In January, MIT released a report looking at how artificial intelligence is transforming the energy industry. Among the report’s areas of examination is the role of AI in industrial cybersecurity. According to the report, as oil and gas companies digitalize, the risk of cyber attacks increases along with opportunities for AI.
“The energy vertical is going through a transition, some would even call it a revolution,” says Kris Pakizer, Global Head, Marketing & Communications Siemens who commissioned the report. “There’s a push toward cleaner, more distributed, and decentralized production of energy. The other thing we’re seeing is an exponential increase in risk targeting operational technology.”
The report is based on in-depth interviews with IT and cybersecurity leaders at oil and gas companies around the world, conducted in September and October 2020. According to the report, 66 percent of oil and gas company executives say they benefit from digitization even with increased cybersecurity risk.
According to IBM Security’s X-Force Threat Intelligence Index 2020, the breakdown of system segregation is opening the door to cyber attacks on industrial control systems and similar OT assets, with attacks increasing more than 2,000 percent from 2018 to 2019. The energy sector is the ninth-most targeted industry in the X-Force ranking.
In order to better secure themselves, many energy organizations are turning to AI in industrial cybersecurity.
“To us, the number one benefit is the ability to deal with an evolving threat environment,” Pakizer says. “The reality is the threat environment is changing, the sophistication of attacks is changing, the methods attackers use are changing. And the only way to keep up with that is to use artificial intelligence.”
The energy industry and other operational technology environments face a few major challenges. Among them is a lack of visibility: you can’t protect what you can’t see.
“The challenge of visibility is that in our world, a digital command can have real world physical consequences,” Pakizer says. “If you want to understand whether something is not just anomalous but also consequential, we have to look at data from both the physical and digital world, come up with a unified threat stream and then provide context.”
In addition to visibility, energy organizations also struggle with a lack of human capital. There is currently a talent shortage in industrial organizations where staff lack OT security expertise.
“This is where AI can play a powerful role, in helping us detect attacks and helping us overcome the talent gap, by helping us make sense of billions of data points that are now being produced in the new energy ecosystem,” Pakizer says.
Another issue in the energy space is that these organizations often have assets like compressors and substations that have either been unpatched or have been patched with a high degree of updating frequency. Through a partnership with AI company SparkCognition, Siemens uses AI in industrial cybersecurity to provide autonomous protection of these assets.
“The word autonomous is really key,” Pakizer says. “Most AI security solutions that are out there have to connect to the cloud to be able to process and provide a degree of protection. What we have done is developed a solution that works in the field, that doesn’t require connectivity, that’s lightweight to protect the terminals and engineering stations from both physical cyber attacks and from attacks coming from being connected to the outside world.”
Siemens and SparkCognition’s solution, DeepArmor, is an AI-built cybersecurity solution designed to improve an organization’s security posture with zero-day protection against today’s most advanced ransomware, viruses, malware, and more.
“There’s a lot of AI hype. Whenever I go to cybersecurity conferences, every other booth has that in it’s slogan,” Pakizer says. “AI is only as good as the data and logic that’s built into it. We’ve built DeepArmor specifically for the industrial environment which means the logic of how it detects attacks, how it recognizes good from bad, and how it interacts with policies and workflows is really key.”
Despite these benefits, AI adoption in the energy industry has lagged behind. According to the MIT report, in 2018, only 36 percent of oil and gas companies had invested in big data and analytics, and only 13 percent used the insights gained from technology to enhance business intelligence. Additionally, only 18 percent of energy companies use AI to detect attackers.
“What’s interesting about AI is it has traditionally been met with a lot of skepticism from the operational technology community,” Pakizer says. “It’s seen as a black box. We as an industry are risk averse and we’re comprised of engineers that want to understand the inputs and the outputs and with artificial intelligence, it’s often hard to do that.”
However, despite the hesitation felt by some, operational environments are especially suited to AI because this technology helps meet their unique needs.
“If you think of industrial environments today and control systems there are multiple challenges they’re facing. They are not necessarily always upgraded to the most recent versions of software and the reason for that is because OT systems have a lifespan that can be 25 plus years versus IT systems which typically span three to five years. The other challenge of OT systems is they have varying degrees of connectivity,” says Sridhar Sudarsan, SparkCognition CTO. “If you take all of these challenges, having an agent that is running in an uninterrupted way, disconnected from the network, not needing full network connectivity becomes an important aspect.”
AI in industrial cybersecurity is a departure from signature-based approaches which require systems to be consistently patched to keep up with malware updates. In this way, AI can help energy organizations stay ahead of the next cyber attack.
“To patch or not to patch is a conundrum that has been around for a long time,” Sudarsan says. “If they patch their systems all the time they have a risk of introducing either threats or other impacting files into those control systems which are critical. If they don’t patch then they’re at risk for being attacked by malware that are not updated by these signature based approaches. With AI, the way we approach it is the engine that we run is running entirely encapsulated within these control system environments. It is future proofed, which means you don’t have to do a patch each time there’s a new malware detected.”
DeepArmor recognizes and reports new devices or behavior changes that characterize insider threats. It uses predictive analysis to prevent malicious code from executing, even if that code is not yet part of threat intelligence packages.
“The only way you can identify an unknown unknown, classify a file you’ve never seen before, or a type of malware you’ve never seen before, is through a learning based approach or an AI based approach,” Sudarsan says.