Government sets out cyber security practice code to stoke AI growth
The government has set out a cyber security code of practice for developers to follow when building AI products
The government has set out an artificial intelligence (AI)-focused cyber security code of practice for UK businesses, which it describes it as a “world first”.
The Department for Science, Innovation and Technology said the standard will protect AI systems from cyber attack, boost productivity and set up a global coalition to tackle a worldwide cyber skills shortage.
It is the latest salvo in the government’s bid to boost AI as the fuel for economic growth, repeating similar rhetoric from the previous government.
The Code of Practice for the Cyber Security of AI will, said the government, help to create a global standard in the European Telecommunication Standards Institute (ETSI) that sets baseline security requirements. A specific standard is needed for AI, as distinct from other forms of software, because of such security risks as data poisoning, model obfuscation, indirect prompt injection, as well as differences in the operations of data management, according to DSIT.
The code will, in the government’s view, back up its overall plan for change, whose elements include making kickstarting economic growth as a political priority, with an AI opportunities action plan as part of that. Part of the aim of the plan is to be on a par with France, whose National AI Commission outlined 25 recommendations for the development of an AI-driven economy in 2024.
Minister for cyber security Feryal Clark said: “The UK is leading the way in setting global benchmarks for secure innovation, ensuring AI is developed and deployed in an environment that protects critical systems and data which are central to delivering our plan for change.
“This will not only create the opportunities for businesses to thrive, secure in the knowledge that they can be better protected than ever before but support them in delivering cutting-edge AI products that drive growth, improve public services, and put Britain at the forefront of the global AI economy,” she said.
Read more about UK government cyber security policy
- With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government.
- UK’s cyber incident reporting law to move forward in 2025.
- NAO: UK government cyber resilience weak in face of mounting threats.
The government has also published an implementation guide for the code. It urges developers to review the guide to confirm what requirements are specified for different types of AI systems.
The code is underpinned by 13 secure software development principles. These include designing AI systems for security, as well as functionality and performance, enabling human responsibility for AI systems, securing infrastructures and software supply chains, and ensuring proper data and model disposal.
In support of the code, Ollie Whitehouse, chief technology officer at the NCSC, said: “The new code of practice, which we have produced in collaboration with global partners, will not only help enhance the resilience of AI systems against malicious attacks, but foster an environment in which UK AI innovation can thrive.
“The UK is leading the way by establishing this security standard, fortifying our digital technologies, benefiting the global community and reinforcing our position as the safest place to live and work online.”
The code was published at the end of a week when the National Audit Office published a report on UK government cyber resilience that found 58 critical government IT systems, assessed in 2024, had significant gaps in cyber resilience, and that the government does not know how vulnerable at least 228 “legacy” IT systems, across central departments, are to cyber attack. It also found that one in three cyber security roles in government were vacant or filled by temporary – and so more expensive – staff in 2023-24.
The code will be submitted to the European Telecommunications Standards Institute’s Securing AI Committee, where it will, the UK government said, be used to develop a global standard.
The UK has also played a part, it said, in the launch of an International Coalition on Cyber Security Workforces, alongside Japan, Singapore and Canada. The “coalition” – which came out of a summit held at Wilton Park in West Sussex in September 2024 – will, it is said, help countries work together to tackle cyber threats and address the global cyber skills gap.
Originally published at ECT News
