Introduction
Data security is a crucial part of the AI supply chain and must protect data from unauthorized access, use, or alteration. It plays a central role in safeguarding AI systems throughout their lifecycle. Effective data management ensures integrity, prevents malicious or duplicate content, and relies on strong cybersecurity measures to protect datasets and machine learning models.
AI System Lifecycle
Data security is essential across all six phases of the AI system lifecycle outlined in NIST’s AI Risk Management Framework, as any compromise in data can undermine the logic and reliability of AI systems:
- Plan & Design: Security strategies should be integrated early, with proactive planning to mitigate potential data risks.
- Collect & Process Data: Data must be analyzed, labeled, sanitized, and protected against breaches or manipulation.
- Build & Use Model: Models should be trained on secure, accurate, and representative datasets to ensure reliable outcomes.
- Verify & Validate: AI models must be rigorously tested using trusted data to uncover and fix security vulnerabilities; this process should be repeated whenever new data is introduced.
- Deploy & Use: Strict access controls must be implemented to prevent unauthorized data access and maintain model integrity in production.
- Operate & Monitor: Ongoing assessments are necessary to detect emerging threats, maintain compliance, and ensure long-term data security.
Robust data security at every stage is critical to protecting AI systems from corruption, misuse, and non-compliance.
Recommended Data Security Practices for AI Systems
To protect data used in AI systems—whether on-premises or in the cloud—system owners should implement the following ten practical steps:
- Source Reliable Data and Track Provenance: Use trustworthy data sources and implement cryptographically signed, immutable provenance tracking to trace data origins and detect tampering.
- Verify and Maintain Data Integrity: Use cryptographic hashes and checksums to ensure data hasn’t been altered during storage or transmission.
- Use Digital Signatures: Authenticate original and revised datasets with quantum-resistant digital signatures to prevent unauthorized modifications.
- Leverage Trusted Infrastructure: Operate within Zero Trust architectures and secure enclaves to protect data during processing and minimize tampering risks.
- Classify Data and Control Access: Apply sensitivity-based classification and enforce strong access controls and encryption, ensuring that AI outputs are secured to the same level as inputs.
- Encrypt Data: Use strong encryption like AES-256 for data at rest, in transit, and in use; adopt post-quantum encryption standards where possible.
- Store Data Securely: Use certified, FIPS-compliant storage devices that offer high-level protection against advanced threats.
- Apply Privacy-Preserving Techniques: Use methods like differential privacy or homomorphic encryption where feasible, acknowledging potential performance limitations.
- Delete Data Securely: Use secure deletion methods (e.g., cryptographic erase) as per NIST SP 800-88 before retiring or repurposing storage devices.
- Conduct Ongoing Risk Assessments: Regularly evaluate and improve data security using frameworks like NIST RMF and NIST AI RMF to address new threats and ensure continuous protection.
These practices ensure the confidentiality, integrity, and availability of AI data throughout its lifecycle.
Source: Cybersecurity & Infrastructure Security Agency (CISA)
