The Government Accountability Office has called on the Department of Homeland Security to immediately update its artificial intelligence guidance and template for sector risk management agencies, or SMRAs.
A new DHS guidance for AI risk assessment will help address fears that the technology could be used to attack U.S. critical infrastructure, GAO said in a Wednesday report.
Table of Contents
AI Risk Assessment for Key Activities
In its audit, GAO focused on how SMRAs would address key activities linked to AI assessments, such as documented assessment methodology, identified AI use cases, identified potential risks, evaluated level of risk, identified mitigation strategies and mapped mitigation strategies to risks. The report found that while the agencies completed the requirements to identify AI use cases, they failed to anticipate the risks involved.
The watchdog also noted that 16 of the 17 risk assessments considered potential risks, but none gauged the level of potential harm and the probability of an event occurring. In addition, most of the agencies did not link their risk mitigation strategies to potential risks. Notably, only seven agencies partially addressed risk mitigations while 10 agencies skipped the measure altogether.
Next Steps
GAO urged the DHS secretary to immediately beef up the guidance and template for AI risk assessments to address the identified gaps and share the updates with the SRMAs. The department concurred with the recommendation and vowed to release additional guidance that includes “identifying potential risks and evaluating the level of risk.”