Cognitive cybersecurity approaches: Protecting utility OT in a hyper-connected world
Edge devices, the Internet of Things, wearables and swarm computing: emerging cyber-physical systems are enabling exciting new utility business models. At the same time, they could also expose critical energy networks to new security threats that could be a matter of life – and even death!
In a hyperconnected world, utilities will need to adopt new approaches for protecting their operational technology (OT). Let’s explore why a cognitive cybersecurity approach is vital for protecting critical infrastructure.
IT has opened the door for an attack on OT
Not so many years ago, utility companies used specific digital tools for specific tasks. The tools that controlled electricity and gas flow and the sensors on mechanical turbines in power plants, for instance, used specific software that ran on specific hardware talking specific protocols.
All that has changed in the last ten years. The proximity between OT and information technology (IT) is now close, and getting closer, opening the door for attacks to enter from IT and penetrate OT. Even some experts in utility companies’ industrial environment may not be fully aware of the risk they face even today. Servers using vulnerable operational systems, for instance, could put their OT at risk.
It’s not just the risk that’s growing; the potential impact is rising too. If a utility’s highly automated and integrated IT and OT systems suffer a security breach, that breach could extend beyond the digital world to the physical world. A malicious person could steal data – or they could shut an entire power plant down. The economic impact would be substantial; financial losses could run into $1m a day. The safety and security impact would be unimaginable, sending whole regions into chaos and putting lives at risk.
Take OT cybersecurity seriously
New cyber-physical systems are solving utilities’ problems in new ways. IoT, edge devices and advanced analytics are providing local insights that were simply not possible before. Wearables and even human-embedded technologies are giving workers in the field access to critical systems from their remote locations.
At the same time, the increasingly hyper-connected utility IT environments are making security management more complex and broadening attack surfaces. This is attracting cybercriminals who, in turn, are constantly evolving their malicious attack technology.
Regulatory pressure from the GDPR data privacy regulation may bring hackers new opportunities for holding utilities to ransom as they increase the volume of data they collect. Added to that, the growing trend in wearables and human embedded technology is extending personal risks beyond issues of privacy, to matters of well-being and even death.
The risk penetrating through to utility infrastructure is substantial, as we have seen. Sensors, machines, cabinets, SCADA systems and all other OT assets need to be protected. Classical perimeter security models are no longer sufficient.
A cognitive approach to OT cybersecurity
Despite the substantial risk to OT, the OT security outlook does not have to be a bleak one. There are steps utilities can take to protect their increasingly complex OT environments.
- A first step would be to observe the industrial network traffic.
- Utilities can then use the data they collect to passively build an inventory of their OT components. This may sound trivial, but it’s essential because asset inventories can be very complex. Paper inventories can be completely different to real life.
- A next step would then be to analyze the data to identify and respond to potential threats.
Applying a cognitive approach to each of these steps can be very effective in dealing with growing attack surfaces, increasing risks to critical infrastructure and innovations in malicious attack technology. Viable solutions are already emerging.
From AI to distributed ledgers
Let’s look at the specific technologies behind this cognitive approach to protecting OT:
- Self-learning systems that make use of AI technologies (such as machine learning, deep learning, and reinforcement learning) can help keep tabs on a rapidly-changing inventory.
- Behavioral analysis systems based on self-learning, data mining and pattern recognition can highlight suspicious behaviors before they do any harm. Such systems learn normal behaviors to anticipate attacks and model possible responses.
- Trusted collaborative networks are vital for sharing contextualized intelligence between security domains, which are traditionally silos of enforcement. Distributed ledger technologies help establish the trust that is critical for fostering collaboration.
- Emerging security and safety certification frameworks will soon assist organizations in deploying appropriate cybersecurity strategies.
While the emerging threats are very real, they should not deter utilities from investing in emerging technologies. Cybersecurity solutions can provide the protection needed to keep utilities’ OT safe and secure.
Atos will explore why a cognitive cybersecurity approach is vital for protecting utilities’ critical infrastructure at the upcoming Atos Technology Days 2019. Find out more about the event here.