By Christian Alejandro, Industrial Cybersecurity Specialist
Cyberattacks are mounting against critical infrastructure across all industries. The vulnerability of Operational Technology (OT) systems is becoming increasingly more apparent as in-field sensors, machines, and equipment become more connected. Asset owners are realizing that the most effective way to stay a step ahead of bad actors using artificial intelligence (AI) is to leverage the very same technology to protect them.
AI has numerous uses and benefits, especially as it relates to mitigating cyber threats. Its detection capabilities are both robust and extremely swift (measured in milliseconds) and this rapid analysis is especially useful for OT environments where exists a large amount of consistent, predictable data. In addition, AI’s enormous predictive capabilities enable it to identify potential vulnerabilities and signal necessary updates.
AI can recognize a diversity of threats and be trained in a variety of scopes. Its detection prowess stays relevant and up to date. AI and its subset machine learning (ML) are in a constant learning mode, allowing for defense mechanisms to be easily refined as needed.
AI vs. AI
One of the most compelling reasons to consider using AI in industrial cybersecurity environments is because bad actors, whether they are nation-state, political hacktivists, or ransomware organizations, are actively introducing AI into their attacks. When used for nefarious reasons, AI can hunt, learn, and profile system vulnerabilities. AI shortens the learning curve for attackers and accelerates their ability to use information gained from failed attacks to enable successful ones.
On the defensive side of this battlefield, AI has some exceeding strengths. AI can conduct better self-assessments to find vulnerabilities that would otherwise be difficult to detect and dynamically recommend how to adapt defenses to new and emerging threats. It can also help provide faster attack identification and validation, and even help to identify new attack variations, or ‘zero-day’ attacks, that have not been used in the past. Best of all, AI can leverage the collective knowledge and experience of the industrial cyber community, emphasizing one resounding battle call- you are not alone in this fight.
Another aspect of AI beyond its cybersecurity defense capabilities is its ability to boost operational efficiencies across many sectors of critical infrastructure. AI is so all-encompassing that it can examine and learn operations and work to improve efficiencies in those areas. If there’s AI analyzing the patterns of sensors, machines, valves, and equipment throughout a facility, there is high potential for newfound efficiencies across the board.
The Human Factor
To be clear, AI is still an emerging technology, and it has some downside considerations. It requires a significant financial investment and a workforce specifically trained in AI technology to get the most out of the benefits it can provide. The fast pace of AI’s constant state of evolution can lead to standardization issues, potentially causing disruptions and vulnerabilities in the OT environment.
Perhaps the biggest issue that causes hesitation is the fear of losing the “human factor” as it relates to operations. Could AI replace entry-level positions and leave a void of talent that would have eventually rise in the organization? Could technicians lose their ability to understand what their computers do under the hood? While these are legitimate questions, the fears are, for the most part, unfounded. In fact, since some critical infrastructure industries struggle to find talent for their cyber operations, one can take the view that AI could be used to help bridge that skillset gap.
One key factor to remember is that when introducing AI, its training can be controlled. It can introduce “hand-crafted knowledge,” and be the rule-based system that simulates human thinking and decision-making. In this manner, AI can learn logical reasoning without ceding full human control. Another training method is ML, a statistical learning methodology that generates learning patterns from trained data sets. It only stands to reason that the better the data, the better the subsequent learning and results.
On the flip side of that concept, however, is that to be fully effective, AI must be allowed to make decisions, act immediately in a threat event, and be able to continually learn and assimilate. Too much human control of AI reduces it to no more than a basic monitoring system.
The balance between the human and AI element is the unique middle ground that organizational leadership should aim for.
Upgrading Legacy Systems
A significant number of today’s OT systems in critical infrastructure – water, pipelines, power, offshore and transportation – are still using legacy systems in their platforms. Leaders in critical infrastructure industries are recognizing that the time to begin a transition to modern technology has well arrived.
Leadership also needs to consider the pace of cybersecurity enhancements. Bad actors are now using AI. Technology is developed with integrated AI-capabilities. Organizations are implementing AI to perform entry-level position activities. Critical infrastructure industries need to consider how they are going to do the AI integration to protect their assets because in today’s world, AI is part of running safe and secure operations.
To learn more about how Black & Veatch can help you assess and improve your cybersecurity measures in your OT environments, get in touch with our team of industrial cybersecurity experts.