The AI Race for Industrial Cybersecurity

Author(s): Jorge Alcántara Barroso

Originally published on Towards AI.

State of the art, insights, and advice for the future

AI in industrial cybersecurity is not a question. It will protect our critical infrastructures in an increasingly connected world. By learning from real-world examples, addressing challenges, and leveraging AI’s capabilities, companies & governments should be able to safeguard their systems and our privacy. Not using these tools will be a disservice to their users or citizens.

As our interconnected world accelerates and technology empowers developers to achieve more with fewer resources, the importance of robust Operational Technology (OT) cybersecurity in safeguarding infrastructure–such as energy, transportation, and communication sectors–has never been more critical. Criminals and hostile actors are deploying increasingly sophisticated and high-volume attacks. Artificial Intelligence (AI) has emerged as the game-changing solution for both enhancing organizations’ ability to prevent industrial cyberattacks & the potential of bad actors to run havoc in these systems.

The Evolving AI Threat Landscape

As technology advances, so do the threats that the cybersecurity industry must contend with. Some threats may not be considered significant until the first major attack has occurred. Still, we can prepare for those traditional threats that are already a growing challenge due to AI:

1. Personalized Social Engineering Attacks: The development of generative language and image models, like GPT-4 & Midjourney v5, enables sophisticated and personalized social engineering attacks that are still automated. Cybercriminals can use these AI models to craft highly convincing phishing emails, impersonating trusted individuals, or generate context-aware scams, making it increasingly difficult for users and security solutions to detect malicious content or patterns to identify bot-like behavior. [1]
2. Opinion Shifters & Biometric Hazards: Fraudsters can now easily use deep fake technology to create videos or images geared to manipulate public opinion, blackmail individuals, or even bypass facial recognition security systems. [2]
3. AI-powered Cyber Weapons: As these models improve in efficiency and accuracy, they can be weaponized to create advanced malware or attack vectors. Adversaries can use ML algorithms to optimize their attacks just as cybersecurity companies do the same to detect threats in an unending tug-of-war, making them more effective at evading detection and increasing their success rate. [3]
4. Adversarial Attacks on AI Systems: The increased reliance on AI for security measures is giving rise to adversarial attacks targeting AI systems themselves. These attacks often involve feeding deceptive inputs–or prompt injection–to AI models to cause them to misclassify data, behave unexpectedly, or reveal sensitive information. The new models we’re so excited about also have the potential to be fooled or manipulated by bad actors, undermining the integrity of the systems they protect or interact with. [4]
5. Automated Vulnerability Discovery and Exploitation: AI-driven tools can be employed to identify vulnerabilities in software and infrastructure more rapidly than human analysts. Once vulnerabilities are discovered, AI models can be used to create tailored exploits or launch coordinated attacks, significantly reducing the time between vulnerability discovery and exploitation. [5]

How AI is Revolutionizing Industrial Cybersecurity

Still, not all is bleak. As threats emerge, so do tools to address these new issues and improve protection against more traditional attacks. AI-driven technologies have demonstrated superiority in detecting and responding to security threats compared to traditional methods. Let’s explore together various ways AI is transforming these systems, alongside real-world examples you can learn from today:

Anomaly Detection and Behavioral Analysis

AI leverages machine learning to analyze massive volumes of data (millions of security events) and identify patterns (behavioral analysis), enabling the prevention of cyberattacks and improving response times.

Real-World Example: Darktrace, a cybersecurity firm, utilizes AI to detect abnormal behavior patterns in control systems [6]. Its AI-powered tool can identify and prevent potential cyberattacks before they wreak havoc, and way before a team of humans would’ve been able to detect an issue.

Predictive Maintenance and Optimization

AI solutions are already monitoring and predicting industrial needs, scheduling maintenance, and averting future equipment issues that could lead to unscheduled production downtime and significant financial losses or worse. Long-term cyber-attacks on infrastructure may be limited to routinely overusing resources to produce system failures.

Real-World Example: Siemens employs AI-based solutions to anticipate equipment failures and optimize maintenance schedules across various industries, such as power generation, oil, gas, and manufacturing [7]. This approach reduces downtime and costs and can help you track misuse.

Automation of Security Tasks

Automating security tasks, like network monitoring, patch application, and firewall rule creation and updates, frees up security analysts to tackle more complex tasks.

Real-World Example: IBM’s Watson for Cyber Security [8] automates threat detection and response, enabling analysts to address high-priority threats more efficiently.

Navigating the Implementation of AI

The rapidly changing threat landscape demands CISOs (chief information security officers) to be proactive and stay ahead of the curve, especially when it comes to AI. Companies must recognize the need for AI-savvy CISOs to face the challenges that arise from the integration of AI in industrial cybersecurity. Let’s look at the most obvious of those hurdles:

1. Data Quality: AI is as good as its training data, any implementation that uses your logs or sensitive data to learn will face a challenge balancing the amount, quality v.s. the privacy and security of your internal information.
2. Statistical limitations – Handling Falsehood: Managing potential alert overloads or missed threats due to the generation of false positives or negatives by improperly applied AI.
3. Auto-fitting: Identifying changes made to industrial processes without human intervention (operators) by the processes themselves. The models may grow to overfit the historical precedence and will need resets and human supervision to maintain protection against old attack methods that may become uncommon.
4. Who watches the watchman? Guarding against attackers deceiving or manipulating the models or algorithms themselves. Potentially chaining layers of protection, where a simpler model may check for the I/O of another, more advanced model.
5. At what cost? The cost of these tools is usually not negligible. Large models take a lot of computing power and vendors will pass all the cost and more to the client. Your company will need to cautiously decide to address these new threats without drowning in high market costs.

