New guidance issued on machine learning principles

June 5, 2024

The National Cyber Security Centre (NCSC) has issued guidance to help developers, engineers, decision makers and risk owners in creating and using machine learning systems.


Machine learning is a type of artificial intelligence where computers find patterns in data or solve problems automatically.


To explain, imagine you’re teaching a child how to recognise different animals. Instead of telling them all the rules to identify a cat or a dog, you show them lots of pictures of cats and dogs and tell them which is which. Over time, they get better at telling cats from dogs just by looking at them.


Machine learning is like that, but for computers. Instead of giving the computer a strict set of instructions for every possible scenario, you feed it lots of examples and it learns from these. For instance, if you want a computer to recognise emails that are spam, you show it many emails that are labelled as “spam” and ‘not spam.” The computer looks at all the examples and starts figuring out the patterns. Then, when it sees a new email, it can guess whether it’s spam based on what it has learned.


In simple terms, machine learning is about teaching computers to learn from examples so they can make decisions or predictions on their own.


The pace of development in machine learning is high and NCSC are concerned that security could be left as a secondary consideration. They are encouraging that security be made part of the design from the outset and that it be a core requirement throughout the life cycle of the machine learning system.


The new guidance includes principles that can help developers, engineers, and decision makers to make informed decisions about their system. The end goal being to assure stakeholders and end users that a machine learning system is safe and secure.


To review the guidance in full, please see:


https://www.ncsc.gov.uk/collection/machine-learning-principles