Steve Durbin is Chief Executive of Information Security Forum. He is a frequent speaker on the Board’s role in cybersecurity and technology.
A technology-led revolution, dubbed Industry 4.0, is gathering pace in the industrial world where traditional processes and legacy technologies are being replaced by smart devices, automated machines and advanced forms of computing. The rise of Cyber Physical Systems (CPS), owing to exponential growth in technologies like the Internet of Things (IoT), artificial intelligence (AI), cloud, robots, drones, sensors, etc., is helping manufacturers improve efficiencies, productivity and the autonomous operation of production lines. Businesses are pouring billions of dollars in AI and automation, and the Industrial IoT (IIoT) alone is set to become a $500 billion market by 2025.
IT/OT convergence could spell disaster for industries.
As smart factories and supply chains connect the production line to the outside world via IIoT, digitally connected industries are becoming increasingly appealing to cybercriminals, who now have the opportunity to hijack high-value targets. The Cybersecurity and Infrastructure Agency (CISA) has warned of a rising barrage of ransomware attacks resulting from IT/OT convergence — the integration of information technology systems with operational technology (OT) systems — and the resultant expanded threat surface. Last year, 41% of all ransomware attacks targeted OT. IoT attacks soared by 700% (registration required) during the pandemic, while infected IoT devices grew 100%.
What makes IoT and OT attractive targets?
There are several reasons why IoT and OT devices are attractive targets for cybercriminals. Here are the top five:
1. OT lacks adequate security: OT and IoT devices lack stringent security (security is often an after-thought), making them an attractive target for ransomware attacks. More than half of manufacturers believe OT assets are vulnerable to cyberattacks.
2. Absent updates and software patches: Researchers estimate there are millions of unpatched IoT and OT devices. Legacy devices also lack the ability to update their firmware, and this puts IoT devices at permanent risk of exploitation. Security teams often struggle to secure IoT and IIoT devices.
3. Growing skill and resource gap: I’ve observed that there is a huge shortage of people with skills and knowledge of OT security. Security teams can be overwhelmed with security data, and the workload often exceeds staff capacity.
4. Potential to inflict extensive damage: The ransomware attack on the Colonial Pipeline showed how disruptive a cyberattack can be. Attacks on OT infrastructure can halt production, disrupt supply chains, cause widespread panic and uncertainty. According to Gartner, cyberattacks can result in loss of life.
5. Rising payouts and high bargaining power of attackers: Enterprises lose money for every minute their business is disrupted. Paying the ransom can seem like a prudent choice. Since targets hold significant value, cybercriminals make aggressive demands and successfully coerce victims into paying.
AI can help bolster industrial cybersecurity.
Cybersecurity in Industry 4.0 can’t be tackled in the same way as that of traditional computing environments. The number of devices and associated challenges are far too many. Imagine monitoring security alerts for millions of connected devices globally. IIoT devices possess limited computing power and, therefore, lack the ability to run security solutions.
This is where AI and machine learning come into play. ML can make up for the lack of security teams. AI can help discover devices and hidden patterns while processing large amounts of data. ML can help monitor incoming and outgoing traffic for any deviations in behavior in the IoT ecosystem. If a threat or anomaly is detected, alarms can be sent to security admins warning them about the suspicious traffic.
AI and ML can be used to build lightweight endpoint detection technologies. This can be an indispensable solution, especially in situations where IoT devices lack the processing power and need behavior-based detection capabilities that aren’t as resource intensive.
AI and ML technologies are a double-edged sword. Threat actors can weaponize AI to automate things like target selection or attack timing to avoid detection. Deepfakes, human impersonation and AI-powered password guessing all pose a threat. The misuse of AI and ML is a worrying trend that seems set to grow in step with its adoption across the business world. Enterprises need to take particular notice of any potential malicious exploitation of their own AI systems. For example, cybercriminals have been able to copy the ML model for Proofpoint Email Protection and manipulate it to allow malicious emails to pass through filters.
To sum up, organizations must carefully consider the security implications to have a successful Industry 4.0 journey. As connected devices take over legacy technology, it becomes increasingly difficult to fight cyber threats without the intervention of advanced AI. We need machines that protect themselves, without worrying too much about their ability to spy on your business or cause harm by partnering in crimes that can be committed against supply chains or customers. AI has proven worthy in many different areas of our lives. It’s not hard to imagine how AI can make a significant contribution in strengthening Industry 4.0 and perhaps beyond.