Information Security 5 min read

AI risk management in critical infrastructure via NIST AI RMF 1.0

How critical infrastructure operators can adapt the NIST AI RMF 1.0 framework to defend against specific AI threats and integrate it into corporate cybersecurity.

The rapid adoption of artificial intelligence in critical infrastructure management systems requires organizations to look beyond simple model accuracy assessments. The focus is shifting toward implementing comprehensive risk management frameworks that ensure safety, reliability, and accountability. Critical infrastructure operators face unique challenges: managing specific security risks of AI systems cannot be limited to performance metrics alone but requires integration into a broader operational security architecture.

The accuracy trap: why high performance does not guarantee AI security

For artificial intelligence systems in critical infrastructure, the U.S. National Institute of Standards and Technology (NIST) emphasizes the need to evaluate context, potential harm, reliability, and safety rather than focusing exclusively on model accuracy. The non-deterministic nature of machine learning models creates a specific threat landscape where even a high-precision algorithm can become a source of critical failure or an attack vector.

According to industry data, up to 27.7% of failures in industrial AI assistants are linked to unpredictable concept drift—the discrepancy between real-world data and training sets. Furthermore, traditional static security controls are unable to fully prevent specific AI attack vectors:

  • Evasion Attacks: An attacker manipulates input data (e.g., sensor signals in SCADA systems), disorienting the model, which can lead to the false shutdown of critical equipment.
  • Data Poisoning: Subtle modification of the training sample, through which the algorithm is programmed to make erroneous decisions in the future.
  • Model Inversion: Attempts to reconstruct sensitive system parameters or training data through the analysis of model output signals.

Four pillars of NIST AI RMF 1.0: adaptation for infrastructure operators

To structure risk management processes, the NIST AI Risk Management Framework (AI RMF 1.0) was developed. This document defines risk management as a continuous lifecycle organized around four key functions: Govern, Map, Measure, and Manage.

NIST AI RMF 1.0 FunctionPractical action in critical infrastructureExpected security outcome
GovernEstablishing an AI risk management culture, defining responsible personnel, and integrating into overall corporate security.Decision-making transparency and the elimination of uncontrolled "Shadow AI."
MapDefining the context of AI usage, classifying related technologies, and identifying sources of harm.Understanding architectural system limitations and preventing model use in inappropriate scenarios.
MeasureAnalyzing and quantifying risks, testing models for resilience against evasion attacks.Confirmed reliability and safety of AI solutions before deployment in a production environment.
ManageImplementing incident response procedures, real-time monitoring, and maintaining a secure system state.Minimization of consequences in the event of AI failure or compromise (rapid transition to fallback scenarios).

Integrating AI RMF with NIST CSF 2.0: aligning with corporate cybersecurity

Effective AI management is impossible in isolation. The updated NIST Cybersecurity Framework (CSF) 2.0 includes a new "Govern" function, which emphasizes that cybersecurity is a component of overall corporate governance. Integrating AI management policies into existing corporate cybersecurity frameworks allows for the creation of a unified, robust protection perimeter.

It is worth noting that implementing NIST AI RMF does not replace traditional cybersecurity tools (SIEM, NGFW, access control systems). It is a complementary layer of protection that focuses on the logic and data of models, while traditional IT controls continue to protect the infrastructure on which these models operate.

Continuous risk lifecycle: from threat modeling to monitoring

A fundamental approach to information security assessment is the use of the NIST SP 800-30 Rev. 1 methodology (Guide for Conducting Risk Assessments). Applying this guide to AI systems helps organizations, for example, assess the potential damage from an automated control system in a power grid or analyze the reliability of predictive maintenance for critical equipment.

AI risk management should be viewed as a continuous process. Approximately 53.7% of organizations face difficulties in ensuring the explainability of algorithms in industrial systems, which complicates incident investigation. Constant monitoring of model drift and regular updates to the threat profile are critical for maintaining a secure infrastructure state.

Architectural protection: implementation experience in regulated environments

Secure integration of AI agents into critical infrastructure requires deep engineering expertise. Softengi, a member of the Intecracy Group alliance, develops custom AI/IoT solutions with built-in security at the architectural level. The company's activities in this area are supported by certification under the international artificial intelligence management standard ISO/IEC 42001:2023, confirming a responsible and structured approach to the AI system lifecycle.

In projects with high security requirements, experts from the alliance utilize the mechanisms of the UnityBase platform. Commercial editions of the platform (Enterprise and Defence) provide a reliable foundation for data isolation and access control through built-in Role-Based Access Control (RBAC), Row-Level Security (RLS), and detailed audit trails. Thanks to this architecture, artificial intelligence systems are integrated into the enterprise's overall IT landscape, fully complying with strict information security standards, including ISO/IEC 27001 and the NIS2 directive, without creating additional vulnerabilities in the critical perimeter.

FAQ

How to integrate NIST AI RMF 1.0 into an existing ISO/IEC 27001 security management system?

NIST AI RMF is integrated as an additional risk management domain addressing AI-specific nuances. Risk identification and mapping processes for models (the Map function) are embedded into the overall corporate risk assessment system, extending the organization's existing Information Security Management System (ISMS).

Which specific AI threats are most critical for industrial SCADA systems?

For industrial systems, the most dangerous threats are evasion attacks, where an attacker subtly distorts sensor input signals to disorient the model, and data poisoning, which causes the AI to make erroneous decisions during automated equipment control.

Does the AI risk management framework replace traditional cybersecurity controls?

No, NIST AI RMF 1.0 is a complementary layer of protection. It does not replace traditional cybersecurity tools such as firewalls (NGFW) or SIEM systems, which continue to protect the underlying IT infrastructure from classic network threats.

Data sources