Artificial Intelligence and the IT/OT security convergence.

The convergence of Information Technology (IT) and Operational Technology (OT) brings many benefits, but it also introduces new cybersecurity concerns, especially for small and medium companies. Artificial intelligence is expected to assist in addressing some of these problems; nonetheless, several obstacles must be overcome.

The convergence

The IT/OT convergence refers to the integration of two previously distinct technology fields. Information Technology encompasses the systems and technologies used to store, process, and transmit information, such as computers and networks [1]. Operational Technology, on the other hand, refers to the technologies and programmable systems that are used to monitor and control physical devices and processes in industries such as manufacturing, energy, and transportation [2].

The convergence of IT and OT allows for better communication and coordination between the different systems, tools, and technologies used in these fields. This enables organizations to gather and analyze data from their operations more efficiently, resulting in increased efficiency, productivity, and decision-making. Additionally, the integration of IT and OT can provide new capabilities and applications, such as predictive maintenance (PdM) and remote monitoring of equipment [3]. Overall, the convergence of IT and OT is boosting the development of novel technologies and applications that are transforming industries (e.g., see Industry 4.0) and improving how we live and work.

Security implications

However, the IT/OT convergence introduces new cybersecurity concerns and a much-broadening threat landscape. Evidently, as these two fields become more integrated, cyber attackers have more opportunities to gain access to legacy OT systems through porous IT networks. This security disparity leads to a range of security threats, such as malware attacks, ransomware attacks, data breaches, and disruptions to critical infrastructure. Furthermore, the merger of these two industries jeopardises critical infrastructure, which is necessary for supplying essential economic and social activities.

The European Union Agency for Network and Information Security (ENISA) reiterates that one of the main concerns with the convergence of IT and OT is that many OT systems were not designed with cybersecurity in mind [4]. OT systems may have outdated software, weak passwords, and broken security protocols, making them vulnerable to attacks. Additionally, the integration of IT and OT can create new attack surfaces for cyber attackers to exploit, as the increased connectivity between systems creates more entry points for potential breaches [5].

To address these concerns, organisations need to implement robust cybersecurity measures that protect both their IT and OT systems. This includes implementing strong authentication and access controls, regularly updating software and security protocols, and monitoring networks for potential threats. It is also essential for organisations to develop a comprehensive cybersecurity strategy that considers the emerging threats and vulnerabilities of their IT and OT systems. The National Institute of Standards and Technology (NIST) recently released the first public draft of the Guide to Operational Technology (OT) Security. This document advises how to improve OT systems’ security while meeting their unique performance, reliability, and safety needs [6].

Artificial Intelligence (AI)

Artificial intelligence is increasingly viewed as a key enabling technology that may assist minimise the cybersecurity concerns associated with the convergence of information technology and operational technology in a variety of ways.

First, AI can be used to improve the security of IT and OT systems by identifying potential vulnerabilities and providing real-time threat detection and response. This can help prevent cyber-attacks and minimise the damage caused by any successful breaches.

Second, AI may be used to evaluate massive volumes of data from IT and OT systems in order to find trends and anomalies that may signal a security risk. AI-powered tools can help organisations detect potential threats earlier and respond more quickly and effectively. AI can also be used to automate certain security tasks, such as monitoring networks, applying security patches, and creating and updating firewall rules freeing up human security personnel and analysts to focus on more complex tasks.

Finally, AI can be used to improve the overall resilience of IT and OT systems by providing predictive analytics and actionable intelligence that help organisations proactively identify and prevent possible vulnerabilities from being exploited by threat actors. Overall, the emerging consensus is that using AI can help organisations more effectively manage the security of their IT and OT systems, reducing the risks and impacts of cyber attacks.

AI cyber defense uptake and upscale

There are various limitations on the application of AI in cybersecurity, including the quality of the training data, the possibility that AI algorithms might be tricked or manipulated by attackers, the ethical concerns raised by the use of AI in this context, bias and discrimination against groups of people. Furthermore, AI models can be challenging to interpret, which can reduce their use in cybersecurity applications. Next, most AI-driven tools in the market come with a high price tag. Critically, for most small and medium companies, AI remains both a technical bottleneck and a black box. There are a few ways to address these limitations.

First, leverage IT automation and microservices to allow small companies to have better control and access to real-time threat detection sensors. Threat telemetry sensors can harvest Indicators of Compromise (IOCs) both within company networks as well as across open sources (e.g., social web, dark/clear web, community feeds). Privacy-preserving federated learning (FL) can minimise east-west and north-south data mobility for improved accuracy, enhanced trust, and reduced computing costs.

Second, improve access to raw data required for training Deep Learning (DL) models. Most businesses and developers lack access to raw data (e.g., PCAP files) to train robust AI cybersecurity systems. Small and medium-sized businesses, in particular, often don’t have the resources to collect and process large data sets to build DL models that fit their business needs and operational environments. To address this gap, novel DL architectures (e.g., see Figure) can be used to generate benign and/or malicious synthetic network traffic in the lab. Synthetic data can then be used to train and fine-tune AI systems and help overcome the current limitations.

Third, integrate tools that can provide AI transparency, actionable insights, and metrics regarding the performance and behavior of AI systems. For example, machine learning operations (MLOps) can enable developers to integrate AI and ML fairness, explainability, and interpretability libraries into threat telemetry pipelines.

Finally, cyber defence systems like intrusion detection systems (IDS) are crucial for network security because they enable detection of and response to malicious traffic. However, as next-generation communications networks (e.g., 5G and 6G) become increasingly diversified and interconnected [7], intrusion detection systems are confronted with dimensionality difficulties. As a result, AI models must be optimised for maximum performance and accuracy while minimising the probability of false positives. Optimisation algorithms can help us understand which network parameters are more critical for developing anomaly detection and classifiers against known or unknown cyber threats [8].

[1] Watson, James, and Anne Hill. Dictionary of media and communication studies. Bloomsbury Publishing USA, 2015.