2023年AI和标准化网络安全报告.docx

ABBREVIATIONSAbbreviationDefinitionAlArtificialIntelligenceCEN-CENELECEuropeanCommitteeforStandardisation-EuropeanCommitteeforElectrotechnicalStandardisationCIAConfidentiality,IntegrityandAvailabilityENEuropeanStandardESOEuropeanStarjdardisationOrganisationETSIEuropeanTelecommunicationsStandardsInstituteGRGroupReportICTInformationAndCommunicationsTechnologyISGIndustrySpecificationGroupISOInternationalOrganizationforStandardizationITInformationTechnologyJTCJointTechnicalCommitteeMLMachineLearningNISTNationalInstituteofStandardsandTechnologyR&DResearchAndDevelopmentSAISecurityofArtificialIntelligenceSCSubmmitteeSDOStandards-DevelopingOrganisationTRTechnicalReportTSTechnicalSpecificationsWlWorkItemABOUTENISATheEuropeanUnionAgencyforCybersecurity,ENISA,istheUnion,sagencydedicatedtoachievingahighcommonlevelofcybersecurityacrossEurope.Establishedin2004andstrengthenedbytheEUCybersecurityAct,theEuropeanUnionAgencyforCybersecuritycontributestoEUcyberpolicy,enhancesthetrustworthinessofICTproducts,servicesandprocesseswithcybersecuritycertificationschemes,cooperateswithMemberStatesandEUbodies,andhelpsEuropeprepareforthecyberchallengesoftomorrow.Throughknowledgesharing,capacitybuildingandawarenessraising,theAgencyworkstogetherwithitskeystakeholderstostrengthentrustintheconnectedeconomy,tobstresilienceoftheUnion'sinfrastructure,and,ultimately,tokeepEurope'ssocietyandcitizensdigitallysecure.MoreinformationaboutENISAanditsworkcanbefoundhere:www.enisa.europa.eu.CONTACTForcontactingtheauthorspleaseuseteam(>enisa.europa.euFormediaenquiriesaboutthispaper,pleaseusepressenisa.europa.eu.AUTHORSP.Bezombes,S.Brunessaux,S.CadzowEDITOR(三)ENISA:E.MagonaraS.GorniakP.MagnaboscoE.TsemezogloACKNOWLEDGEMENTSWewouldliketothanktheJointResearchCentreandtheEuropeanCommissionfortheiractivecontributionandcommentsduringthedraftingstage.Also,wewouldliketothanktheENISAAdHocExpertGrouponArtificialIntelligence(AI)cybersecurityforthevaluablefeed-backandcommentsinvalidatingthisreport.1.EGALNOTICEThispublicationrepresentstheviewsandinterpretationsofENISA,unlessstatedotherwise.ItdoesnotendorsearegulatoryobligationofENISAorofENISAbodiespursuanttotheRegulation(EU)No2019/881.ENISAhastherighttoalter,updateorremovethepublicationoranyofitscontents.Itisintendedforinformationpurposesonlyanditmustbeaccessiblefreeofcharge.AllreferencestoitoritsuseasawholeorpartiallymustntainENISAasitssource.Third-partysourcesarequotedasappropriate.ENISAisnotresponsibleorliableforthecontentoftheexternalsourcesincludingexternalwebsitesreferencedinthispublication.NeitherENISAnoranypersonactingonitsbehalfisresponsiblefortheusethatmightbemadeoftheinformationcontainedinthispublication.ENISAmaintainsitsintellectualpropertyrightsinrelationtothispublication.COPYRIGHTNOTICE©EuropeanUnionAgencyforCybersecurity(ENISA),2023ThispublicationislicencedunderCC-BY4.0"Unlessotherwisenoted,thereuseofthisdocumentisauthorisedundertheCreativeCommonsAttribution4.0International(CCBY4.0)licencehttpsycreativecommons.orglicensesby4.0).Thismeansthatreuseisallowed,providedthatappropriatecreditisgivenandanychangesareindicated".Coverimage©.ForanyuseorreproductionofphotosorothermaterialthatisnotundertheENISAcopyright,permissionmustbesoughtdirectlyfromthecopyrightholders.ISBN978-92-9204-616-3,DOI10.2824/277479,TP-03-23-011-EN-C帝用SmTABLEOFCONTENTS1. INTRODUCTION81.1 DOCUMENTPURPOSEANDOBJECTIVES81.2 TARGETAUDIENCEANDPREREQUISITES81.3 STRUCTUREOFTHESTUDY82. SCOPEOFTHEREPORT:DEFINITIONOFAlANDCYBERSECURITYOFAl92.1 ARTIFICIALINTELLIGENCE92.2 CYBERSECURITYOFAl103. STANDARDISATIONINSUPPORTOFCYBERSECURITYOFAI123.1 RELEVANTACTIVITIESBYTHEMAINSTANDARDS-DEVELOPINGORGANISATIONS123.1.1 CEN-CENELEC123.1.2 ETSI133.1.3 ISO-IEC143.1.4 Others144. ANALYSISOFCOVERAGE164.1 STANDARDISATIONINSUPPORTOFCYBERSECURITYOFAl-NARROWSENSE164.2 STANDARDISATIONINSUPPORTOFTHECYBERSECURITYOFAl-TRUSTWORTHINESS194.3 CYBERSECURITYANDSTANDARDISATIONINTHECONTEXTOFTHEDRAFTAlACT215. CONCLUSIONS245.1 WRAP-UP245.2 RECOMMENDATIONS255.2.1 Recommendationstoallorganisations255.2.2 Recommendationstostandards-developingorganisations255.2.3 RecommendationsinpreparationfortheimplementationofthedraftAlAct255.3 FINALOBSERVATIONS26AANNEX:27A.1SELECTIONOFISO27000SERIESSTANDARDSRELEVANTTOTHECYBERSECURITYOFAl27A.2RELEVANTISO/IECSTANDARDSPUBLISHEDORPLANNED/UNDERDEVELOPMENT31CEN-CENELECJOINTTECHNICALCOMMITTEE21ANDDRAFTAlACTREQUIREMENTSA.4ETSI ACTIVITIES AND DRAFT Al ACT REQUIREMENTS33EXECUTIVESUMMARYTheoverallobjectiveofthepresentdocumentistoprovideanoverviewofstandards(existing,beingdrafted,underconsiderationandplanned)relatedtothecybersecurityofartificialintelligence(Al),assesstheircoverageandidentif