人工智能在关键基础设施中的角色和职责框架（英文）

U.S.DepartmentofHomelandSecurity

RolesandResponsibilitiesFrameworkforArtificialIntelligence

inCriticalInfrastructure

InConsultationwith

TheArtificialIntelligenceSafetyandSecurityBoard

ARTM

H

ANDSCV

melandsecurity

November14,2024

Contents

LetterfromtheSecretary··3

ArtificialIntelligenceSafetyandSecurityBoardMembership·5

ExecutiveSummary··6

I.Introduction·8

II.Scope·9

III.RisksofAItoCriticalInfrastructure·10

IV.RolesandResponsibilitiesfortheSafeandSecureDeploymentofAIinCritical

Infrastructure 12

A.Overview·12

B.KeyTermsandStructure·12

C.TheFramework·13

I.CloudandComputeInfrastructureProviders··14

II.AIDevelopers·17

III.CriticalInfrastructureOwnersandOperators··21

IV.CivilSociety·24

V.PublicSector·26

V.Conclusion·28

A.DesiredOutcomesofFramework·28

AppendixA:AIRolesandResponsibilitiesMatrix·30

AppendixB:Glossary31

AppendixC:Notes·33

2

ArtificialIntelligenceRolesandResponsibilitiesFramework

LetterfromtheSecretary

America’scriticalinfrastructuresystems–systemsthatpowerourhomesandbusinesses,delivercleanwater,facilitatethedigitalnetworksthatconnectus,andmuchmore–arevitaltodomesticandglobalsafetyandstability.Disruptionstothesmoothoperationofournation’shospitalsandemergencyservices,electricitysubstations,pipelines,watertreatmentfacilities,andothercriticalsystemscanhavedevastatingconsequencesforoursecurity.

Artificialintelligence(AI)isalreadyalteringthewayAmericansinterfacewithcritical

infrastructure.Newtechnology,forexample,ishelpingtosortanddistributemailtoAmerican

households,quicklydetectearthquakesandpredictaftershocks,andpreventblackoutsandother

electric-serviceinterruptions.Theseusesdonotcomewithoutrisk,though:afalsealertofan

earthquakecancreatepanic,andavulnerabilityintroducedbyanewtechnologymayriskexposingcriticalsystemstonefariousactors.

Meanwhile,ouradversariesareusingandwillcontinuetouseAItolaunchcomplex,sophisticated,

andfrequentcyberattacksonU.S.criticalinfrastructure.Tocounterthesethreats,critical

infrastructureoperatorscanuseAItobothmoreeffectivelydefendagainstmaliciousattacksandimprovetheoverallresilienceofcriticalinfrastructureservices.

America’scontinuedsecurityandprosperitywilldependonhowcriticalinfrastructurestakeholdersdevelopanddeployAI.

TheDepartmentofHomelandSecurity(DHS)ischargedwithsafeguardingAmerica’scritical

infrastructureinourevolvingandexpandingthreatenvironment.Toinformourapproachtothisvitaltask,earlierthisyearIconvenedsomeofthenation’sforemostleadersintechnology,industry,civilrights,academia,andgovernmenttoformafirst-of-its-kindAISafetyandSecurityBoard.IncloseconsultationwiththeBoard,DHSdevelopedtheRolesandResponsibilitiesFrameworkfor

ArtificialIntelligenceinCriticalInfrastructure.

ThisFrameworkproposesspecificactionsthatentitiesacrosstheAIecosystemcanconsider,

adapt,andimplementbasedontheirroleandrelationshiptothecriticalservicesthatultimatelyservetheAmericanpeople.Itisdesignedtobeincorporatedintonewandexistingprocessesthatdriveproductdevelopment,procurementdecisions,andinformationexchanges.Italsocapturesresponsibilitiesthatwillneverbefullycomplete–suchassupportingfoundationalresearchinAIsafetyandsecurityandexploringAIusecasesthatbenefittheAmericanpublic–butneverthelessrequireaconcerted,nationalefforttoensurecontinuedprogress.

