The National Cyber Security Centre (NCSC) earlier this year issued advice to Public Sector Bodies on the cybersecurity implications of Generative Artificial Intelligence (GenAI). The advice covered the risks associated with sensitive data being inputted to GenAI systems, the risks associated with relying on the outputs of the systems, as well as technical advice around the security of GenAI systems. The guidance also covered the potential misuse of GenAI by malicious cyber actors. The NCSC recommends that as with all new technology, such as GenAI it should only be adopted based on a clearly defined business need following an appropriate risk assessment. The advice also provided some Do’s and Don’ts for staff on using AI securely. In drawing up this advice, the NCSC consulted with a wide number of entities, in both public and private sectors but did not commission any consultancy services.
The NCSC does not discuss operational issues, or the tools, software or procedures used in defending against cyber security incidents.