Government publishes cyber security guidance for public sector AI use
The National Cyber Security Centre (NCSC) has published new guidance to help public sector bodies deploy AI securely and comply with the EU AI Act.
The document, Securing AI Adoption in the Public Sector, provides “practical advice” on managing cyber security risks throughout the lifecycle of AI systems, from design and development to deployment and retirement. It is accompanied by an AI Cyber Security Risk Assessment identifying the principal threats associated with AI deployments and measures to mitigate them.
The guidance fulfils a commitment made in the Government’s Digital Ireland – Connecting our People, Securing our Future strategy, published earlier this year. It has been produced with support from the Department of Public Expenditure, Infrastructure, Public Service Reform and Digitalisation and the Department of Enterprise, Trade and Employment.
Although aimed at public bodies, the NCSC said the guidance could also be applied by organisations in the private sector.
Public expenditure minister Jack Chambers said: “The public service is already doing excellent work in putting AI to use, to improve how it serves the public, and these guidelines are designed to support and build on that. They give public sector bodies another practical tool to deploy AI with confidence, alongside our guidelines for the Responsible Use of AI in the Public Service. Our focus is on enabling the public service to keep moving forward with this technology, and to do so securely and responsibly.”
Justice minister Jim O’Callaghan commented: “AI is a powerful tool, and the public service must look at the best ways to deploy it. My priority is to make sure it is adopted in a way that protects the security of our public sector bodies and our national security. Through the National Cyber Security Centre, my department is giving public sector bodies the practical tools to do exactly that, to take advantage of what AI offers while keeping their systems, their data, and the State secure.”
Dr Richard Browne, director of the NCSC, added: “AI is changing the world of cyber security for attackers and defenders alike. Part of these guidelines are about ensuring public bodies can take full advantage of it, adopting AI in a way that strengthens how we secure our networks and systems rather than exposing them to new risk. They are built on international standards and set out clear, practical steps any organisation can follow, whatever the scale of its project. This is part of a sustained programme of support from the NCSC.”