AddressingtheextraordinaryscaleandimpactofAIinU.S.criticalinfrastructurecallsforawhole-

of-nationapproach.ThisDepartmenthasacriticalroletoplayinsocializingandharmonizingcore

elementsofthisFramework,whichdrawsfromtheimportantworkoftheWhiteHouse,theAI

SafetyInstitute,andourCybersecurityandInfrastructureSecurityAgency.Goingforward,wewill

engagewithourcriticalinfrastructurepartnerstounderstandhowthisFrameworkcanbeadapted

forsector-specificneeds.Wewillalsoconvenedialogueswithinternationalpartnersonhowwe

ArtificialIntelligenceRolesandResponsibilitiesFramework3

approachtoAIsafetyandsecurityacrosscriticalinfrastructureglobally.

AstheSecretaryofHomelandSecurityandChairoftheAISafetyandSecurityBoard,Iamproudofwhatwehaveachievedtogether.Wewelcomecontinueddialogueontheseimportantissues,and

welookforwardtoupdatingthisFrameworkasthisextraordinarytechnologycontinuestogrowandevolve.

AlejandroN.Mayorkas

Secretary,U.S.DepartmentofHomelandSecurity

Chair,ArtificialIntelligenceSafetyandSecurityBoard

RolesandResponsibilitiesFramework4

our

canharmonize

ArtificialIntelligence

ArtificialIntelligenceSafetyandSecurityBoardMembership

TheArtificialIntelligenceSafetyandSecurityBoard(the“Board”)advisestheSecretary,thecritical

infrastructurecommunity,otherprivatesectorstakeholders,andthebroaderpubliconthesafe,secure,

andresponsibledevelopmentanddeploymentofAItechnologyinournation’scriticalinfrastructure.ThedutiesoftheBoardaresolelyadvisoryinnature.BoardMembersserveasuncompensatedrepresentativesoftheirsectors.TheBoardprovidedadvice,information,andrecommendationsinthedevelopmentoftheDepartmentofHomelandSecurity’sRolesandResponsibilitiesFrameworkforAIinCriticalInfrastructure(the“ArtificialIntelligenceRolesandResponsibilitiesFramework”).

AlejandroN.Mayorkas,Secretary,U.S.DepartmentofHomelandSecurity;Chair,ArtificialIntelligenceSafetyandSecurityBoard

SamAltman,CEO,OpenAI

DarioAmodei,CEOandCo-Founder,AnthropicEdBastian,CEO,DeltaAirLines

MarcBenioff,ChairandCEO,Salesforce

RummanChowdhury,Ph.D.,CEO,HumaneIntelligenceMattGarman,CEO,AmazonWebServices

AlexandraReeveGivens,PresidentandCEO,CenterforDemocracyandTechnology

BruceHarrell,MayorofSeattle,Washington;Chair,TechnologyandInnovationCommittee,UnitedStatesConferenceofMayors

DamonT.Hewitt,PresidentandExecutiveDirector,Lawyers’CommitteeforCivilRightsUnderLawVickiHollub,PresidentandCEO,OccidentalPetroleum

JensenHuang,PresidentandCEO,NVIDIAArvindKrishna,ChairmanandCEO,IBM

Fei-FeiLi,Ph.D.,Co-Director,StanfordHuman-centeredArtificialIntelligenceInstituteWesMoore,GovernorofMaryland

SatyaNadella,ChairmanandCEO,MicrosoftShantanuNarayen,ChairandCEO,AdobeSundarPichai,CEO,Alphabet

AratiPrabhakar,Ph.D.,AssistanttothePresidentforScienceandTechnology;Director,theWhiteHouseOfficeofScienceandTechnologyPolicy

ChuckRobbins,ChairandCEO,Cisco;Chair,BusinessRoundtableLisaSu,ChairandCEO,AdvancedMicroDevices(AMD)

NicolTurnerLee,Ph.D.,SeniorFellowandDirectoroftheCenterforTechnologyInnovation,BrookingsInstitution

