Enhancing Security with AI
Analyzing Security Data
AI can help eliminate labor-intensive, time-consuming human tasks, enabling security teams to optimize productivity and speed. These are important benefits in industrial operations when minutes matter and seconds count in the preservation of critical uptime.
Anomaly Detection
Traditional security tools detect anomalies by baselining normal behavior based on existing traffic. But if a malicious actor is already present, the baseline may be inaccurate. AI has the ability to efficiently combine multiple data sets, including threat intelligence, data from the cloud and indicators of compromise across industries, to better detect anomalies. Deploying threat monitoring systems with AI capabilities can help ensure that malicious actors are not flying under the radar.
Processing Security Alerts
With better anomaly detection comes the possibility of alert fatigue. High volumes of new alerts may come in during the usual learning phase of new security technology deployments. This is considered the tuning phase, where human analysts help define what’s important and what’s not. As these systems learn, AI can effectively weed out false positives, false negatives and unimportant signals, saving human analysts time and effort.
Predictive Maintenance
It’s critical to maintain uptime for the extensive infrastructure that supports security tools and provides telemetry. AI can help monitor and manage these systems to detect and prevent system failure before it happens. Integrating a purpose-built predictive maintenance platform can streamline the process of combining data from disparate sensors.
Threat Intelligence Gathering
An effective security program needs real-time threat intelligence gathering and analysis. Yet many CI organizations don’t have skilled security analysts on staff 24X7. Automating processes — such as collecting and analyzing data about cyber threats or compiling reports — helps fill the gap.
Streamlined Security Operations
Digitization and IT/OT convergence have created a proliferation of sensors, devices, applications and machines. Previously disconnected from the network, they’re now streaming data about industrial processes 24/7 — along with large volumes of security metadata. AI can help consolidate and prioritize the information to improve SOC productivity.
Automatic Response and Remediation
Perhaps the most enticing use case for AI in cybersecurity is automatic response and remediation. Today there are newer AI tools that can help reduce cybercrime impacts by detecting, quarantining, and remediating certain types of cyberattacks automatically. This capability will grow over time and indeed may be the primary way we fight AI-enabled cyberthreats in the future.
Managing Security Risks from AI
Just as AI can speed and streamline cybersecurity tasks, it can create new risks for organizations – both from within and externally. AI risks for OT cybersecurity include:
AI-Enabled Cybercrime
AI is quickly being adopted by threat actors who are using it to automate and optimize attacks with more effectiveness. Enhanced social engineering using email phishing, ‘smishing’ or SMS phishing, and deepfakes, for example, are a few ways cybercriminals are using AI to find new ways to breach organizations.
Data Security
In our interconnected world, a compromise in the supply chain poses a risk to an organization’s data. Consider the SolarWinds attack, in which a vulnerability in one vendor’s software exposed many CI organizations’ IT systems logs. AI/ML models use massive amounts of data, and the exposure could be exponential.
Explainability and Transparency
Incident responders often need to dig deep to understand why certain things are happening in their environment. But AI systems are extremely complex, and many models use a proprietary “black box” to inform their decision-making processes. Even data scientists who built the model may not have a clear understanding of how their model combines variables to predict outcomes, which can impede important insights.
Bias and Fairness Concerns
Systemic, computational, human and other biases can bleed into the algorithm development process and data training. Biased assumptions skew models toward certain datasets. Consequently, the security tool may create false positives or negatives, identify the wrong threat and diminish the effectiveness of controls.
Recommendations for Starting AI Security Initiatives
1. Start small. Pilot AI in specific, well-defined use cases, such as automating data collection and analysis from multiple data streams.
2. Prioritize data quality. The “garbage in, garbage out” adage is especially relevant for AI. Ensure that data is properly organized and labeled for both manual and automated feeds.
3. Develop robust governance around people, processes and technology. Document your standard operating and oversight procedures to understand who consumes data and how that impacts threat detection workflows.
4. Invest in training. AI security initiatives create vital partnerships between security practitioners and data scientists who must gain a deep understanding of your industrial environment and OT infrastructure to effectively safeguard it.
5. Continuously monitor your environment. Malicious actors conduct reconnaissance and attacks after hours, when security staffing is limited.
Rockwell Automation Can Help
Organizational leaders charged with securing industrial operations should focus on responsible AI implementations that leverage AI’s strengths, while minimizing its risks.
Rockwell Automation can help you leverage AI-based cybersecurity today, paving the way for a safer and more secure future. Contact us for an initial consultation.
1Cost of a data breach 2023 | IBM. (n.d.). https://www.ibm.com/reports/data-breach
