AI in OT Security — Balancing Industrial Innovation and Cyber Risk

Aug 21, 2024
7 minutes
... views

Rodillas on OT and ICS security

00:00 00:00

Whether defensive or offensive, cybersecurity is in constant flux. And in today's industrial landscape, the convergence of operational technology (OT), industrial control systems (ICS) and information technology (IT) is reshaping manufacturing and critical infrastructure. This convergence, while bringing unprecedented efficiency and innovation, also exposes traditionally isolated systems to new security risks, creating a complex ecosystem where AI is emerging as a powerful ally in securing these environments.

We recently interviewed Del Rodillas, distinguished product manager at Palo Alto Networks, who focuses on OT and ICS security, developing solution roadmaps and working closely with the product teams. His expertise extends to collaborating with sales teams, enabling them to better serve clients, and educating customers. Del's long-standing experience and insights make him a valuable asset in navigating the multifaceted landscape of the OT-IT convergence and emerging cybersecurity challenges in the manufacturing and industrial sectors.

The Changing Face of OT Security

Today, the manufacturing sector is embracing digital transformation at an unmatched rate. By 2026, industrial organizations are expected to employ over 15 billion new and legacy assets connected to 5G, the internet and cloud. As one might expect, this rapid adoption of new technologies is not without risk. The attack surface of a typical manufacturing organization becomes exponentially broader as more devices are deployed.

This expanded attack surface, coupled with the inherent vulnerabilities of legacy OT systems, creates a perfect storm for cybercriminals who are now setting their sights on these systems, leveraging advanced, AI-enhanced techniques to launch attacks. As Rodillas points out:

"OT-IT convergence plays a massive role in the cyberthreat landscape because it enables attackers with a more sophisticated playbook or set of tools that makes their capabilities more advanced, but it also increases the velocity and volume of their attacks."

This increased digital tangle of connectivity has made OT systems prime targets for cybercriminals. In 2021, 35% of reported OT cyberattacks had physical consequences, with an estimated damage of $140 million per incident. These alarming statistics underscore the critical need for robust OT security measures that can keep pace with evolving threats.

AI — A Game-Changer in OT Security

As in other areas in cybersecurity, AI is proving to be a formidable ally in the fight against cyberthreats in OT environments. Rodillas emphasizes the importance of AI in addressing the unique challenges of OT security:

"AI plays a massive role in the cyberthreat landscape… I think AI is changing the mindset that it's not relevant to OT. It's very much relevant because of an integrated IT-OT attack lifecycle. From a sophistication standpoint, I think particularly on the social engineering phase, so people have to remember that attacks to OT primarily are ones that originate from IT and then pivot to OT.

Generative AI particularly can be used to automate the research and email generation to have a more targeted and more convincing spear phishing campaign. And the adaptability, I think, is another thing for the threat landscape, where the malware can constantly evolve, making it harder to detect and neutralize. I don’t think it would be a stretch to say that AI will be applied to have more efficient and stealthy lateral movement in OT, thus shortening the time to compromise a critical asset."

Given these evolving threats, AI is not just a tool but a necessity in modern OT security.

Key Areas Where AI Is Making an Impact Protecting Industrial Environments

Enhanced Threat Detection and Response

AI-powered tools are revolutionizing how organizations detect and respond to threats in manufacturing settings. Rodillas highlights the importance of User and Entity Behavior Analytics (UEBA), stating,

"In manufacturing, the device aspect of UEBA becomes very interesting because now you're talking about OT devices, industrial IoT devices, IoT devices, IT devices, a lot of devices on the shop floor."

By leveraging machine learning algorithms, these tools can establish baselines for normal behavior and quickly identify anomalies that may indicate a security threat. This capability is particularly crucial in OT environments, where traditional IT security tools may not understand specialized industrial protocols.

Bridging the IT-OT Security Gap

One of the most significant challenges in OT security has been the disconnect between IT and OT teams. AI is helping to bridge this gap by providing a common language and unified view of the security landscape. Rodillas explains:

"Organizations are better off because there's that increased connectivity between the two environments. OT is becoming more like IT from a technology standpoint... AI can be one of these types of technologies, kind of a unifying capability."

By applying AI analytics across both IT and OT environments, organizations can detect threats earlier and map attacks to frameworks like MITRE ATT&CK, enabling better identification of threat actors and more effective response strategies.

Addressing the Skills Gap

The cybersecurity skills shortage is particularly acute in the OT sector. AI is helping to alleviate this limitation by automating routine tasks and enabling less experienced staff to handle more complex security operations. As Rodillas notes, "You need AI to take this burden off of humans and AI can do it 24/7 automatically, and it can only involve your personnel when there's a critical and high fidelity signal that is better handled by a human."

This automation not only helps to address the skills gap but also allows security teams to focus on strategic initiatives rather than getting bogged down in day-to-day alert management.

Challenges and Considerations

While AI offers tremendous potential in OT security, it's not without challenges. One of the primary concerns is the risk of false positives leading to unnecessary operational disruptions. Rodillas cautions, "If you act on a false positive and shut something down, and it causes a downtime and or some safety concern, that's like, ‘ the cure is worse than the problem’ kind of scenario."

To mitigate this risk, Rodillas suggests implementing decision assistance mechanisms that provide context and recommended actions to human operators, rather than relying on fully automated containment.

Looking Ahead — The Future of AI in OT Security

As we peer into the future, several advancements in AI are poised to have a significant impact on OT and ICS security:

  • Improved accuracy in threat detection, reduced false positives
  • Enhanced operational risk assessment capabilities
  • Integration of AI with digital twin technologies for more effective security simulations

These digital twins, which are virtual replicas of physical systems, allow organizations to simulate and analyze potential security scenarios without risking their actual infrastructure. By applying AI to these simulations, companies can predict vulnerabilities, test response strategies, and optimize their security posture in a safe, controlled environment. This approach is particularly valuable in OT settings, where testing on live systems could lead to costly disruptions or safety risks.

Rodillas also sees potential in the application of large language models (LLMs) in OT security, particularly in querying and analyzing complex, interconnected datasets across OT and IT systems.

The convergence of OT and IT, coupled with the rise of AI, is ushering in a new era of industrial cybersecurity. While challenges remain, the potential benefits of AI in securing critical infrastructure and manufacturing environments are immense. By leveraging AI-powered tools and strategies, organizations can enhance their threat detection capabilities, bridge the IT-OT security gap, and address the persistent skills shortage in the cybersecurity field.

As we move forward, it's clear that AI will play an increasingly central role in safeguarding our industrial systems. Organizations that embrace these technologies and integrate them thoughtfully into their security strategies will be best positioned to thrive in the evolving threat landscape of the OT world.

Learn More

Download our State of OT Security Report-2024 to learn more about securing industrial environments.


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.