KathyWarden,Chair,CEO,andPresident,NorthropGrumman

MayaWiley,PresidentandCEO,TheLeadershipConferenceonCivilandHumanRights

ArtificialIntelligenceRolesandResponsibilitiesFramework5

ExecutiveSummary

ArtificialIntelligence(AI)systemsaretransformingU.S.criticalinfrastructure,unlockingnewopportunities,andpresentingnewriskstovitalsystemsandservices.ThechoicesthatorganizationsandindividualsmakeregardinghowAIsystemsaredeveloped,howtheycanbeaccessed,andhowtheyfunctionwithinlarger

systemswilldeterminetheimpactthatAIwillhavewhendeployedtobroadsegmentsofU.S.critical

infrastructure.Toinformthosechoices,theDepartmentofHomelandSecurity(DHS)developedtheRolesandResponsibilitiesFrameworkforAIinCriticalInfrastructure(the“Framework”)incloseconsultationwiththeArtificialIntelligenceSafetyandSecurityBoard(the“Board”).TheFrameworkrecommends

keyrolesandresponsibilitiesforthesafeandsecuredevelopmentanddeploymentofAIinU.S.criticalinfrastructure.

ThisFrameworkseekstocomplementandadvancetheAIsafetyandsecuritybestpracticesestablishedby

theWhiteHouseVoluntaryCommitments,theBlueprintforanAIBillofRights,ExecutiveOrder14110

ontheSafe,Secure,andTrustworthyDevelopmentandUseofArtificialIntelligence,theOMBM-24-10

MemorandumonAdvancingGovernance,Innovation,andRiskManagementforAgencyUseofArtificial

Intelligence,theMemorandumonAdvancingtheUnitedStates’LeadershipinArtificialIntelligence,the

workoftheAISafetyInstitute,theDHSSafetyandSecurityGuidelinesforCriticalInfrastructureOwnersandOperators,andothers.

Theroles,responsibilities,usecases,andrisksassociatedwithAIincriticalinfrastructurearecomplex,

interdependent,andwillchangeovertimewiththeevolutionofthetechnology.Giventheseconsiderations,thisFramework:

►ProposesasetofvoluntaryresponsibilitiesforthesafeandsecureuseofAIinU.S.criticalinfrastructure,dividedamongfivekeyroles:cloudandcomputeinfrastructureproviders,AIdevelopers,criticalinfrastructureownersandoperators,civilsociety,andthepublicsector.

►Evaluatestheserolesacrossfiveresponsibilityareas:securingenvironments,drivingresponsible

modelandsystemdesign,implementingdatagovernance,ensuringsafeandsecuredeployment,andmonitoringperformanceandimpactforcriticalinfrastructure.

►Providestechnicalandprocessrecommendationstoenhancethesafety,security,andtrustworthinessofAIsystemsdeployedacrossthenation’ssixteencriticalinfrastructuresectors.

IfadoptedandimplementedthroughouttheAIecosystem,thisFrameworkintendstofurtherAIsafetyandsecurityincriticalinfrastructure,includingtheharmonizationofsafetyandsecuritypractices,improve

thedeliveryofcriticalservices,enhancetrustandtransparencyamongentities,protectcivilrightsand

civilliberties,andadvanceAIsafetyandsecurityresearchthatwillfurtherenablecriticalinfrastructuretoresponsiblyoperationalizeanddeployAI.

ThisFrameworkbuildsuponexistingriskframeworksthatenableentitiestoevaluatewhethertheuseofAIforcertainsystemsorapplicationscouldresultinharmstocriticalinfrastructureassets,sectors,nationallysignificantsystems,orindividualsservedbysuchsystems.TheresponsibilitiesinthisFrameworkhave

beentailoredtoaddressthesepotentialharmsthroughtheimplementationoftechnicalriskmitigations,

accountabilitymechanisms,routinetestingpractices,andincidentresponseplanning.Importantly,the

Frameworkalsoprioritizestheroleoftransparency,communication,andinformationsharingaskey

elementsofAIsafetyandsecurity.ThisFrameworkdoesnotrepresentacompletelistoftherelevantentities’responsibilitiesforAIsafetyandsecurity,butinsteadfocusesonactivitiestoadvancethesafeandsecureuse

ArtificialIntelligenceRolesandResponsibilitiesFramework6

ExecutiveSummary

ofAIthatareparticularlyrelevanttocriticalinfrastructure.Allrelevantentities,fromcloudandcomputeinfrastructureproviderstoAIdevelopersandcriticalinfrastructureownersandoperators,shouldconsidersector-specificandcontext-specificAIriskmitigationsinadditiontothefoundationalresponsibilities

presentedbythisFramework.

AIremainsanemergingtechnology,andAIsafetyandsecuritypracticescontinuetodevelopintandem.

