In today's interconnected world, the lines between operational technology (OT) and information technology (IT) are blurring, bringing both unprecedented opportunities and significant challenges, particularly in cyber security. In this article, Ragnar Schierholz delves into the complexities of OT security, analyzing the potential benefits and risks associated with cloud computing and artificial intelligence (AI).
The evolution of the technology
In the last two decades, OT cyber security has undergone significant transformation. In the mid-2000s, the focus was on the introduction of active Antivirus (AV) solutions in Distributed Control Systems (DCS) and the Human-Machine Interfaces (HMI) layer in those. There were significant concerns about false positives that could disrupt operations. By the late-2000s, active AV solutions became standard in DCS and HMI. The remaining concerns were addressed by conservative configuration and intensive regression testing by DCS vendors.
From 2010 onward, we saw the adoption of Windows domains in the DCS to leverage advantages like system hardening with Group Policy Objects (GPOs). At this point, there were concerns about risks to the operation of the DCS, resulting in the dependency on a central function of the Active Directory Domain Controllers (AD DC). Over time measures like redundancy in AD DC deployments helped to overcome those concerns. Now usage of the Windows domain is a common practice in Windows-based DCS HMIs.
Today, cryptographically protected communications coupled with technologies such as OPC-UA Global Discovery Server (GDS), Device Provisioning, Advanced Physical Layer (APL), and Profinet are gaining traction. Concerns about the potential risks to DCS operations led to countermeasures being integrated into these technologies by expert teams that have both DCS as well as security competence. Looking ahead, identity certificates and encrypted protocols are expected to become standard practices.
Benefits of cloud and AI for OT
Cloud computing and AI offer significant advantages in OT environments, addressing some of the challenges current OT operations are experiencing. Cloud services provide flexibility and scalability, enabling organizations to adjust resources on demand with much lower upfront investments. Reliability and availability are enhanced through robust infrastructure, reducing the risk of downtime. Cost efficiency is improved as cloud solutions eliminate the need for on-site servers, resulting in predictable monthly expenses.
Cloud platforms also accelerate innovation through faster development and deployment cycles, while enhancing security and compliance measures with built-in encryption and access controls. AI applications further enhance decision-making by integrating qualitative, quantitative, and predictive analysis, automating data processing, and offering recommendations to improve operational efficiency.
Risks of cloud and AI in OT
Despite these benefits, there are inherent risks. AI, while powerful, can take autonomous actions that may have severe consequences if certain factors are overlooked. AI systems should primarily serve as advisory tools to build trust in their recommendations while human oversight is maintained. Additionally, transmitting sensitive data to AI providers presents privacy risks, which can be mitigated by using local AI models when possible. New AI-based threats, such as tainted training data or biased models, underscore the need for transparency and secure data handling. These threats can be mitigated by using local data models for training.
Dependencies on third-party cloud infrastructure introduce challenges with control and reliability, particularly for critical functions such as safety and basic operations. Redundancy measures should be in place to address these issues. Also, essential control system functions such as close-loop control or functional safety will remain local, the cloud solutions should be used primarily for non-essential DCS functions, such as monitoring and optimization or governance.
Applications of cloud and AI in OT environments
Cloud and AI technologies have broad applications in OT, beyond cyber security. AI can enhance operator capabilities by assisting in responding to abnormal process conditions using historical data and predictive models. With the application of AI technologies, the detection of potentially abnormal situations can be extended to cover a broader set of data points with much less engineering effort than with traditional alarm engineering (which of course will remain in place).
In Security Operations Centers (SOC), AI can streamline alert triaging, incident enrichment, and response through pattern recognition and the inclusion of large amounts of threat intelligence information. Generative AI (GenAI) can reduce the time spent on reporting tasks by SOC analysts, improving efficiency by automating incident and shift reports. Cloud and AI also help address resource shortages by centralizing expertise, allowing specialized knowledge to be leveraged across multiple sites, especially in areas where it would otherwise be unavailable.
The roadblocks
The OT cyber security landscape faces numerous challenges, with resource scarcity being a critical issue. There is a significant shortage of professionals with OT and IT cyber security expertise. Legacy systems, often accompanied by outdated or incomplete documentation, add further complexity, as they are deeply integrated into industrial operations and cannot be easily replaced.
Additionally, contextualized risk assessments pose difficulties, as many organizations struggle to identify attack surfaces and assess their business impact. Compliance with rapidly evolving regulatory frameworks is another pressing concern, as organizations must constantly adapt to new requirements.
However, exploring the collection of existing data in the DCS in combination with data analytics offers potential opportunities for overcoming these roadblocks.
Future trends in OT security
The future of OT security is poised to be shaped by several emerging trends. One significant trend is the increasing integration of machine learning and AI-driven analytics to predict and mitigate potential threats before they materialize. This proactive approach will enhance the ability to detect anomalies and respond to incidents in real time. Adopting blockchain technology will provide enhanced security for data integrity and traceability, ensuring that data remains tamper-proof and verifiable.
The convergence of IT and OT security practices will continue to evolve, leading to more unified and comprehensive security strategies. The rise of edge computing will enable faster processing of data at the source, reducing latency and improving the efficiency of security measures. As regulatory requirements become more stringent, organizations will need to adopt more robust compliance frameworks to meet evolving standards and ensure the protection of critical infrastructure.
The rapid evolution of OT cyber security demands a balanced and objective approach to risk management. By thoroughly evaluating the risks and implementing effective mitigation strategies, organizations can unlock the advantages of cloud and AI technologies, ensuring they drive innovation and enhance security.
