Written by Rob McNutt
Sometimes cybersecurity companies develop cutting edge technology that helps users better protect themselves in ways they never thought possible. Other times, the need for new technology is so great that the clients build their own solutions.
That looks to be the case with Norsk Hydro, an aluminum company that is reportedly developing its own AI tools after it was hit by a ransomware attack. It is aiming to use those tools to look for unusual activity on its industrial equipment, which could potentially avert a cyberattack.
Companies are hungry for this type of technology in order to protect their critical infrastructure devices. I get questions about it nearly every day when I meet with CISOs and other security leaders. Critical infrastructure networks are increasingly under attack. There are a growing number of attacks on power utilities and manufacturing plants that shows that to be true, and many more that are kept behind closed doors.
AI isn’t a new tool to the cybersecurity industry – we’re turning to it more and more. The same type of technology that helps give you Netflix recommendations or find an Uber or Lyft is also helping companies pinpoint bad actors, automate basic security tasks, and more. It also goes both ways – hackers are also using AI tools to launch well-coordinated attacks.
Yet, I believe AI could have the most impact in critical infrastructure environments. Industrial AI is in its early stages. It mostly falls under what I would call “computer-aided intelligence” rather than full-fledged AI. But the hunger for more advanced technology is there.
Industrial AI could be used to flag anomalous activity that could point to a cyberattack. AI could also be used to analyze sensor data to predict when a device might break, so operators can perform predictive maintenance that would downtime and lower costs. For instance, you want to be able to predict when a cooling device will fail in a nuclear power plant before — and not after — it causes a meltdown.
It’s not a technology that will get adopted overnight. Critical infrastructure environments bring unique hesitations with AI that other lines of business don’t necessarily have. For instance, many of these systems are particularly sensitive to change and you don’t want to accidently break a mission-critical system by introducing a new technology, even if it is meant to protect it. The adoption of AI also demands a cultural shift inside of the critical infrastructure teams, where people will need to shift from operating equipment to operating software.
It’s also important to point out that AI won’t be a silver bullet. It is limited in its own technology, as it is only successful based off the sample of data it is given. For example, a security camera needs to sample a thousand images to learn that a car is a car and a person is a person. It also demands a high level of expertise on the part of the company developing it. Building AI tools without that expertise is a waste and won’t achieve the desired outcome of better security. Given limited budgets, companies need to decide what their best options for defense truly are.
But technology is changing. As we’re breaking down the traditional model of devices in critical infrastructure environments and connecting them to IT networks, you get a whole new world of what can be done. That will only accelerate with the widespread adoption of up-and-coming technologies like 5G. Those technologies potentially open up the door for new threats, but also for new capabilities to protect those networks. We shouldn’t let our fear of AI hold us back.
Rob McNutt is the CTO of Forescout Technologies.