DHSandtheAISafetyandSecurityBoardwillleadbyexampletosupport,strengthen,andadvancethecoreconceptsinthisFrameworkasasharedcommitmenttoprotectandshapethefutureofAmericaninnovationinournation’scriticalinfrastructure.

Artificial

IntelligenceRolesandResponsibilitiesFramework7

I.Introduction

AmericancriticalinfrastructureencompassesthesixteensectorsofAmericansocietywhosesystemsaresovitalthattheirincapacitationwouldhaveadebilitatingimpactonthelifeofthenation

.1

ItincludestheU.S.systemsofdefense,energy,transportation,informationtechnology,financialservices,foodandagriculture,communications,andothers.

Withitspartners,theU.S.DepartmentofHomelandSecurity(DHS)helpstoprotectthemethodsbywhichAmericanspowertheirhomesandbusinesses,makefinancialtransactions,shareinformation,accessand

deliverhealthcare,andputfoodonthetable–amongmanyotherdailyactivities.AIcanbeapowerfulforcetoimprovetheservicesthatcriticalinfrastructureprovides,buildresilience,detectthreats,andsupport

disasterrecovery.Astheentitiesthatownandoperatethesecriticalinfrastructuresystemsincreasingly

adoptAI,itistheDepartment’sdutytounderstand,anticipate,andaddressrisksthatcouldnegativelyaffectthesesystemsandtheconsumerstheyserve.ThisdutyincludesensuringthatcriticalinfrastructuresystemsfunctionforandserveallpeopleintheUnitedStates.AIsystemsincriticalinfrastructurearenoexception–theymustbeintentionallydesigned,developed,anddeployedinamannerthatiseffectiveandrespectsandpreservesprivacy,civilrights,andcivilliberties.

2

TheDepartmentwilldoitsparttoprotecttheserightsasanecessaryconditionofdrivingsafeandsecureoutcomesincriticalinfrastructure.

Infrastructure

The16U.S.CriticalSectors

Chemical

Dams

Financial

Services

CommercialFacilities

Defense

IndustrialBase

FoodandAgriculture

NuclearReactors,Materials,andWaste

Communications

EmergencyServices

GovernmentFacilities

TransportationSystems

Critical

Manufacturing

Energy

HealthcareandPublicHealth

WaterandWastewater

Information

Technology

RecognizingthecriticalnatureofthesesystemsandtheirroleinusingAItoservetheAmericanpeople,

thePresident’sOctober2023ExecutiveOrderontheSafe,Secure,andTrustworthyDevelopmentandUseofArtificialIntelligence(ExecutiveOrder14110)directedtheSecretaryofHomelandSecuritytoestablishanAISafetyandSecurityBoard,taskedwithproviding“advice,information,orrecommendations”totheSecretaryandthecriticalinfrastructurecommunityregardingitsuseofAI.

3

Asaninitialstep,DHS,incloseconsultationwiththeBoard,hasdevelopedthisvoluntaryRolesandResponsibilitiesFrameworkforAIinCriticalInfrastructure(the“Framework”)torecommendtherolesandresponsibilitiesofentitiesacrosstheAIecosystemforthesafe,secure,andresilientdevelopmentanddeploymentofAItocriticalinfrastructure.

*

*ThisFrameworkexpressesstandardsofpracticeanddoesnotestablishanylegalright,privilege,orrequirement.

8

ArtificialIntelligenceRolesandResponsibilitiesFramework

II.Scope

ThisFrameworkproposesamodelofsharedandseparateresponsibilitiesforthesafeandsecureuseofAIincriticalinfrastructure.Forthispurpose,theFramework:

►Recommendsrisk-andusecase-basedmitigationstoreducetheriskofharmtocritical

infrastructuresystemsandthepeopleservedbythemwhendevelopinganddeployingAI,aswellas

thepotentialforharmstocascadeinamannerthatcouldimpactmultiplesectorsorcreatenationallysignificantdisruptionsifleftunaddressed.

►Proposesasetofvoluntaryresponsibilitiesacrosstherolesofcloudandcomputeinfrastructureproviders,AImodeldevelopers,andcriticalinfrastructureownersandoperatorsindevelopinganddeployingtheAI-poweredservicesuponwhichmuchofthecountry’scriticalinfrastructure

currentlyreliesorwillsoonrely.

