Machine Learning

Machine learning (ML) is a core subfield of artificial intelligence (AI) focused on developing algorithms that allow computer systems to learn from and improve based on data, without being explicitly programmed. As defined in ISO/IEC 22989:2022, ML is the "process of acquiring knowledge by learning from data." In enterprise risk management, ML automates threat detection and supports decision-making. For instance, within an Intrusion Detection System (IDS) compliant with the ISO/SAE 21434 standard for automotive cybersecurity, an ML model can learn the normal communication patterns on a CAN bus. This enables it to identify sophisticated zero-day attacks that rule-based systems would miss. The key distinction from traditional software is that ML systems derive their own rules from data, rather than having rules hard-coded by humans. The trustworthiness of such systems is a key concern addressed in standards like ISO/IEC TR 24028:2020.

In automotive cybersecurity risk management, implementing machine learning involves several key steps. First, **Risk Identification and Data Strategy**, where critical threat scenarios are identified using methods like TARA from ISO/SAE 21434, and a corresponding data collection plan is established in compliance with regulations like GDPR. Second, **Model Development and Validation**, which involves selecting appropriate algorithms (e.g., autoencoders for anomaly detection) and training them. Validation must extend beyond performance metrics to include assessments of fairness, robustness, and explainability, as guided by frameworks like the NIST AI Risk Management Framework (AI RMF). Third, **Deployment, Monitoring, and Iteration**. The model is deployed on edge devices (ECUs) or a cloud platform, with continuous monitoring to detect performance degradation or concept drift. A Tier 1 supplier successfully used this process to develop an ML-based NIDS, achieving a 99.8% threat detection rate and reducing false positives by 60%, thereby passing UNECE R155 audits.

Taiwanese enterprises face three primary challenges when implementing machine learning for risk management. First, **Data Governance and Regulatory Compliance**: There is a scarcity of high-quality, labeled data, and its collection must adhere to Taiwan's Personal Data Protection Act and GDPR, creating significant compliance risks. The solution is to establish a top-down data governance framework and adopt Privacy by Design principles, utilizing techniques like federated learning. Second, **Interdisciplinary Talent Gap**: A shortage of professionals skilled in automotive engineering, cybersecurity, and data science hinders effective implementation. Partnering with expert consultants for targeted training and forming cross-functional teams can bridge this gap. Third, **Model Explainability and Validation**: The "black-box" nature of complex models makes it difficult to meet the traceability and validation requirements of safety and security standards like ISO 26262 and ISO/SAE 21434. Adopting Explainable AI (XAI) tools and implementing a rigorous V&V process, including Hardware-in-the-Loop (HIL) testing, is crucial to ensure audit readiness.

Winners Consulting specializes in machine learning for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact