CISA issues principles for integrating AI in operational technology

CISA and the Australian Signals Directorate’s Australian Cyber Security Centre released “Principles for the Secure Integration of Artificial Intelligence in Operational Technology,” a guidance document addressing the introduction of Artificial Intelligence (AI) into Operational technology (OT) and the attendant effects on OT safety, security, and reliability.

The guidance explicitly focuses on Machine Learning (ML), large language models (LLMs), and AI agents and states it also applies to systems using traditional statistical modeling and logic-based automation; it identifies critical infrastructure owners and operators as the intended audience and organizes content around four named principles: Understand AI, Assess AI Use in OT, Establish AI Governance, and Embed Safety and Security.

The document sets out both anticipated benefits—described as increased efficiency, enhanced decision-making, and cost savings—and the unique risks the agencies associate with AI in OT, specifically risks to the safety, security, and reliability of OT environments.

CISA and the Australian Signals Directorate’s Australian Cyber Security Centre encourage critical infrastructure owners and operators to adopt the principles contained in the guidance titled “Principles for the Secure Integration of Artificial Intelligence in Operational Technology” and recommend reviewing the full guidance for further detail.

The guidance advises organizations to educate personnel on AI risks, impacts, and secure development lifecycles; to evaluate business cases, manage OT data security risks, and address immediate and long-term integration challenges; to implement governance frameworks, test AI models continuously, and ensure regulatory compliance; and to maintain oversight, ensure transparency, and integrate AI considerations into incident response planning.