CISA OT AI integration principles

government

CISA·cisa.gov/resources-tools/resources/principles-secure-inte...

Credibility Rating

4/5

High(4)

High quality. Established institution or organization with editorial oversight and accountability.

Rating inherited from publication venue: CISA

Relevant to AI safety practitioners concerned with deployment risks in high-stakes physical systems; CISA's OT focus makes this distinct from typical software AI governance guidance, addressing scenarios where AI misalignment or failure could directly harm physical infrastructure.

Metadata

Importance: 52/100guidance documentreference

Summary

This CISA guidance document outlines principles for safely and securely integrating artificial intelligence into operational technology (OT) environments such as industrial control systems and critical infrastructure. It addresses unique risks posed by AI in high-stakes physical systems where failures can have severe real-world consequences. The document provides a framework for operators and vendors to manage AI-related cybersecurity risks in OT contexts.

Key Points

•Identifies distinct security challenges when deploying AI in OT environments, including legacy system vulnerabilities and physical safety implications.
•Emphasizes that AI failures in OT can cascade into physical harm, making reliability and resilience requirements stricter than in typical IT contexts.
•Recommends principles such as secure-by-design, maintaining human oversight, and ensuring AI systems fail safely in critical infrastructure settings.
•Addresses supply chain risks and the need for transparency from AI vendors deploying in operational technology environments.
•Supports coordination between cybersecurity and safety engineering disciplines when integrating AI into industrial control systems.

Cited by 1 page

Page	Type	Quality
Cyberweapons Risk	Risk	91.0

Cached Content Preview

HTTP 200Fetched Mar 15, 20264 KB

Principles for the Secure Integration of Artificial Intelligence in Operational Technology | CISA 
 
 
 

 

 
 
 
 
 Skip to main content 
 
 

 
 

 
 
 
 
 
 
 
 
 
 
 
 Official websites use .gov 
 
 A .gov website belongs to an official government organization in the United States.
 

 
 
 
 
 
 
 Secure .gov websites use HTTPS 
 
 A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
 

 
 
 
 
 
 
 

 

 
 
 
 

 
 
 

 

 
 
 

 
 
 

 
 Due to the lapse in federal funding, this website will not be actively managed. Read More 

 no-cost Cyber Services Secure by design Secure Your Business Shields Up Report A Cyber Issue 

 

 
 
 
 
 

 
 
 
 
 
 
 
 

 

 
 
 
 
 
 
 

 
 
 

 
 

 
 
 
 

 

 
 
 

 
 
 
 Share: 
 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 

 
 
 

 
 

 
 
 
 

 
 

 
 
 

 
 

 
 
 
 
 
 
 
 PUBLICATION 
 
 Principles for the Secure Integration of Artificial Intelligence in Operational Technology 

 

 
 Publish Date December 03, 2025 

 
 
 
 Related topics: 
 
 Cybersecurity Best Practices , Critical Infrastructure Security and Resilience , Industrial Control Systems 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 Artificial intelligence (AI) has the potential to increase efficiency and productivity, enhance decision-making, cut costs and improve customer experience, but introducing AI in operational technology (OT) environments can introduce risks that require careful management to support the safety, security, and reliability of OT systems.

 CISA and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in collaboration with federal and international partners, co-authored this joint cybersecurity guidance for critical infrastructure owners and operators integrating AI into their OT systems. This guidance outlines four key principles owners and operators can follow to realize the benefits of integrating AI into OT systems while reducing risk. It focuses on machine learning, large language model-based AI, and AI agents because of the complex security considerations and challenges they pose, but the guidance also applies to systems augmented with traditional statistical modeling and logic-based automation. The authoring agencies encourage critical infrastructure owners and operators to review and follow this guidance to achieve a more balanced approach to integrating AI into their OT environments and to continuously monitor, validate, and refine their AI models. 

 
 In addition to ASD’s ACSC, this joint guide was developed in collaboration with:

 
 
 
 National Security Agency’s Artificial Intelligence Security Center ( NSA AISC ) 

 
 
 
 
 Federal Bureau of Investigation ( FBI ) 

 
 
 
 
 Canadian Centre for Cyber Security ( Cyber Centre ) 

 
 
 
 
 German Federal Office for Information Security ( BSI ) 

 
 
 
 
 Netherlands National Cyber Securi

... (truncated, 4 KB total)

Resource ID: 122efbdd52167837 | Stable ID: NDkwYWI5Yj