Collectinghigh-quality,normalizedsensordatacanbe

difficult,especiallyindistributedOTenvironments.Centralizingthis

operationaldatacreatesitsownriskasthreatactorscanuseittocreateamoretargetedengineeringimpact.

ReducedOTsafetyandsystemavailabilityfrompoordata

quality.

2.2ManageOTDataSecurityRisks

forAISystems

Page8of25TLP:CLEAR

AIRisksinanOTEnvironmentOTImpactsMitigations

AIModelDrift:AImodelsmaybecomelessaccurateovertimeduetodatabeingintroducedtothemodelthatisnotrepresentedbythemodel’sinitialtrainingdata.Alterationsto

productionprocessescanaffectmodelperformance.

Increaseddependenciesonchanges,lossofproductivity,reducedOTsafetyandsystemavailability.

4.1EstablishMonitoringand

OversightMechanismsforAIinOT

LackofExplainability:UnderstandinganAImodel’sdecision-making

processmaybedifficult;thismakesitchallengingtodiagnoseandcorrecterrorsorproperlyauditasystem.

Increasedrecoverytime,

functionalsafetyrisks,

reducedsystemavailability,complexityintroubleshooting.

1.3EducatePersonnelonAI

4.1EstablishMonitoringand

OversightMechanismsforAIinOT

OperatorCognitiveLoadand

UnnecessaryDowntime:AImay

generatealarmerrorsthatcould

causeunnecessarydowntimeor

safetyincidents.Thesealarmerrorsincreasecognitiveload,distract

operators,andpotentiallyleadtofurtherhumanerror.

Reducedsystemavailability,functionalsafetyrisks,

financiallosses,reputationaldamage.

1.3EducatePersonnelonAI

4.1EstablishMonitoringand

OversightMechanismsforAIinOT

RegulatoryCompliance:Compliancewithregulatoryrequirements,suchasthoserelatedtoOTsafetyorprivacy,canbechallengingduetothe

evolvingnatureofAI,technical

standards,andregulatory

frameworks.Forexample,while

producingarobustaudittrailofAI-drivendecision-makingmaybe

difficult,itmayberequiredforregulatorycompliance.

Functionalsafetyrisks,

financiallosses,reputationaldamage.

3.4NavigatingRegulatoryand

ComplianceConsiderationsforAI

inOT

4.1EstablishMonitoringand

OversightMechanismsforAIinOT

4.2EmbedSafetyandFailsafe

Mechanisms

AIDependency:OverrelianceonAI

canleadtooperatorsmissingcriticalsafety-relatedinformationiftheAI

missesit,andlosingvaluableskillsforsafelyoperatingequipment

manuallyorwithouttheAIfunctionality.

Dependenceontechnology,complexityintroubleshooting.

1.3EducatePersonnelonAI

Page9of25TLP:CLEAR

AIRisksinanOTEnvironment

OTImpacts

Mitigations

2.1ConsidertheOTBusinessCase

InteroperabilityIssues:IntegratingAI

forAIUse

systemswithexistingOT

2.4EvaluateChallengesinAI-OT

infrastructurecanbecomplicatedbyinteroperabilitychallenges,whichmayarisefromdifferencesinOT

Increasedmaintenancecosts,recoverychallenges.

SystemIntegration

3.1EstablishGovernance

communicationprotocolsordata

MechanismsforAIinOT

formats.

3.3ConductThoroughAITesting

andEvaluation

Complexity:IncorporatingAIusually

2.1ConsidertheOTBusinessCase

requiresincreasingthecomplexityof

Functionalsafetyrisks,

forAIUse

theoverallsystemtosupportprocess

complexityintroubleshooting.

2.4EvaluateChallengesinAI-OT

automation.

SystemIntegration

DecisionsmadebyAI

developersmayposeOTsafety

2.1ConsidertheOTBusinessCase

forAIUse

Reliability:AImaynotbereliable

andreliabilityrisks,increased

3.1EstablishGovernance

enoughtoindependentlymake

documentationcosts,

MechanismsforAIinOT

criticaldecisionsinindustrial

environments.AIcanalsohallucinate(i.e.,fabricateaplausible,butfalse,responseordata),whichwould

uncertaintyduetochangesinautomateddecision-making

overtime,increasedriskof

cascadingfailureduetotighter

3.2IntegratingAIIntoExisting

SecurityandCybersecurity

Frameworks

provideoperatorswithincorrect

couplingofactions.

