PSCR UAS Working Group

February 2024 Workshop

Introduction to the Workshop

On the 7th and 8th of February 2024, the UAS Portfolio hosted the Workshop on Cybersecurity and Artificial Intelligence (AI) Risk Management (CSAIRM) for UAS in Public Safety at the Montgomery County Fire & Rescue Training Academy in Gaithersburg, Maryland, USA. This workshop brought together a wide spectrum of stakeholders, including public safety end users, management, academia, and developers, with the following three main goals: 

• Network and learn about each others’ connective capabilities and challenges. 
• Begin to develop a roadmap for improving Cybersecurity and AI Risk Management in this domain. 
• Develop a Top-10 list of questions that management personnel, such as fire and police chiefs, can ask their IT staff, vendors, and other people in the UAS ecosystem as they work to improve their risk management. 

Workshop Outcome

Many thanks to everyone who spoke at and participated in the workshop, and particularly thanks to the Montgomery County Fire & Rescue Training Academy staff for hosting us!

Over the coming weeks and months, we will be publishing various resources relating to the workshop. This includes the meeting minutes, recordings, slides, and summary documents. The event page will continue to be updated with these resources as they are published. Contact us via psprizes [at] nist.gov (psprizes[at]nist[dot]gov) to be notified when new content is uploaded.

One of the main outcomes of the workshop event was the formulation of an initial “Top-10” list of questions that public safety management personnel, such as fire and police chiefs, could ask their vendors, IT staff, and other people in their UAS ecosystem to better understand their CSAIRM posture.

Below, we present the draft Top-10 list from the workshop. This has been lightly edited with topic areas from attendee ideas and consolidated with salient points raised during the workshop. It is not intended to be a complete list, nor is it final or relevant to all organizations or industries. Rather, it is intended to be a list of questions that may be useful starting points for discussion. It will be refined, added to, and tailored to different sectors, with additional commentary and guidance issued, in the future. 

Preliminary Top-10 Questions

1. How secure is the system? What is the attack surface? How, and in what timeframe, will we be notified of breaches of the various severity levels? What cybersecurity stress testing or “Red Teaming” has been performed, on both the system and systems on which it depends? 
2. How and where is the data stored? What is the level of encryption and other security methods for the data and its derivatives, such as metadata, error logs, vendor telemetry, and temporary files, in transit and at rest? Who can decrypt or modify the data? 
3. How can we determine if the AI is giving incorrect information? What are the possible mission-critical failure modes of the system? Do we have enough access to the system to determine if a decision that we do not agree with is due to an error on the part of the AI system or to otherwise perform root-cause analysis? How can we correct the behavior of the system? 
4. What measures are taken to ensure an appropriate level of data privacy? What are the levels of data privacy that have been chosen and how were those decisions made? 
5. In what physical locations is the AI processing being done? For instance, on the UAS, on the controller, on our own servers, or in a cloud datacenter in-state, in-country, or elsewhere? 
6. What AI and cybersecurity challenges have other users run into with this system and what steps have they taken to mitigate risk? 
7. Is information about the confidence that the AI system has in its decision available to the operator and/or investigator? What information is available to assist in interpreting this? 
8. What will the system do in the event it encounters a situation that is unusual or unexpected? Is the system capable of detecting if it is operating in a situation that was not represented during its development, training, or testing?
9. Where does additional input data to the system, such as maps, and positioning, come from, how is it updated and authenticated, and what measures are in place to address intentional and accidental interference, corruption, jamming, spoofing, or similar? 
10. What measures are taken to ensure continuity of critical operations in the event that the system undergoes planned or unplanned downtime or end-of-life? How likely is it that the information and systems required for recovery are affected by the same cyber attack as the main system? If the AI system suffers a failure, such as effects from a bad model or input data, what plans exist to roll back to a good model?

Get Involved

As we move forward with the UAS CSAIRM working group, we welcome the involvement of all stakeholders! Please send an email to psprizes [at] nist.gov (psprizes[at]nist[dot]gov) to be kept informed, and to offer suggestions, comments, and assistance for this topic area. We are particularly interested in opportunities to collaborate with partner organizations who are also looking to develop policies and guidance in this space and where efforts may be dual-purposed.

Credit: PSCR