The Cybersecurity Tech Accord in the Age of AI Blog Series – AI in Cyber: A Multistakeholder Approach

Cybersecurity Tech Accord Principle #4: Collective Action 

The fourth Cybersecurity Tech Accord principle says “we will partner with each other and with likeminded groups to enhance cybersecurity” and there is a lot we can do together to support shared benefits of AI for cyber defense. Different stakeholders in the AI cybersecurity ecosystem have different roles and responsibilities, depending on their interests, expertise, and influence. Governments are responsible for setting the legal and regulatory frameworks for AI cybersecurity, ensuring compliance and enforcement, and providing guidance and support for national security and public safety. Regulators are responsible for overseeing the development and deployment of AI systems, ensuring that they meet the standards and requirements for security, privacy, and ethics, and addressing any complaints or disputes that may arise. Academia is responsible for conducting research and innovation in AI cybersecurity, advancing the state of the art, and educating and training the next generation of professionals and experts. Civil society is responsible for advocating for the rights and interests of the users and the public, raising awareness and engagement on AI cybersecurity issues, and monitoring and evaluating the impact and implications of AI systems. Users are responsible for following the best practices and guidelines for using AI systems securely, reporting any incidents or vulnerabilities, and providing feedback and suggestions for improvement. 

AI cybersecurity is a complex and multidimensional challenge. No single entity or sector can address the security risks and threats posed by AI systems alone, nor can they reap the full benefits and opportunities of AI innovation without collaboration and consultation. Therefore, it is essential to adopt a multi-stakeholder approach for AI cybersecurity, which would foster trust, transparency, and accountability, ensure alignment of goals and values, and leverage the collective expertise and resources of diverse actors. At the same time, the fast pace at which AI technology is developing necessitates a flexible and agile governance framework, which makes a multi-stakeholder approach well suited to keeping up with technological advancements. This approach is especially important for incident response, which involves timely and effective actions to prevent, detect, mitigate, and recover from AI cybersecurity incidents, as well as to learn from them and improve the resilience and robustness of AI systems. 

AI cyber incident response is one example of an area that requires a multistakeholder approach to successfully implement because it involves various actors and interests that need to be coordinated and aligned. For instance, there is a need for developing a standard incident response framework for AI cybersecurity, which would involve collaboration and consultation among different stakeholders and experts, defining common terminology, roles, and responsibilities, establishing best practices and guidelines, and incorporating ethical and legal considerations. The benefits and opportunities of such a framework would include enhancing coordination, communication, and trust, reducing uncertainty and ambiguity, and improving efficiency and effectiveness. The framework would need to acknowledge the challenges and risks of responding to AI cybersecurity incidents, which may involve complex, dynamic, and adaptive adversaries and systems. Directions for future research and multistakeholder action could include exploring the use of AI for cyber defense, developing security AI solutions, and fostering a security culture and awareness.