Ethical and Regulatory Challenges in Managing AI-Centric Cybersecurity Programs for Critical Infrastructure
DOI:
https://doi.org/10.21590/ijtmh.10.04.20Keywords:
AI-centric cybersecurity, critical infrastructure protection, ethical AI governance, regulatory compliance, adversarial machine learning, cybersecurity program management.Abstract
Artificial intelligence (AI) has become a prevalent feature of modern cybersecurity programs for critical infrastructure systems such as those used in energy, transportation, healthcare, and industrial control systems. AI-based security solutions can provide more accurate detection, adaptive response, and scalability than traditional rule-based systems. However, the use of these systems in safety-critical and highly regulated sectors of the economy raises significant ethical and regulatory issues which present additional challenges to their effective management. These include risks of adversarial machine learning, explainability limitations of complex models, accountability gaps for autonomous decisions, and the challenge of meeting regulatory requirements for cybersecurity practices and data privacy in AI-driven operations.
This paper presents a thorough, literature-based exploration of the ethical and regulatory challenges of program management for AI-focused cybersecurity programs for critical infrastructure. Building on existing research in areas such as adversarial machine learning, ethical AI, and cybersecurity for critical infrastructure, this work takes a program-level perspective to understand how technical, ethical, and regulatory risks manifest and intersect at various stages of the AI lifecycle. By reviewing existing frameworks, standards, and principles in these areas, this study identifies the structural limitations of traditional cybersecurity program governance frameworks when applied to AI-based solutions.
By conceptually organizing these issues along several dimensions of responsible AI - namely robustness, transparency, accountability, and regulatory compliance - this study aims to provide an analytically coherent foundation to understand responsible AI in the context of critical infrastructure cybersecurity. The insights presented highlight opportunities for holistic governance approaches that balance innovation, ethics, and legal considerations, while supporting sustainable, long-term trust in AI-enabled cybersecurity solutions.
