Security issues arising from the integration of information technology (IT) and operational technology (OT) could be addressed by artificial intelligence (AI), although the technology could also be exploited by malicious actors, according to a Cisco study.
The report, by Cisco and Sapio Research, surveyed 1,000 industry professionals in 17 countries and found that cybersecurity challenges and AI adoption are the top concerns for large OT organizations.
As OT networks increasingly converge with IT systems such as enterprise resource planning (ERP) and manufacturing execution systems (MES), they improve production management but expose companies to more cyber threats.
Survey results indicated that unpatched vulnerabilities in outdated software in legacy systems make IT/OT a target for threat actors launching malware and ransomware attacks.
Most respondents said they expect AI to improve network management (49%) and improve collaboration between IT/OT teams (46%).
As operational technology becomes an increasingly desirable target for threat actors, AI provides a more efficient and effective approach to automated detection, analysis and response compared to traditional rules-based methods.
With this approach, multiple ML techniques are required to gain accurate insight and intelligence, such as understanding the lifecycle of an organization’s assets using multiple layers of pattern analysis, probabilistic modeling, and relationship analysis.
Using this inherent understanding, anomaly detection can be performed to identify asset misuse, abuse, and misconfigurations.
“This can also highlight new attacks, insider threats and security vulnerabilities,” said Marcus Fowler, CEO of Darktrace Federal.
Limits of the Air Gap Approach
He explained that many organizations that have OT environments have tried to maintain a “gap” in their environments, distinctly separating the management of their IT systems from their OT environments.
“However, modern IT/OT convergence and network complexity make maintaining this divide increasingly difficult – creating a critical need for active visibility, continuous monitoring of network activity and segmentation validation,” he said.
This approach positions organizations to identify all points of IT/OT convergence, showing key areas of cross-activity and helping organizations achieve more cohesive alignment across teams.
“The key to success is moving from viewing IT and OT security in silos to a more holistic view of cyber security,” said Fowler.
He said that when integrating IT and OT, organizations also need to keep in mind that historically, these teams have had different priorities.
While IT teams have long embraced the benefits of digital transformation in their business operations, OT teams are often dependent on legacy systems and therefore have traditionally been slow to adopt new technologies – creating new vulnerabilities and areas of opportunity on for bad actors to exploit.
“To combat this disconnect, it’s vital that organizations look for platforms that can secure both IT/OT environments, allowing teams to work across environments and develop an understanding of each point of convergence between their IT/OT environments,” explained Fowler .
AI as a force multiplier
Jose Seara, CEO and founder at DeNexus, noted that OT systems are harder and more expensive to patch than IT systems — narrow maintenance windows, personnel that had to be deployed on-site to multiple facilities, or even outdated firmware that doesn’t is still accepted.
“Given these constraints, CISOs must evolve to a risk-based approach to cybersecurity, with an AI-based risk model that guides them in identifying the vulnerabilities that could cause the greatest financial damage to the organization,” he said.
He said AI can be a “force multiplier” that brings unprecedented efficiency in anomaly and intrusion detection to hundreds, if not thousands, of endpoints that could be deployed in industrial environments.
Seara said implementing cybersecurity solutions between IT/OT is an opportunity to strengthen team collaboration, develop a shared understanding of respective constraints and opportunities, and agree on ongoing monitoring protocols for IT/OT systems.
“It is essential to run what-if scenarios on risk mitigation projects to avoid wasting time and resources on projects with low or limited results in reducing risk,” he said.
#solve #security #challenges #ITOT #integration
