What roles should AI and automation play in securing critical infrastructure? What are their limitations?
LH: Organizations increasingly recognize the potential of AI and automation technologies to protect their critical infrastructure. These tools can play a central role primarily in two domains: threat detection and monitoring, and the preservation of data integrity.
In addition, as adversaries harness AI to craft sophisticated cyber attacks, it’s imperative for organizations to retaliate with AI-driven defenses. AI’s ability to monitor, analyze and predict patterns from mass datasets enables it to identify vulnerabilities early. AI can help provide security analytics and identify anomalous behaviors against big data, trigger an automatic response against threats, and even develop a playbook to identify the correct processes and procedures against cyber threats – all of which can help increase security posture greatly. This proactively minimizes potential entry points for attackers, helping infrastructure operators prioritize tailoring their defenses.
On the other hand, process automation through blockchain technology provides a robust foundation of data transparency. Critical information undergoes hashing and timestamping, guaranteeing an immutable record of the data. Automated systems also help monitor for any unauthorized changes, which further ensures the reliability of the system. Together, AI and automation provide a multi-layered defense strategy against cyber threats to critical infrastructures and supply chains.
While AI can effectively ease the load for most routine tasks, human intervention remains essential in contextualizing and assessing threats in real-time situations. These automated systems are only capable of operating within the space that it is being programmed in and are still dependent on skilled personnel for development, maintenance, and monitoring.
Furthermore, critical infrastructure systems often incorporate a blend of legacy and modern technologies. Antiquated technology that does not integrate seamlessly with AI systems can potentially pose a challenge in modern environments.
How should we address critical infrastructure security concerns arising from AI and quantum computing?
LH: With emerging technologies like AI and generative AI, it is easier than ever today for bad actors to develop sophisticated and targeted cyberattacks. For example, bad actors can use AI to deploy malware, generate attack codes, and draft realistic phishing emails to engineer a cyberattack that is targeted specifically at a particular individual, or an organization.
To address these concerns, it will be essential that we take a proactive and holistic approach to bolster critical infrastructure security, with the help of security technology. Close collaboration with public and private sectors to share threat intelligence and coordinate responses to cyber threats will also be critical.
Likewise, quantum computers, with their capacity to decrypt data protected under today’s public-key cryptographic algorithms, will make data encryption capabilities obsolete. While quantum computers that are sufficiently powerful to do so do not yet exist in the market today, it is just a matter of time before they become generally available. When that happens, this can pose a significant risk for critical infrastructure operators, given their access to and handling of highly sensitive data.
To preempt this risk, it is important to plan ahead and prepare our systems, assets, and data for post-quantum cryptographic standards. This starts with taking stock of the systems and applications that currently use public-key cryptography, and involves close collaboration with technology and cybersecurity providers to make the necessary patches and updates.
With humans being the weakest link in cybersecurity, what can be done to minimize and mitigate breaches resulting from human weakness and errors?
LH: One of the ways to minimize breaches is by providing employees with cybersecurity awareness training so that they are able to recognize and report potential threats early. Building a strong cybersecurity culture, where employees practice good cyber hygiene, such as having strong and frequently changed passwords, using only trusted connections and sites, and reporting suspicious cyber activity, can help to safeguard the organization from cyber threats today.
Furthermore, conducting regular cybersecurity drills involving all levels of an organization strengthens its defense against real-time breaches. For instance, a simulated phishing attack could be staged, testing employees’ ability to identify and report deceptive emails. This hands-on approach not only identifies areas of improvement but reinforces the importance of collective vigilance across the organization.
What are some key differences in a zero-trust approach to OT compared with IT?
LH: Due to the distinct nature of OT and IT, a zero-trust approach to both domains can be very different.
One of the key differences is the scope of protection. A zero-trust approach for IT concentrates on protecting digital assets, such as data, applications, networks and servers. For example, limiting access and requiring user authentication prevents unauthorized users from accessing sensitive data. On the other hand, a zero-trust approach for OT focuses on safeguarding physical systems and processes to prevent unauthorized users from accessing and tampering with industrial control systems, sensors and pumps in critical infrastructures, causing disruption or harm.
Another key difference is the consequence of a breach. For instance, a breach of IT systems can result in data theft or data loss, whereas a breach of OT systems could result in production disruptions, environmental damage and even physical harm.
What are some key trends in OT and IoT security that we can expect in the coming year?
LH: In the coming year, we can expect cybersecurity threats in the OT environment to continue growing, as bad actors exploit vulnerabilities in digitalized and connected OT environments. With OT security lagging behind, it is imperative that critical infrastructure operators urgently take action to mitigate the risks. Thankfully, more and more people recognize the importance of securing critical infrastructure and are making efforts to ramp up their OT security posture. For instance, the Cybersecurity Agency of Singapore has developed a security-by-design framework, as well as a guide for cyber risk assessment specific to the critical information infrastructure industry, to help these organizations proactively secure and build resilience into their systems.