How AI can Improve Cybersecurity in Utilities sector

Written by PHOENIX project on 11. 03. 2022.

Artificial Intelligence, Machine Learning and threat intelligence can recognize patterns in data to enable security systems to learn from experience and enable companies to reduce incident response times and comply with security best practices.

Cybersecurity is one of the multiple uses of artificial intelligence. A report by Norton showed that the global cost of typical data breach recovery is $3.86 million. The report also indicates that companies need 196 days on average to recover from any data breach. For this reason, organizations should invest more in Artificial Intelligence (AI) to avoid waste of time and financial losses.

Technology is at an inflection point in history. Artificial Intelligence (AI) and machine learning (ML) are advancing faster than society’s ability to absorb and understand them and at the same time, computing systems that use AI and ML algorithms are becoming more advanced and these new capabilities can make the world safer and more affordable and introduce security challenges that could have a huge impact in public and private life.

From a cybersecurity point of view applying AI-systems within critical infrastructure can help to resolve persistent cybersecurity challenges being able to perform advanced network monitoring for detecting anomalies, software analysis techniques to identify vulnerabilities in code and to determine automatically defensive patches at the first indication of an attack. AI systems can perform these analyses in seconds instead of days or weeks helping in this way to observe and defend against cyber-attacks at the same time as when these occur.

Cybersecurity for ICS is like a cat and mouse game where adversaries and defenders continue to evolve with one another to a high level of sophistication in multiple fields like cybersecurity, physical security or engineering.A complex behavior-based ML algorithm can analyze standard signature-based intrusion detection system statistics and determine past trends to detect abnormal behavior. If it recognizes abnormal patterns with a statistical probability of attack, even from an unknown intrusion, it can respond in real time or, if it does not have a mitigation strategy, alert an operator.

Of course, utility companies tend to be hesitant about implementing autonomous detection and response technologies in real time as electrical systems are critical but are very concerned about implementing automation in live operational systems without a human in the loop because the consequences of mistakes are high. At the same time, utility sector needs modern cybersecurity but as they are keep using legacy devices and protocols deployed decades ago, might be in case of not being capable of supporting it.

Applying intelligent, automated threat detection and response can reduce the load on security resources. Threats can be systemically prioritized for customized alerts by defining sensitive data and assets, network segments and services.

Where AI could improve cybersecurity capabilities in utility sector:

advanced cybersecurity monitoring and analytics for incident detection and remediation,
technology for real-time security monitoring and response,
data mining and machine learning to automate model building, track normal behavior and flag anomalous activity. Information from all monitoring points provides an understanding of what’s “normal” down to the network level. Machine learning can automate building adaptive models of what is normal, track normal behavior and flag anomalous activity that can signal new threats,
advanced behavioral analytics for endpoint breach detection and response can complement existing technology with endpoint detection and response mechanisms that monitor techniques used by malware creators in recent attacks and fill the gap using pattern recognition technology powered by machine learning,
data mining and machine learning for threat intelligence. The right threat intelligence at the right time empowers a SOC team to block attacks in real time, predict attackers’ next moves and proactively hunt for threats.

Drawbacks and Limitations of Using AI for Cybersecurity:

Resources—companies need to invest a lot of time and money in resources like computing power, memory, and data to build and maintain AI systems.
Data sets—AI models are trained with learning data sets. Security teams need to get their hands on many different data sets of malicious codes, malware codes, and anomalies. Some companies just don’t have the resources and time to obtain all of these accurate data sets.
Hackers also use AI—attackers test and improve their malware to make it resistant to AI-based security tools. Hackers learn from existing AI tools to develop more advanced attacks and attack traditional security systems or even AI-boosted systems.

Neural fuzzing—fuzzing is the process of testing large amounts of random input data within software to identify its vulnerabilities. Neural fuzzing leverages AI to quickly test large amounts of random inputs. However, fuzzing has also a constructive side. Hackers can learn about the weaknesses of a target system by gathering information with the power of neural networks.

Conclusion

Artificial intelligence and machine learning can improve security, while at the same time making it easier for cybercriminals to penetrate systems with no human intervention. This can bring significant damage to any company. Getting some kind of protection against cyber criminals is highly recommended if you want to reduce losses and stay in business.

For utilities, keeping the “lights on” or “water flowing” is critical, so availability becomes a major security priority. However, implementing multiple AI security controls, practices and technologies without a full evaluation of possible risk can results in a lack of clarity. It can lead to mistakenly prioritized cybersecurity investments when in the end utilities may end up with gaps where key defenses are required.

Cybersecurity practices and AI/ML technologies must be adopted as part of an overarching security strategy and program to be aligned with an organization’s broader IT and OT risk and security frameworks. It’s not about one specific tool or skill. Security is about people, technology and processes, all of which need to be well orchestrated to work properly. It’s an effort of the entire ecosystem: utilities, government, equipment providers and security vendors.

Technology is evolving rapidly and we use it more and more in everyday life. Using machine learning, any DSO can obtain an understanding of the ongoing situation in their networks and detect cyberattacks from an incipient phase. It allows detection of the violation of the system operating limits in real-time and enables to maximize the utilization of current grid capacity and therefore, enables a much safer and more efficient system operation. That’s why, we need to be prepared to prevent and mitigate any cyber attacks, and the Phoenix project aims to develop an intelligent system for preventing and detecting attacks and stopping them without affecting users.

Sources:

https://www.nitrd.gov/pubs/AI-CS-Tech-Summary-2020.pdf

https://www.ibm.com/downloads/cas/GWKBPO7E

https://www.computer.org/publications/tech-news/trends/the-impact-of-ai-on-cybersecurity

https://www.utilitydive.com/news/artificial-intelligence-and-machine-learning-face-off-with-new-cybersecurit/566499/

Cookie	Type	Duration	Description
__cfduid	1	1 month	The cookie is set by CloudFare. It is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_wpfuuid	0	10 years	Contact form UUID (Universally Unique Identifier) cookie. It allows the plugin to connect entries by the same user and does not contain or represent any personal information or entry details.
cookielawinfo-checkbox-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
test_cookie	0	11 months
viewed_cookie_policy	0	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. It is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
_gat_gtag_UA_152331303_1	1 minute	Google uses this cookie to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. It is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

How AI can Improve Cybersecurity in Utilities sector

Energy Shield

BRIDGE

Success

Defender

NRG-5

sofie-logo

Elsa

interflex

Intergrid

NobelGrid

PROMOTioN-Logo-RZ-RGB

logo_reserve_sRGB

wisegrid-logo