Key Security Considerations for AI
Attorney Stephen Wu Discusses Assessing Risks
As the use of artificial intelligence tools and robotics continues to grow, it’s crucial for organizations to assess the potential security risks posed, says attorney Stephen Wu.
Among the growing applications of AI in the healthcare sector are tools to assist in the diagnosis of illnesses, the processing of medical images and the detection of fraud, Wu says in an interview with Information Security Media Group. Meanwhile, robotics use is expanding as well, especially for surgery.
“The HIPAA regulations don’t talk about artificial intelligence and robotics in particular, so we have to use the general principles associated with HIPAA compliance and apply those to the particular systems being deployed,” he explains.
For AI tools, Wu says, “you may have on-premises software – and we’ve been securing enterprise software for a long time on-premises. But a lot of these applications are being delivered as software as a service, so all the security controls we think about with cloud computing … would apply to AI.”
As for robotics gear, “it has firmware in it; it may have software running on it. It’s a piece of hardware, in essence, so all the things we think of in terms of hardware and software protection would apply to these robotic systems as well.”
When assessing the security risks of robotics – just like sizing up the risks involving medical devices – organizations also need to evaluate the security steps manufacturers have taken, he notes.
One question, to consider, he notes, is: “Did the vendor use a secure development methodology in order to program the software to deliver the solution?”
In the interview, Wu also discusses:
- Other regulatory and compliance concerns related to AI and robotics;
- Cyberattacks, such as potential hacking, that could impact healthcare robotics systems;
- Predictions about how AI may improve data security.
In his role as an attorney at Silicon Valley Law Group in San Jose, Calif., Wu focuses on compliance, liability and information governance in emerging areas of technology law. Wu has written or co-written several books on information security and the law. He served as the 2010-2011 chair of the American Bar Association Section of Science & Technology Law.