Security Controls

Security controls consist of traditional cybersecurity controls that organizations with good cyber hygiene already have implemented, but with an emphasis on controls over the IT ecosystem in which the ML system operates. An ML system operates in an IT ecosystem that provides sensory data inputs to the ML algorithm, computational power, and IT other services. The ML algorithm can be conceptualized as a software application that runs on an underlying IT infrastructure. To secure the application, its interfaces to the underlying IT infrastructure also need to be secured. As automated decision making tools, ML systems may need to have access to many IT systems and services. For instance, Amazon Alexa’s algorithms have access to many computing resources, databases, and services in Amazon’s IT infrastructure. This increases the risks of excessive access to applications, platforms and supporting infrastructure. Identity and access controls are needed to restrict the access of ML system to only those IT infrastructure components and services needed by an application domain. Likewise, due to their large scale of operations, any incidents in ML systems could cause major disruptions and harms. Thus, incident reporting and incident response controls are needed.