Jorge Rubio

Cyber Security in industrial or OT (Operational Technology) environments is crucial to protect critical infrastructures such as energy, transport and communication and has become an increasing concern as they become more interconnected and dependent on IT (Information Technology). Different companies and organisations in various industrial environments have suffered from both technical and social engineering attacks over the years, which have become increasingly sophisticated and in greater volume. Therefore, Artificial Intelligence (AI) could be the key to improving the ability of organisations to detect and prevent cyber-attacks in this type of industry, i.e., to make a qualitative leap in terms of the Cyber Security of OT systems. How can Artificial Intelligence help improve industrial Cyber Security? These new AI technologies may be able to detect and respond to security threats more effectively than traditional Cyber Security methods. The following are some of the applications that Artificial Intelligence can have in the present and future of industrial systems: The use of machine learning that can analyse large volumes of data (millions of security events) and detect patterns (behavioural analysis) to prevent cyber-attacks and improve response times compared to current Cyber Security solutions. Monitoring and optimisation of industrial processes to predict maintenance needs and avoid future equipment problems, which would lead to unscheduled production downtime and, in turn, large losses for companies. The automation of security tasks, such as network monitoring, security patching, creating and updating firewall rules, helping security analysts to focus on more complex tasks. Operator using new technologies in a factory. Shalom de León / Unsplash Industrial Cyber Security event monitoring tools already have capabilities for learning the behaviour of network communications, and it is foreseeable that these capabilities will be integrated with those provided by Artificial Intelligence. Staff workloads also mean that they are unable to comprehensively examine all incidents reported over time. It is therefore difficult to envisage a future in which Artificial Intelligence does not play a key role in responding to industrial cyber-attacks and improving operational efficiency. Cyber Security Cybersecurity: “black swan“ events in a connected world March 21, 2023 The challenges of applying Artificial Intelligence in Cyber Security OT One of the biggest challenges today is to create safe, sustainable and responsible Artificial Intelligence for all, but it is not the only challenge. The following are some of the challenges that can be created by the application of AI in industrial Cyber Security solutions: The quality of the training data needed by Artificial Intelligence (e.g., network traffic files or PCAP) due to the need for privacy and security of each company's internal information. The difficulty of interpreting and integrating Artificial Intelligence models into Cyber Security applications. The possible overload of alerts or lack of threat detection due to the generation of a large number of false positives or negatives due to the misapplication of Artificial Intelligence. Difficulty in identifying changes in industrial processes without the intervention of the people in charge (operators). The possibility that algorithms can be fooled or manipulated by attackers. The high market cost of AI-driven tools. Concerns about the possible misuse of Artificial Intelligence and machine learning in this field of industrial Cyber Security would also require appropriate regulation. Jeshoots / Unsplash On the other hand, it is possible that attempts could be made to use AI to defeat industrial Cyber Security defences by complementing the current knowledge of hackers. Two researchers won a Zero Day Initiative hackathon by taking control of industrial systems through the use of ChatGPT. There is a well-known example in a Zero Day Initiative hackathon in which two researchers won by disrupting and taking control of industrial systems through the use of ChatGPT. In this case, the researchers found several weaknesses in their systems and used this Artificial Intelligence to help them write the code to concatenate the vulnerabilities found, which saved them hours of development time. While it is true that OpenAI and other companies with AI bots are adding controls and filters to prevent such malicious use, there is still some way to go before these technologies are considered completely safe from malicious actors. CYBER SECURITY Artificial Intelligence, ChatGPT, and Cyber Security February 15, 2023 The relevance of AI in industrial Cyber Security As information and communication technologies continue to evolve and become even more integrated into critical infrastructures, the risk of cyber-attacks will continue to increase and therefore the solutions currently in use in the OT world need to be improved. The future of Artificial Intelligence applied to industrial Cyber Security could be very promising, as these solutions could significantly improve the ability of organisations to detect patterns of abnormal behaviour and alert operators to potential threats. The future of Artificial Intelligence applied to industrial Cyber Security is very promising. In addition, Artificial Intelligence could also be used to predict the risk of an attack and provide recommendations to mitigate the risk before it occurs. AI can also strengthen authentication and authorisation of access to critical systems, as well as identify vulnerabilities in OT systems before they are exploited by attackers. In conclusion, the use of Artificial Intelligence in industrial Cyber Security may be the key to protecting our critical infrastructures in an increasingly connected world. Featured photo: DeepMind / Unsplash. Published 04.25.2023 Updated 03.25.2024

