Singapore releases guidelines for securing AI systems and prohibiting deepfakes in elections

Singapore made a slew of cybersecurity bulletins this week, together with guidelines on securing artificial intelligence (AI) techniques, a security label for medical units, and new laws that prohibits deepfakes in elections promoting content material.

Its new Guidelines and Companion Guide of Securing AI Systems goal to push a safe by-design method, so organizations can mitigate potential dangers within the growth and deployment of AI techniques. 

Additionally: Can AI and automation properly manage the growing threats to the cybersecurity landscape?

“AI techniques could be weak to adversarial assaults, the place malicious actors deliberately manipulate or deceive the AI system,” mentioned Singapore’s Cyber Safety Company (CSA). “The adoption of AI may exacerbate present cybersecurity dangers to enterprise techniques, [which] can result in dangers reminiscent of knowledge breaches or end in dangerous, or in any other case undesired mannequin outcomes.”

“As such, AI needs to be safe by design and safe by default, as with all software program techniques,” the federal government company mentioned. 

Additionally: AI anxiety afflicts 90% of consumers and businesses – see what worries them most

It famous that the rules establish potential threats, reminiscent of provide chain assaults, and dangers reminiscent of adversarial machine studying. Developed just about established worldwide requirements, they embody ideas to assist practitioners implement safety controls and greatest practices to guard AI techniques.

The rules cowl 5 phases of the AI lifecycle, together with growth, operations and upkeep, and end-of-life, the latter of which highlights how knowledge and AI mannequin artifacts needs to be disposed of. 

Additionally: Cybersecurity professionals are turning to AI as more lose control of detection tools

To develop the companion information, CSA mentioned it labored with AI and cybersecurity professionals to offer a “community-driven useful resource” that gives “sensible” measures and controls. This information additionally will probably be up to date to maintain up with developments within the AI safety market. 

It contains case research, together with patch assaults on picture recognition surveillance techniques. 

Nevertheless, as a result of the controls primarily tackle cybersecurity dangers to AI techniques, the information doesn’t tackle AI security or different associated parts, reminiscent of transparency and equity. Some really helpful measures, although, might overlap, CSA mentioned, including that the information doesn’t cowl the misuse of AI in cyberattacks, reminiscent of AI-powered malware or scams, reminiscent of deepfakes. 

Additionally: Cybersecurity teams need new skills even as they struggle to manage legacy systems

Singapore, nevertheless, has handed new legislation outlawing the use of deepfakes and different digitally generated or manipulated on-line election promoting content material. 

Such content material depicts candidates saying or doing one thing they didn’t say or do however is “real looking sufficient” for members of the general public to “moderately consider” the manipulated content material to be actual. 

Deepfakes banned from election campaigns

The (Elections Integrity of Online Advertising) (Amendment) Bill was handed after a second reading in parliament and in addition addresses content material generated utilizing AI, together with generative AI (Gen AI), and non-AI instruments, reminiscent of splicing, mentioned Minister for Digital Improvement and Info Josephine Teo. 

“The Invoice is scoped to deal with essentially the most dangerous varieties of content material within the context of elections, which is content material that misleads or deceives the general public a few candidate, by means of a false illustration of his speech or actions, that’s real looking sufficient to be moderately believed by some members of the general public,” Teo mentioned. “The situation of being real looking will probably be objectively assessed. There isn’t a one-size-fits-all set of standards, however some common factors could be made.”

Additionally: A third of all generative AI projects will be abandoned, says Gartner

These embody content material that “carefully match[es]” the candidates’ identified options, expressions, and mannerisms, she defined. The content material additionally might use precise individuals, occasions, and locations, so it seems extra plausible, she added. 

Most in most of the people might discover content material exhibiting the Prime Minister giving funding recommendation on social media to be inconceivable, however some nonetheless might fall prey to such AI-enabled scams, she famous. “On this regard, the regulation will apply as long as there are some members of the general public who would moderately consider the candidate did say or do what was depicted,” she mentioned.

Additionally: All eyes on cyberdefense as elections enter the generative AI era

These are the 4 parts that have to be met for content material to be prohibited underneath the brand new laws: has a web-based elections advert been digitally generated or manipulated, and depicts candidates saying or doing one thing they didn’t, and is real looking sufficient to be deemed by some within the public to be legit. 

The invoice doesn’t outlaw the “cheap” use of AI or different know-how in electoral campaigns, Teo mentioned, reminiscent of memes, AI-generated or animated characters, and cartoons. It additionally won’t apply to “benign beauty alterations” that span using magnificence filters and adjustment of lighting in movies. 

Additionally: Think AI can solve all your business problems? Apple’s new study shows otherwise

The minister additionally famous that the Invoice won’t cowl non-public or home communications or content material shared between people or inside closed group chats.

“That mentioned, we all know that false content material can flow into quickly on open WhatsApp or Telegram channels,” she mentioned. “Whether it is reported that prohibited content material is being communicated in massive group chats that contain many customers who’re strangers to 1 one other, and are freely accessible by the general public, such communications will probably be caught underneath the Invoice and we are going to assess if motion needs to be taken.”

