Ndiaye, Ndeye GagnessiryKirdan, ErkinWaedt, KarlKlein, MaikeKrupka, DanielWinter, CorneliaGergeleit, MartinMartin, Ludger2024-10-212024-10-212024978-3-88579-746-3https://dl.gi.de/handle/20.500.12116/45146Several emerging technologies have substantially affected the scope and implementation of security testing. This includes the testing of cryptographic algorithm implementation, the security of Machine Learning (ML) and Artificial Intelligence (AI) algorithms, joint functional safety and security-related (IEC TR 63069) testing, security and privacy-related testing of big data and cloud computing, e.g. with regard to de-identification. This paper focuses on the security ML and AI implementations, examining their integration in industrial control and nuclear systems (IEC 62443). Special attention is given to security threats considered throughout the AI system life cycle specifically at design phase. We assess the entirety of the secure development lifecycle, which includes stages such as data and model management, risk assessment, and the enhancement of system robustness and resilience as specified by ISO/IEC 42001. To highlight the critical role of verification and validation (V&V), we conduct a proof-of-concept exploit targeted and gradual feature poisoning attack on a water treatment and distribution simulator fault detector. We achieve to demonstrate the impact of the attack on model robustness and performance through explainable metrics and pave the way for the development of a secure lifecycle framework, thereby increasing the chances of successful deployment.enIndustry 4.0Security TestingArtificial Intelligence (AI)Machine Learning (ML)Secure Development LifecycleVerification and Validation (V&V)CybersecurityExplainable AI (XAI)Functional SafetyCritical InfrastructureText/Conference Paper10.18420/inf2024_1691617-5468