AI-Savvy CISOs: A Necessity in the Age of Generative AI

An AI-savvy CISO is not just a technical expert but a strategic leader who understands the value of AI in bolstering a company’s cybersecurity posture. Here’s how CISOs should approach the problem and why companies should prioritize AI expertise in their hiring and development strategies:

1. Embrace AI-driven security solutions: CISOs must be well-versed in the latest AI technologies and understand how to effectively leverage them to enhance their organization’s security measures. This includes anomaly detection, predictive maintenance, and automation of security tasks. They should actively seek out AI-powered tools and platforms, ensuring seamless integration with their existing security infrastructure.
2. Stay informed: Keeping up-to-date with emerging threats and attack vectors powered by AI is crucial. AI-savvy CISOs should continuously monitor the latest research, developing their own understanding of potential risks and vulnerabilities before they become commonplace.
3. Foster collaboration: promote a culture of collaboration and knowledge-sharing within and between the technical teams in the company. Encouraging security & engineering professionals to stay informed and educated on AI advancements will help build a robust defense against upcoming threats. CISOs should facilitate training programs and workshops to keep their teams up-to-date and engaged.
4. Advocate for ethical AI development: If your company is building its own AI tools or models (you likely should), your CISO should champion responsible AI development by ensuring adherence to ethical guidelines and regulations. They must advocate for transparency, privacy, and security.
5. Strategize for long-term AI implementation: CISOs should start by developing a long-term AI implementation strategy that outlines the organization’s goals, objectives, and potential challenges. This should include plans for acquiring and deploying AI tools, budget allocation, talent management, and addressing potential regulatory concerns.

The role of the CISO is evolving, and companies must prioritize the integration of AI expertise in their cybersecurity leadership. As AI continues to reshape industrial cybersecurity, AI-savvy CISOs will be critical to navigating the challenges and opportunities that lie ahead.

The present: Big Tech getting involved

At the RSA Conference 2023, Google unveiled its Cloud Security AI Workbench [10], a comprehensive cybersecurity suite powered by a specialized AI language model named Sec-PaLM. Designed specifically for security applications, Sec-PaLM draws on a wealth of security intelligence, including software vulnerability research, malware analysis, threat indicators, and behavioral threat actor profiles.

The Cloud Security AI Workbench boasts a suite of cutting-edge AI-driven tools. For instance, Mandiant’s Threat Intelligence AI [11], acquired by Google in 2022, will leverage Sec-PaLM to identify, summarize, and address security threats. VirusTotal, another Google-owned service, will harness Sec-PaLM to assist subscribers in analyzing and understanding malicious scripts’ behavior.

Furthermore, Sec-PaLM will aid Chronicle, Google’s cloud cybersecurity service, in searching for security events and facilitating conversational interactions with results. Google’s Security Command Center AI users will receive easily digestible explanations of attack exposure from Sec-PaLM, including information on impacted assets, recommended mitigations, and risk summaries for security, compliance, and privacy findings.

The Future: AI’s Pivotal Role

As information and communication technologies continue to evolve and integrate more deeply into critical infrastructures, the risk of cyberattacks will only grow. Consequently, there is a need to enhance the solutions currently employed in the OT realm.

AI-driven solutions can significantly improve organizations’ ability to detect abnormal behavior patterns and alert operators to potential threats. Additionally, AI can be used to predict the risk of an attack, offering mitigation recommendations before it occurs. It can also fortify authentication and authorization of access to critical systems and identify OT system vulnerabilities before attackers exploit them.

In conclusion, as these tools become widely available, it is paramount to utilize them for threat protection or risk falling behind cyber criminals in technological capabilities.

Appropriate regulation will be crucial to mitigating the potential misuse of AI and machine learning in industrial cybersecurity [9]. Regulation is written in blood, and although we will not see relevant work from public sources in the short term, we see the private sector running to fill the gap.

Sources

1. Xorlab — How AI is enabling ‘hyperpersonal’ phishing attacks
2. The Brookings Institution — Deepfakes and International Conflict (pdf)
3. The Conversation — AI and the Cybersecurity Arms Race
4. VentureBeat — How to Protect Artificial Intelligence from Itself
5. Prosegur — AI’s Double-Edged Role in Cybersecurity
6. Darktrace — Self-Learning Asset Identification, Industrial Immune System
7. Siemens Predictive Services — Assesment, Connectivity, Analytics
8. IBM Watson for Cyber Security — AI-Powered Cybersecurity Solutions
9. E.U. Guidelines for Trustworthy AI — Ensuring Ethical AI Development
10. Google AI Workbench — AI for Cybersecurity
11. Mandiant — Threat Intelligence

Join thousands of data leaders on the AI newsletter. Join over 80,000 subscribers and keep up to date with the latest developments in AI. From research to projects and ideas. If you are building an AI startup, an AI-related product, or a service, we invite you to consider becoming a sponsor.

Published via Towards AI