►Proposesasetofvoluntaryresponsibilitiesforcivilsocietyandthepublicsectorinadvocatingforthosewhouseorareaffectedbythesecriticalsystems,supportingresearchtoimprovevariousaspectsofnewtechnologies,andadvancingstrongrisk-managementpractices.

►ReliesuponexistingriskframeworkstoenableentitiestoevaluatewhethertheuseofAIforcertainsystemsorapplicationscarriessevererisksthatcouldresultinharmstocriticalinfrastructureassets,

sectors,orothernationallysignificantsystemsthatservetheAmericanpeople.Furtherresearchon

therelationshipsbetweentheseriskcategories,aswellastheirmitigations,willhelpentitiesconductthisevaluationonause-casebasis.

Furthermore,thisFrameworkcomplementsandleveragesinformationgatheredfromtheAIandcriticalinfrastructuresecurityprogramsDHScoordinates,includingtheannualAIsector-specificriskassessmentprocessforcriticalinfrastructureestablishedunderExecutiveOrder14110andtheforthcomingNationalInfrastructureRiskManagementPlan.

ArtificialIntelligenceRolesandResponsibilitiesFramework9

III.RisksofAItoCriticalInfrastructure

ForthepurposesofthisFramework,werefertosafetyandsecurityrisksinthecontextoftheirpotential

threats,hazards,vulnerabilities,andconsequencestocriticalinfrastructureandofferriskmitigationsthatcanbeimplementedacrosstheAIdevelopmentanddeploymentlifecycle.OurassessmentofthesefactorsdrawsfrompreviouslypublishedU.S.governmentmemorandaandreports;inparticular,theSafetyand

SecurityGuidelinesforCriticalInfrastructure,theNationalSecurityMemorandumonCriticalInfrastructureSecurityandResilience,andguidanceonriskstocivilrightsandcivillibertiesfromOMBMemorandum

M-24-10andtheWhiteHouseBlueprintforanAIBillofRights.

4

DHS,throughtheCybersecurityandInfrastructureSecurityAgency(CISA)andincoordinationwithotherSectorRiskManagementAgencies(SRMAs),

5

identifiedthreecategoriesofAIsafetyandsecurityattack

vectorsandvulnerabilitiesacrosscriticalinfrastructure:attacksusingAI,attackstargetingAIsystems,anddesignandimplementationfailures.Forownersandoperatorsofcriticalinfrastructurewhoseessentialservicesandfunctionsthepublicdependsondaily,understandingthenatureofthesevulnerabilitiesandaddressingthemaccordinglyisnotmerelyanoperationalrequirementbutanationalimperative.

TheNationalSecurityMemorandumonCriticalInfrastructureSecurityandResilience(NSM22)articulatesanapproachtocategorizingriskstocriticalinfrastructurebasedonthescaleandseverityofpotentialharms,whichinturnenablestheprioritizationofriskmanagementefforts.Below,wehavemappedeachofthesecategoriestoanexplanationofspecificrisksrelatedtocriticalinfrastructure’suseofAI.Riskcategories

assessadverseimpactsandarelistedinorderofincreasingscale:

1.Asset-LevelRisk,

includingbutnotlimitedtodisruptionorphysical

damagetotheoperations,assets,orsystemsofcriticalinfrastructure,ordirect

supplierresultingfromhigh-riskuseofAI.Theseriskscanincludedesign

ordeploymentflawsthatimpairservicetoapopulationorlocality.

2.SectorRisk,including

butnotlimitedtorisksto

asetofassetsimpacting

sectoroperationsbeyondan

individualasset.Theserisks

comprise,amongothers,

Fig.1.TheFramework’sriskcategoriesalign

tothescaleofpotentialharms.

operationalfailuresofAI

systemsdeployedinenergyorwaterutilitiesandinterruptions

intheprovisionofvitalservices(suchasmedicalservicesdeliveredbyhospitalsandfinancialservicesdeliveredbybanksandotherfinancialinstitutions),andthetargetingoftheelectioninfrastructuresubsectorenabledbythemisuseofAI.

