You can’t have not noticed the proliferation of Artificial Intelligence (AI) recently, not just in the context of cyber but just in our general everyday lives, and one thing we can be fairly sure of as a future trend is the continued growth of AI and its infiltration across multiple areas in our lives .
We can think about how AI could be used in the realm of OT cybersecurity, whether that is for simplifying and streamlining things you already do, or by enhancing security through new techniques and technologies.
The benefits AI could bring to Security Operations Centres (SOCs) could be very important. Why? Let’s think about the use of AI and Machine Learning (ML). If this “Future Tech” is used to analyse OT network traffic to identify patterns that indicate suspicious or abnormal activity, AI could be utilised to effectively identify new threats, such as zero-day vulnerabilities, rather than just relying on traditional Indicators of Compromise (IoC). We can also expect these technologies to be leveraged for threat prediction, and automating incident response in OT systems.
Away from the SOC, AI could also be used elsewhere in the OT environment such as Predictive Maintenance and Fault Detection. AI models can analyse data from OT sensors in the field to predict maintenance calls, with early detection of faults or wear and tear allowing timely intervention by maintenance staff. For example an AI system could predict a pump failure in a water treatment facility based on temperature fluctuations, vibrations, or noise, enabling proactive maintenance to fix the issue before a more serious fault develops. We are already seeing customers running innovation projects exploring how AI can help to increase overall resilience of OT systems and ultimately the resiliency of the industrial processes (think Critical National Infrastructure) that are being controlled.
We can even think of AI being able to help with simplifying OT Compliance and Reporting. For companies needing to ensure compliance with industry standards or regulations, an AI tool could streamline data collection, analysis, and reporting. We could imagine it being used to generate compliance reports, track security incidents, and verify that security policies are being met, which would definitely reduce the load on hard-pressed OT security teams.
In addition to using AI to improve security, we also need to make sure the AI systems themselves are secured. This is an important feature, because the potential for attackers to access and manipulate is great, especially as so much future tech is likely to be reliant on such systems. Some things to consider here are securing the platforms they are deployed on, ensuring the models are developed according to secure-by-design principles, and reviewing the source of the AI models as per supply chain security advice.
The steps we would normally take for security in other parts of OT systems should also be taken when AI is introduced. Things like Risk Assessments, Compliance checks, and Offensive Security testing, should all be considered as an important part of implementing AI within your OT systems. Thinking about architecture is also an important consideration, and if you are using a hosted solution, you should explore the impact of supply chain compromises on OT security.
We are starting to see more organisations with large OT estates look towards Attack Surface Management (ASM) to reduce risk within their industrial environments. This is a concept that has been developed in IT environments, but we are now seeing it be promoted for OT too, especially because the scope of OT is being expanded due to convergence with IT, greater integration of cloud solutions within industrial environments, and the proliferation of Industrial Internet of Things (IIoT) devices in the OT space.
There are many areas of cyber that are captured in the concept of ASM, but the overall objective here is to have a clear and dynamic view of exactly what assets you have in your OT scope and a continuous process of understanding and assessing the associated vulnerabilities to reduce the risk to those assets and the wider business context. It also prioritises having an “attacker’s view” of the system to understand the likely routes of compromise and prioritising mitigations to protect against high-consequence events.
ASM helps organisations in managing their OT attack surface to protect against evolving threats. In addition, it utilises concepts like defence in depth and zero trust where compensating controls extend security beyond the perimeter. These considerations allow a proactive approach to mitigating potential attackers’ actions.
These are only a few of the topics that we are expecting to see more of within OT systems in the near future, with no doubt there will be many others too.
If you are attending CyberUK 2024, call in at our stand, D10, Level 4, Hall 3, and we can discuss how we can help you navigate your OT systems through these future challenges. We look forward to seeing you.
Innovation Emmanuel Arbaretier, an Innovation Project Manager at Airbus Protect, tells us how Artificial Intelligence can benefit businesses in the future. Will artificial intelligence be a reliable and safe technology in the future? AI is a very promising technology, but obviously it presents a lot of uncertainties in the way it will be designed, developed and […]
Read more
Cybersecurity In the first part of this CTI focused blog posts series, we introduced the Intelligence Production Cycle and proposed a functional & technical architecture for a Cyber Threat Intelligence Platform integrated into and supporting both SOC and Incident Response (IR) operations.
Read more
Cybersecurity Find out how to use CTI as an Operational Support (part 1) Introduction to Cyber Threat Intelligence Cyber Threat Intelligence is a discipline of Intelligence applied to the cyber field. According to Kent’s Analytic Doctrine[1], the role of (Cyber) Intelligence Analysts is to provide “information and insights to policy decision-makers and action-takers”. In the context […]
Read more