以人工智能为特色的数字产品和服务的网络安全：标准化和认证的兴起？

IF 3.3 3区社会学 Q1 LAW

Computer Law & Security Review Pub Date : 2024-12-04 DOI:10.1016/j.clsr.2024.106093

Michal Rampášek, Matúš Mesarčík, Jozef Andraško

{"title":"以人工智能为特色的数字产品和服务的网络安全：标准化和认证的兴起？","authors":"Michal Rampášek, Matúš Mesarčík, Jozef Andraško","doi":"10.1016/j.clsr.2024.106093","DOIUrl":null,"url":null,"abstract":"<div><div>The field of cybersecurity has changed dramatically since the Cybersecurity Strategy for the Digital Decade was presented by the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy in December 2020. The Cybersecurity Strategy highlights the potential of AI as a new technology, but also the need for cyber security of AI technology. Indeed, since the strategy was adopted, AI has shown that it has enormous potential for growth, but also several risks and vulnerabilities that this new technology brings. The paper analyses the shift and further development in the field of cybersecurity of digital products and services, AI itself as a technology, as well as products and services that will contain an AI component. In our opinion, the way to ensure that not only AI technology itself, but also products and services are cyber-secure, is to achieve a high level of standardisation of best practices, as there are many gaps in this area. The adoption of technical standards will fully form a path for conformity assessment and certification of not only AI systems but also AI-featured digital products and services. However, the current regulatory trend is to adopt a comprehensive legal regulation of AI even before such technical standards are fully developed and adopted. We consider this risky. Despite the well-intentioned effort to define and regulate AI, the purpose set forth in the AIA may not be achieved, as the requirements adopted in this way can very quickly become unnecessarily burdensome or even outdated due to increasing technological development. The proof of this is also the recent rise of large ML models, known as foundation models, which significantly changed the previous understanding of the creation of AI systems. It will be the technological development of AI, AI specific standardisation, and subsequent certification of digital products and services, which will govern future activities in building Europe's cyber resilience.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106093"},"PeriodicalIF":3.3000,"publicationDate":"2024-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evolving cybersecurity of AI-featured digital products and services: Rise of standardisation and certification?\",\"authors\":\"Michal Rampášek, Matúš Mesarčík, Jozef Andraško\",\"doi\":\"10.1016/j.clsr.2024.106093\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The field of cybersecurity has changed dramatically since the Cybersecurity Strategy for the Digital Decade was presented by the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy in December 2020. The Cybersecurity Strategy highlights the potential of AI as a new technology, but also the need for cyber security of AI technology. Indeed, since the strategy was adopted, AI has shown that it has enormous potential for growth, but also several risks and vulnerabilities that this new technology brings. The paper analyses the shift and further development in the field of cybersecurity of digital products and services, AI itself as a technology, as well as products and services that will contain an AI component. In our opinion, the way to ensure that not only AI technology itself, but also products and services are cyber-secure, is to achieve a high level of standardisation of best practices, as there are many gaps in this area. The adoption of technical standards will fully form a path for conformity assessment and certification of not only AI systems but also AI-featured digital products and services. However, the current regulatory trend is to adopt a comprehensive legal regulation of AI even before such technical standards are fully developed and adopted. We consider this risky. Despite the well-intentioned effort to define and regulate AI, the purpose set forth in the AIA may not be achieved, as the requirements adopted in this way can very quickly become unnecessarily burdensome or even outdated due to increasing technological development. The proof of this is also the recent rise of large ML models, known as foundation models, which significantly changed the previous understanding of the creation of AI systems. It will be the technological development of AI, AI specific standardisation, and subsequent certification of digital products and services, which will govern future activities in building Europe's cyber resilience.</div></div>\",\"PeriodicalId\":51516,\"journal\":{\"name\":\"Computer Law & Security Review\",\"volume\":\"56 \",\"pages\":\"Article 106093\"},\"PeriodicalIF\":3.3000,\"publicationDate\":\"2024-12-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Law & Security Review\",\"FirstCategoryId\":\"90\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0267364924001584\",\"RegionNum\":3,\"RegionCategory\":\"社会学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0267364924001584","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 0

摘要

自2020年12月欧盟委员会和外交与安全政策联盟高级代表提出《数字十年网络安全战略》以来，网络安全领域发生了巨大变化。《网络安全战略》强调了人工智能作为一项新技术的潜力，同时也强调了人工智能技术对网络安全的需求。事实上，自该战略被采用以来，人工智能已经显示出巨大的增长潜力，但这项新技术也带来了一些风险和脆弱性。本文分析了数字产品和服务的网络安全领域的转变和进一步发展，人工智能本身作为一种技术，以及将包含人工智能组件的产品和服务。在我们看来，确保人工智能技术本身，以及产品和服务的网络安全的方法是实现最佳实践的高度标准化，因为这一领域存在许多空白。技术标准的采用将全面形成人工智能系统以及以人工智能为特色的数字产品和服务的合格评定和认证路径。然而，目前的监管趋势是，在这种技术标准尚未完全制定和采用之前，就对人工智能进行全面的法律监管。我们认为这很冒险。尽管在定义和规范人工智能方面做出了善意的努力，但AIA提出的目的可能无法实现，因为以这种方式采用的要求可能很快变得不必要的负担，甚至由于技术的不断发展而过时。最近大型机器学习模型（即基础模型）的兴起也证明了这一点，它极大地改变了之前对人工智能系统创建的理解。这将是人工智能的技术发展、人工智能特定的标准化以及随后对数字产品和服务的认证，这将指导未来建立欧洲网络弹性的活动。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evolving cybersecurity of AI-featured digital products and services: Rise of standardisation and certification?

The field of cybersecurity has changed dramatically since the Cybersecurity Strategy for the Digital Decade was presented by the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy in December 2020. The Cybersecurity Strategy highlights the potential of AI as a new technology, but also the need for cyber security of AI technology. Indeed, since the strategy was adopted, AI has shown that it has enormous potential for growth, but also several risks and vulnerabilities that this new technology brings. The paper analyses the shift and further development in the field of cybersecurity of digital products and services, AI itself as a technology, as well as products and services that will contain an AI component. In our opinion, the way to ensure that not only AI technology itself, but also products and services are cyber-secure, is to achieve a high level of standardisation of best practices, as there are many gaps in this area. The adoption of technical standards will fully form a path for conformity assessment and certification of not only AI systems but also AI-featured digital products and services. However, the current regulatory trend is to adopt a comprehensive legal regulation of AI even before such technical standards are fully developed and adopted. We consider this risky. Despite the well-intentioned effort to define and regulate AI, the purpose set forth in the AIA may not be achieved, as the requirements adopted in this way can very quickly become unnecessarily burdensome or even outdated due to increasing technological development. The proof of this is also the recent rise of large ML models, known as foundation models, which significantly changed the previous understanding of the creation of AI systems. It will be the technological development of AI, AI specific standardisation, and subsequent certification of digital products and services, which will govern future activities in building Europe's cyber resilience.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Law & Security Review LAW-

CiteScore

5.60

自引率

10.30%

发文量

审稿时长

67 days

期刊介绍： CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.