Additionally: Google unveils $3B investment to tap AI demand in Malaysia and Thailand

The regulation additionally doesn’t apply to information revealed by licensed information businesses, she added, or to the layperson who “carelessly” reshares messages and hyperlinks not realizing the content material has been manipulated. 

The Singapore authorities plans to make use of numerous detection instruments to evaluate whether or not the content material has been generated or manipulated utilizing digital means, Teo defined. These embody business instruments, in-house instruments, and instruments developed with researchers, such because the Centre of Superior Applied sciences in On-line Security, she mentioned.

Additionally: OpenAI sees new Singapore office supporting its fast growth in the region

In Singapore, corrective instructions will probably be issued to related individuals, together with social media providers, to take away or disable entry to prohibited on-line election promoting content material. 

Fines of as much as SG$1 million could also be issued for a supplier of a social media service that fails to adjust to a corrective course. Fines of as much as SG$1,000 or imprisonment of as much as a 12 months, or each, could also be meted out to all different events, together with people, that fail to adjust to corrective instructions. 

Additionally: AI arm of Sony Research to help develop large language model with AI Singapore

“There was a noticeable improve of deepfake incidents in nations the place elections have taken place or are deliberate,” Teo mentioned, citing research from Sumsub that estimated a three-fold improve in deepfake incidents in India and greater than 16 occasions in South Korea, in comparison with a 12 months in the past. 

“AI-generated misinformation can significantly threaten our democratic foundations and calls for an equally severe response,” she mentioned. The brand new Invoice will make sure the “truthfulness of candidate illustration” and integrity of Singapore’s elections could be upheld, she added.

Is that this medical gadget adequately secured? 

Singapore can be seeking to assist customers procure medical units which are adequately secured. On Wednesday, CSA launched a cybersecurity labeling scheme for such devices, increasing a program that covers consumer Internet of Things (IoT) merchandise. 

The brand new initiative was collectively developed with the Ministry of Well being, Well being Sciences Authority, and nationwide health-tech company, Synapxe. 

Additionally: Singapore looks for ‘practical’ medical breakthroughs with new AI research center

The label is designed to point the extent of safety in medical units and allow healthcare customers to make knowledgeable shopping for choices, CSA mentioned. This system applies to units that deal with personally identifiable data and scientific knowledge, with the flexibility to gather, retailer, course of, and transmit the info. It additionally applies to medical tools that connects to different techniques and providers and might talk through wired or wi-fi communication protocols. 

Merchandise will probably be assessed primarily based on 4 ranges of ranking, Degree 1 medical units should meet baseline cybersecurity necessities, Degree 4 techniques should have enhanced cybersecurity necessities, and should additionally go unbiased third-party software program binary evaluation and safety analysis. 

Additionally: These medical IoT devices carry the biggest security risks

The launch comes after a nine-month sandbox section that led to July 2024, throughout which 47 functions from 19 taking part medical gadget producers put their merchandise by means of a wide range of assessments. These embody in vitro diagnostic analyzers, software program binary evaluation, penetration testing, and safety analysis. 

Suggestions gathered from the sandbox section was used to finetune the scheme’s operational processes and necessities, together with offering extra readability on the appliance processes and evaluation methodology. 

Additionally: Asking medical questions through MyChart? Your doctor may let AI respond

The labeling program is voluntary, however CSA has referred to as for the necessity to take “proactive measures” to safeguard in opposition to rising cyber dangers, particularly as medical units more and more connect with hospital and residential networks. 

Medical units in Singapore at the moment have to be registered with HSA and are topic to regulatory necessities, together with cybersecurity, earlier than they are often imported and made obtainable within the nation. 

Additionally: AI is relieving therapists from burnout. Here’s how it’s changing mental health

CSA in a separate announcement mentioned the cybersecurity labeling scheme for client units is now recognized in South Korea. 

The bilateral agreements have been inked on the sidelines of this week’s Singapore Worldwide Cyber Week 2024 convention, with the Korea Web & Safety Company (KISA) and the German Federal Workplace for Info Safety (BSI). 

Scheduled to take impact from January 1 subsequent 12 months, the South Korean settlement will see KISA’s Certification of IoT Cybersecurity and Singapore’s Cybersecurity Label mutually acknowledged in both nation. It marks the primary time an Asia-Pacific market is a part of such an settlement, which Singapore additionally has inked with Finland and Germany.

Additionally: Hooking up generative AI to medical data improved usefulness for doctors

South Korea’s certification scheme encompasses three ranges — Lite, Fundamental, and Normal — with third-party lab assessments required throughout all. Gadgets issued with Fundamental Degree will probably be deemed to have acquired Degree 3 necessities of Singapore’s labeling scheme, which has 4 ranking ranges. KISA, too, will acknowledge Singapore’s Degree 3 merchandise as having fulfilled its Fundamental stage certification. 

The labels will apply to client good units, together with house automation, alarm techniques, and IoT gateways.