WASHINGTON — A coalition of U.S. and international government agencies released a new set of guidelines designed to secure the integration of artificial intelligence (AI) into operational technology (OT). The document, published by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), aims to assist critical infrastructure owners in mitigating risks associated with AI adoption.
Related Article: AI in Campus Facilities Management: Benefits for Safety, Sustainability, and Operations
The guidance, titled “Principles for the Secure Integration of Artificial Intelligence (AI) in Operational Technology (OT),” provides a framework for organizations that manage systems controlling vital public services. The publication focuses on four key principles:
- Understanding AI: Organizations must educate personnel on AI risks, impacts, and secure development lifecycles.
- Assessing AI Use in Operational Technology: Entities need to evaluate business cases, manage OT data security risks, and address both immediate and long-term integration challenges.
- Establishing AI Governance: The guide recommends implementing governance frameworks, continuously testing AI models, and ensuring regulatory compliance.
- Embedding Safety and Security: Operators must maintain oversight, ensure transparency, and integrate AI protocols into incident response plans.
CISA Acting Director Madhu Gottumukkala emphasized that while AI offers potential performance enhancements for operational technology, its implementation requires caution.
“OT systems are the backbone of our nation’s critical infrastructure, and integrating AI into these environments demands a thoughtful, risk-informed approach,” Gottumukkala stated. “This guidance equips organizations with actionable principles that AI adoption strengthens — not compromises — the safety, security, and reliability of essential services.”
The document specifically addresses machine learning and large language model-based AI, as well as AI agents. However, the agencies noted that the guidance also applies to systems augmented with traditional statistical modeling and logic-based automation.
Nick Andersen, Executive Assistant Director for Cybersecurity, noted that AI introduces new avenues for adversarial threats alongside its operational benefits.
Related Article: AI-Powered Security Systems in Healthcare: How Artificial Intelligence Transforms Hospital Safety and Operations
“We strongly encourage OT owners and operators to apply the principles in this joint guide to ensure AI is implemented safely, securely, and responsibly,” Andersen said.
The guidelines were developed in collaboration with various U.S. and international partners to provide clear direction for the global critical infrastructure community.