3.3ConductThoroughAITesting

informationfordecision-making.As

andEvaluation

such,AIsuchasLLMsalmost

Falseinformationprovidedto

certainlyshouldnotbeusedtomake

decisionmakersposesrisksof

4.1EstablishMonitoringand

safetydecisionsforOTenvironments.

unsafeoperatingconditions,equipmentdamage,

productionhalts.

OversightMechanismsforAIinOT

4.2EmbedSafetyandFailsafe

Mechanisms

1.2UnderstandtheSecureAISystemDevelopmentLifecycle

ToaddresstheuniquechallengesofintegratingAIintoOTenvironments,criticalinfrastructureownersandoperatorsshouldverifythattheAIsystemwasdesignedsecurelyandunderstandtheirrolesand

responsibilitiesthroughtheAIsystem’slifecycle.Similartohybridownershipmodelsusedwithcloud

systems,ownersandoperatorsmustclearlydefineandcommunicatetheserolesandresponsibilitieswiththeAIsystemmanufacturer,OTsupplier,andanysystemintegratorormanagedserviceproviderroles.

Page10of25TLP:CLEAR

NCSC-UKandCISA’sjoint

GuidelinesforSecureAISystemDevelopment

emphasizesthefollowingkeystagesoftheAIsystemdevelopmentlifecycle:4

SecureDesign.DesigntheAIsystemwithsecurityconsiderationsinmindfromitsinception,includingusingrobustcoding,protocols,anddataprotectionmeasures.

SecureProcurementorDevelopment.SelectvendorswhoadheretosecurepracticesanddevelopAIsystemsusingsecuremethodologiesandtools.

SecureDeployment.DeploytheAIsystemusingmethodsthatmaintainitssecurityposture,

includingusingpropernetworksegmentationandaccesscontrol,aswellasverifyingandvalidatingthattheAIsystemworksasintended.

SecureOperationandMaintenance.EnsuretheAIsystemcontinuesoperatingsecurelythroughoutitslifecycle,includingbyimplementingregularupdatesandpatches,andmonitoringpotential

vulnerabilities.

Criticalinfrastructureownersandoperatorsshouldalsocarefullyevaluatethetrade-offsbetweendifferentmethodsforsourcinganAIsystem:

ProcureanAISystem.Selectapre-developedAIsystemfromavendorthatmeetsspecificsecurityrequirementsandthattheOTsupplieragreeswith.

DevelopanAISystem.BuildanAIsysteminhouse;thisenablescompletecontroloveritsdesignandimplementation.

CustomizeanExistingAISystem.WorkwithavendortotailortheirexistingAIsystemtomeetspecificOTsystemneeds.

Wherepossible,criticalinfrastructureownersandoperatorsshoulddemandAIsystemsthataresecurebydesignandwillnotnegativelyimpactOToperationandsafety.CriticalinfrastructureownersandoperatorsshouldconsultCISA’s

SecurebyDesign

webpageandresources,andthejointguidance

Secureby

Demand:PriorityConsiderationsforOperationalTechnologyOwnersandOperatorswhenSelectingDigital

Products

foropportunitiestoincorporatetheseprinciplesintothedesignoftheirAIandOTsystems.

1.3EducatePersonnelonAI

IntegratingAIintoOTenvironmentscanleadtopersonnelrelyingtoomuchonautomation,resultinginreducedhumanoversightandsituationalawareness.Thiscanhavesignificantconsequences,including:

DependencyRisksandSkillErosion.HeavyrelianceonAImaycauseOTpersonneltolosemanualskillsneededformanagingsystemsduringAIfailuresorsystemoutages.

SkillGaps.OTpersonnelmaymisinterpretAIoutputs,leadingtoincorrectactions;OTpersonnelmayalsolackexpertiseformanagingortroubleshootingAIsystemsiftheymalfunction.

4TheUKGovernment’s

CodeofPracticefortheCyberSecurityofAI

andits

technicalimplementationguide

alsoprovidescenario-basedcybersecuritymitigationadviceaccordingtothesecureAIsystemdevelopmentlifecycle.

PrinciplesfortheSecureIntegrationofArtificialIntelligenceinOperationalTechnologyTLP:CLEAR

CISA|ASD’sACSC|NSAAISC|FBI|CyberCentre|BSI|NCSC-NL|NCSC-NZ|NCSC-UK

Page11of25TLP:CLEAR

Criticalinfrastructureownersandoperatorsmaymitigatetheserisksbyfocusingonskilldevelopmentandcross-disciplinarycollaboration,suchas:

TrainingOTteamsonAIfundamentalsandthreatmodelingsoteamscaneffectivelyinterpretandvalidateAIoutputsandmaintainoperationalcompetenciesalongsideAIsystems—forexample,

trainingteamstousealternativesensors(e.g.,humansens