Artificial Intelligence applied to industrial Cyber Security (OT)
Cyber Security in industrial or OT (Operational Technology) environments is crucial to protect critical infrastructures such as energy, transport and communication and has become an increasing concern as they become more interconnected and dependent on IT (Information Technology).
Different companies and organisations in various industrial environments have suffered from both technical and social engineering attacks over the years, which have become increasingly sophisticated and in greater volume.
Therefore, Artificial Intelligence (AI) could be the key to improving the ability of organisations to detect and prevent cyber-attacks in this type of industry, i.e., to make a qualitative leap in terms of the Cyber Security of OT systems.
How can Artificial Intelligence help improve industrial Cyber Security?
These new AI technologies may be able to detect and respond to security threats more effectively than traditional Cyber Security methods.
The following are some of the applications that Artificial Intelligence can have in the present and future of industrial systems:
- The use of machine learning that can analyse large volumes of data (millions of security events) and detect patterns (behavioural analysis) to prevent cyber-attacks and improve response times compared to current Cyber Security solutions.
- Monitoring and optimisation of industrial processes to predict maintenance needs and avoid future equipment problems, which would lead to unscheduled production downtime and, in turn, large losses for companies.
- The automation of security tasks, such as network monitoring, security patching, creating and updating firewall rules, helping security analysts to focus on more complex tasks.
Industrial Cyber Security event monitoring tools already have capabilities for learning the behaviour of network communications, and it is foreseeable that these capabilities will be integrated with those provided by Artificial Intelligence.
Staff workloads also mean that they are unable to comprehensively examine all incidents reported over time.
It is therefore difficult to envisage a future in which Artificial Intelligence does not play a key role in responding to industrial cyber-attacks and improving operational efficiency.
The challenges of applying Artificial Intelligence in Cyber Security OT
One of the biggest challenges today is to create safe, sustainable and responsible Artificial Intelligence for all, but it is not the only challenge.
The following are some of the challenges that can be created by the application of AI in industrial Cyber Security solutions:
- The quality of the training data needed by Artificial Intelligence (e.g., network traffic files or PCAP) due to the need for privacy and security of each company's internal information.
- The difficulty of interpreting and integrating Artificial Intelligence models into Cyber Security applications.
- The possible overload of alerts or lack of threat detection due to the generation of a large number of false positives or negatives due to the misapplication of Artificial Intelligence.
- Difficulty in identifying changes in industrial processes without the intervention of the people in charge (operators).
- The possibility that algorithms can be fooled or manipulated by attackers.
- The high market cost of AI-driven tools.
Concerns about the possible misuse of Artificial Intelligence and machine learning in this field of industrial Cyber Security would also require appropriate regulation.
On the other hand, it is possible that attempts could be made to use AI to defeat industrial Cyber Security defences by complementing the current knowledge of hackers.
Two researchers won a Zero Day Initiative hackathon by taking control of industrial systems through the use of ChatGPT.
There is a well-known example in a Zero Day Initiative hackathon in which two researchers won by disrupting and taking control of industrial systems through the use of ChatGPT. In this case, the researchers found several weaknesses in their systems and used this Artificial Intelligence to help them write the code to concatenate the vulnerabilities found, which saved them hours of development time.
While it is true that OpenAI and other companies with AI bots are adding controls and filters to prevent such malicious use, there is still some way to go before these technologies are considered completely safe from malicious actors.
The relevance of AI in industrial Cyber Security
As information and communication technologies continue to evolve and become even more integrated into critical infrastructures, the risk of cyber-attacks will continue to increase and therefore the solutions currently in use in the OT world need to be improved.
The future of Artificial Intelligence applied to industrial Cyber Security could be very promising, as these solutions could significantly improve the ability of organisations to detect patterns of abnormal behaviour and alert operators to potential threats.
The future of Artificial Intelligence applied to industrial Cyber Security is very promising.
In addition, Artificial Intelligence could also be used to predict the risk of an attack and provide recommendations to mitigate the risk before it occurs. AI can also strengthen authentication and authorisation of access to critical systems, as well as identify vulnerabilities in OT systems before they are exploited by attackers.
In conclusion, the use of Artificial Intelligence in industrial Cyber Security may be the key to protecting our critical infrastructures in an increasingly connected world.
Featured photo: DeepMind / Unsplash