ArtificialIntelligenceRolesandResponsibilitiesFramework10

RisksofAItoCriticalInfrastructure

3.SystemicandCross-SectorRisk,includingbutnotlimitedtodisruptionstotheinformation

technologysectorfromAI-enabledcyberattacksandincidentsthatrestrictaccesstocriticalservices,negativeenvironmentalimpactsassociatedwithgrowingAIadoption,AIincidentsresultingin

significantfinancialloss,errorsinAI-enabledsensingtechnologiesthatsubstantiallyhinderaccesstotheservicesofcriticalinfrastructureentities,disruptionsinlogisticssupplychainsduetofailuresinAI-enhancedprocesses,andotherrisksstemmingfromtheincreasinglyinterdependentnatureofcriticalinfrastructure.

4.NationallySignificantRisk,includingbutnotlimitedtorisksofAIcausingwidespreadimpact

tosafetyorrights

6

orsignificantlyassistingwiththedevelopment,manufacture,ordeploymentofconventional,chemical,biological,radiological,ornuclear(CBRN)weapons.

ThisFrameworksuggestsmitigationsthat,ifimplementedbytheentitiesperformingtherelevantactivities,canreducethelikelihoodandseverityofconsequencesassociatedwitheachriskcategory.

Further,thisframingofrisksrevealstheinterdependentnatureofthesecategories,whereasset-levelrisks

ifleftunaddressedcancompoundintosector-wideorcross-sectorrisks;conversely,mitigationsdesigned

toimprovethesafetyorsecurityofacriticalassetmaypreventorreducethelikelihoodofanationally

significantconsequence.ThisfocusalsoacknowledgesthatthevariouschoicesmaderegardinghowAI

modelsaredeveloped,howtheycanbeaccessed,andhowtheyfunctionwithinlargersystemsarecriticaltotheimpacttheywillhavewhendeployedtobroadsegmentsofU.S.criticalinfrastructure.Thepublicsectorandcivilsocietyplayapivotalroleinunderstandingandshapingthisimpact,sothatbenefitscanbesharedacrosssectorsandharmscanbeprevented,mitigated,and,asnecessary,remediated.

ArtificialIntelligenceRolesandResponsibilitiesFramework11

IV.RolesandResponsibilitiesfortheSafeandSecureDeploymentofAIinCriticalInfrastructure

A.Overview

AImodelswilloftenbedesigned,implemented,andconsumedbydifferententitiesindifferentcontexts;therefore,responsibilitiesformanagingAIsafetyandsecurityriskswillnecessarilybedistributedacrossmultipleorganizations.ThisFrameworkspecificallyevaluatesthesharedandseparateresponsibilities

ofcloudandcomputeinfrastructureproviders,AImodeldevelopers,criticalinfrastructureownersandoperators,civilsociety,andthepublicsectoracrossfivefoundationalcategories:securingenvironments,drivingresponsiblemodelandsystemdesign,implementingdatagovernance,ensuringsafeandsecuredeployment,andmonitoringperformanceandimpact.

Interdependenciesamongtheseaforementionedentitiesmustbeaddressedthroughconcertedeffortstobetransparent,usingcommunicationchannelsanddatasharingtopromotetrustandcommonunderstanding.Forexample,criticalinfrastructureentitieswillbeabletobetterassesswhethermodelsaresafeandsecureifAIdevelopersprovidecustomerswithinformationabouthowrelevantsafetyandsecurityriskshavebeenaddressedthroughmodeldesignandtesting.

7

Similarly,modeldevelopersandserviceproviderscanmore

efficientlyassessriskstotheirITenvironmentsandmakeinformedprocurementdecisionsiftheircloudandcomputeinfrastructureproviderssharedocumentationofhardwareandsoftwarecomponentsandsource

vendors.

8

Furthermore,criticalinfrastructureentitiescanplayacentralroleinimprovingandinformingtheAIdevelopmentprocessbyprovidingtransparencyintotheirdeploymentsofAI,includingtheassociated

contextandprocessofsuchdeployments.TransparencyservesanimportantpurposeinconnectingtheentitiesidentifiedinthisFramework,enablingeachtofulfillitsrespectiveresponsibilitiesforsafetyandsecurity.

Additionally,entitiesmayplaymorethanoneroleassociatedwiththeAIlifecycle.Recentdevelopments

inAIareincreasinglyenablingtheconfigurabilityandtoolingofmodels,closingt