ARTIFICIAL INTELLIGENCE: DHS Needs to Improve Risk Assessment Guidance for Critical Infrastructure Sectors
SCALE
-
-
17 AI risk assessments evaluated
-
-
9 sector risk management agencies (SRMAs) involved
-
-
16 critical infrastructure sectors and 1 subsector addressed
COMPLIANCE FOCUS
-
-
Executive Order 14110 referenced
-
-
DHS’s AI Risk Categories and Mitigation Strategies guidance identified
-
-
National Institute of Standards and Technology (NIST) standards considered
-
-
Coordination with sector coordinating councils (SCCs) mentioned
PERFORMANCE ASPECT
-
-
Improvement in infrastructure safety identified through AI applications
-
-
Operational efficiencies noted as a key outcome of AI use
-
-
Support for decision-making highlighted as an effective aspect of AI integration
-
-
Future potential for enhanced monitoring of infrastructure recognized
-
-
Mitigation strategies aimed at ensuring reliability and safety of AI systems emphasized
Initial guidance did not fully address all necessary activities for effective risk assessment, leading to mixed progress among sector risk management agencies in completing their assessments.
Most of the risk assessments identified threats, vulnerabilities, and level of impact, which are needed to identify potential risks within the sector. However, except for one sector risk assessment, none of the other assessments identified the likelihood of occurrence, which is the probability that a given threat is capable of exploiting a given vulnerability.
None of the 17 sector risk assessments fully addressed this activity. Specifically, the risk assessments did not include a measurement of both the magnitude of harm (level of impact) and the probability of an event occurring (likelihood of occurrence).
3.
Data
- Unprocessed
One risk assessment included the purpose, scope, analytical approach, but did not note sources of the information it used or defined constraints within the assessment.
Code (gexf) to continue analysis with GephiTerminology graph