Industrial environments can be found in any type of sector we can imagine, whether in water treatment, transport, pharmaceutical, machinery manufacturing, electrical, food or automotive companies, among others. The differences between an industrial environment and the typical corporate or IT (Information Technology) environment is that industrial communication networks or OT (Operational Technology) are designed for a specific task and use equipment and systems that do not change over time, i.e., the same communications between the same devices are produced continuously, in a cyclical manner, unlike the corporate world in which a multitude of different equipment is connected at different times, such as laptops or corporate mobiles, for example. Another major difference is that these industrial devices are more likely to have vulnerabilities in their firmware or software because they are outdated equipment that is not usually updated or patched, as they are not compatible with the latest operating systems on the market or because replacing them could be very costly for the company. In addition, it is common to use unencrypted network communications or insecure protocols that allow vulnerabilities to be exploited or passwords to be obtained in clear text. The most serious implications of an industrial system being breached are the impact on the physical safety of people. This state of industrial environments, coupled with the increasingly pressing need to connect industrial processes and factories to the corporate world, the cloud or the internet, increases the risks of a cyber-attack on such facilities. The most serious implications of an industrial system being breached are the impact on the physical security (safety) of people, as well as economic losses or damage to the company's image, which is why it is vitally important to try to protect this equipment against any cyber-attack. CYBER SECURITY Wireless attacks on OT September 5, 2022 Cyber-attacks that have occurred in the past in industrial environments Over the years, various companies and organisations in all types of industrial environments have been attacked, both through technical and social engineering attacks, as well as through carelessness, laziness or lack of employee awareness, such as the use of USB keys between OT equipment and IT systems. The following are some examples of the different types of cyber-attacks used to attack companies in a variety of sectors with industrial environments: Malware in industrial or field devices. Communication hijacking and man-in-the-middle attacks. Denial of service. Spear phishing. Database espionage. Supply chain attacks. Improper or malicious device updates. Photo: Greg Rosenke / Unsplash And these are not isolated cases - attacks on industrial infrastructures are in the news all the time! Some of the most relevant are the following: Worcester Airport in the United States (1997): A hacker hacked into the communications of the air traffic control system and caused a system failure that rendered the telephone system completely useless, affecting the control tower and different areas of the airport (fire brigade, meteorology, etc.), which had a major economic impact. Saudi Aramco (2012): An attacker gained access to the industrial network through one of the employees and deleted the content of all computers. This resulted in the management of supplies, oil transportation, contracts with governments and business partners being done on paper. If it had been a smaller company, this attack would probably have bankrupted it. Maersk (2017): A cyber-attack using the "NotPetya" malware caused outages in all of the shipping company's business units, bringing its container shipping operations around the world to a standstill for weeks. The losses generated by this attack are estimated to be as high as $300 million. Oldsmar water treatment plant (2021): A group of attackers gained access to the SCADA (Supervisory Control and Data Acquisition) systems used to control the chemical treatment of Florida's water and altered the levels of caustic soda in the drinking water. Thanks to an operator who identified the unauthorised access and was able to detect the manipulation, this did not have serious adverse effects on the population. These are just some of the examples that have been reported in the media, but there are many others that we will never know about. AI of Things New business opportunities using Internet of Things (IoT) November 29, 2022 How to avoid or mitigate the consequences of an industrial cyber-attack To minimise the risks of suffering a cyber-attack in an industrial environment, network visibility must be minimised to reduce the attack surface, increase staff training to avoid social engineering attacks, generate new cyber security procedures and policies, and deploy technologies appropriate to the environment to prevent or mitigate the effects that could occur. One of the key aspects is the monitoring of industrial networks using dedicated tools specialised in OT communications protocols that analyse anomalous behaviour once they have learned the normal or baseline behaviour of the network, such as Nozomi Networks' probes Visualisation of the network through an industrial monitoring tool. Source: Nozomi Networks. As well as generating alerts when malicious action is found, these tools also provide great visibility into the industrial network by providing an inventory of connected devices, which can help companies discover unidentified equipment that could be a gateway for future cybercriminals. But what should be done with all the information obtained by these industrial monitoring probes? One of the options could be to integrate them with a SIEM (Security Information and Event Management), so that all alerts are aggregated in the same place and can be correlated with each other. In addition, it is necessary to establish an incident response procedure that determines what actions to take according to the type, severity and location of each of the alerts. But all of this cannot be done without dedicated personnel specialised in these monitoring and industrial incident response tasks. The importance of cyber security in industrial environments Industrial cyber security risks continue to grow over time as industrial networks become increasingly connected and exposed to IT networks or even the internet, and the number of threats grows exponentially. Cyber threats can have a major impact on personal and corporate reputation (loss of customer confidence), financial operations (fines for non-compliance) and business (unscheduled production downtime), as well as potential legal liabilities (legal consequences for non-compliance with laws and physical and environmental security standards). This is why it is crucial to implement, manage and improve cyber security measures in industrial environments in order to maintain and increase their effectiveness against any cyber attack. Featured photo: Umit Yildirim / Unsplash