The rise of AI is a double-edged sword when it comes to operational technology (OT) security: AI is fueling the rise of new cybersecurity attacks, but it can also be used to bolster cybersecurity.
Is AI the Key to OT Security?
Anand Oswal, Senior Vice President and General Manager of Network Security | Palo Alto Networks
AI is ushering in a new era of cybercrime and cybersecurity, and it is all happening at an extraordinarily rapid pace. The rise of AI is a double-edged sword when it comes to operational technology (OT) security: AI is fueling the rise of new cybersecurity attacks, but it can also be used to bolster cybersecurity.
OT leaders want to understand what AI means for them, and they should think about it in three ways: 1) how to use AI to protect against AI, 2) how to protect their own usage of AI and 3) how AI can help with the skills gap by simplifying. All three are important, but what is most critical to OT is using AI to protect against AI.
In a recent survey by Palo Alto Networks and ABI Research, 74% of respondents identified AI-based attacks on OT as a critical concern. Additionally, 80% said they believe AI is essential for stopping these cyber threats. This highlights an important point for the manufacturing sector: as cybercriminals leverage AI to target their operations, AI must also be used for defense. AI is a powerful tool in the OT security tool kit, especially for strengthening an organization’s defenses. It enables security teams to detect and block sophisticated attacks in real-time, which is important given that these attacks are changing all the time in an attempt to evade detection. For manufacturers, adopting AI-driven security measures will be essential for protecting production lines and sensitive data from evolving cyber threats.
The state of OT security today
More than 76% of respondents to our survey had experienced a cyberattack in their OT organization – and many of them had experienced multiple attacks on a regular basis. One in four said they’d experienced an attack that resulted in a shutdown of operations.
Industrial operations have become a huge target for bad actors, with some of the most feared attacks including malware, ransomware and insider attacks (those committed by users existing access to your environment, such as employees.) Threat vectors include OT malware tailor-made for a specific target and popular ransomware randomly dispatched against industrial organizations. Supply chain attacks are another prominent concern, given the significant impact these can have on business operations and much more. The 2020 SolarWinds attack, for instance, infected more than 18,000 systems worldwide and caused billions of dollars in damages.
OT security remains a challenge for multiple reasons, including ongoing siloes between IT and OT teams. When the right hand doesn't know what the left hand is doing, confusion – and compromised security – result.
The rise of AI and how it fits in
At the same time, bad actors are increasingly using AI to pull off faster and more sophisticated attacks – and OT security teams have to be prepared. Most survey respondents already see AI-enabled attacks as a critical issue.
Malicious actors are better than ever at determining targets, properly manipulating and taking advantage of systems and users, and using automation for targeted, complex attacks. Attackers use generative AI, speech synthesis and machine translation to reduce the level of manual supervision and customization they need to successfully conduct cyberattacks. There have already been several observations of cybercriminals using ChatGPT to develop malware.
Just as attackers can use AI for nefarious purposes, defenders can use it to strengthen cybersecurity. Today, many IT cyber security tools already use AI and machine learning (ML) in a variety of ways, including malware classification, automatic patching, threat detection and incident response. This trend must extend to OT cybersecurity, particularly since so many attacks originate from IT.
Yet organizations today are just starting to put this into practice; 63% of survey participants could not definitively say that they have a plan to use AI-empowered solutions in their OT environments.
Considerations for AI in OT security
AI offers substantial security benefits for OT security, including automating routine tasks, reducing human error, and processing data much faster to detect threats. It can also quickly adapt to new threats and scale operations.
However, AI systems are not infallible; humans are still needed in the mix. AI and automation can help with alerting and rooting out false positives, and then a human analyst can provide validation and decision-making. AI helps reduce workloads by eliminating many of the false alerts that a human analyst would otherwise need to deal with, but a comprehensive security strategy requires integrating AI with skilled human security analysts.
As mentioned above, while AI brings advantages, it also introduces new security risks. Cybercriminals can use AI to enhance their attack capabilities, executing more sophisticated and frequent attacks and introducing new threat vectors.
Implementing Zero Trust principles in OT environments is an effective way to mitigate AI-related threats. This approach involves several key strategies:
- Ensuring device visibility and discovery
- Securing device communications
- Setting up proper policies and segmentation
- Monitoring continuously
- Securing remote access
- Implementing automated workflows where appropriate
Zero Trust demands that trust is established with every request through robust identity verification, access control, and authentication mechanisms. Notably, 87% of industrial respondents believe that Zero Trust is the optimal approach for securing OT environments.
Most OT attacks initiate on the IT side of the house, using techniques like social engineering, ransomware, and more. AI makes these types of attacks easier to create and pull off. Using AI-based threat detection and response to stop threats as quickly as possible, if not immediately, is imperative.
For attacks that penetrate the core of OT systems and directly compromise OT devices, AI is indispensable for monitoring, baselining the behavior of devices, detecting anomalies and protecting the hundreds, if not thousands, of devices. This would be almost impossible for Security Operations Center (SOC) analysts to manage individually, but this is where AI can play an important role. AI can help address the cybersecurity skills shortage and enhance the ability of human analysts, by quickly gaining insights and leveraging automation to reduce the number of events that require human intervention.
Finally, an effective AI-based strategy must leverage all available data within the operational estate. It is crucial to seek solutions that provide comprehensive coverage and have extensive experience with both OT and IT environments to ensure strong protection against evolving threats.
The key to OT security
Bad actors are rapidly adopting AI to help them pull off more attacks, faster and with greater sophistication. At the same time, AI can be a powerful tool in the security pro's toolbox, especially when it comes to shoring up OT defenses. Use the guidelines above to devise a cybersecurity strategy that fights AI fire with fire.
The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow
Comments (0)
This post does not have any comments. Be the first to leave a comment below.