Security issues stemming from the integration of information technology (IT) and operational technology (OT), could be addressed through artificial intelligence (AI), although the technology could also be leveraged by malicious actors, according to a Cisco study.

The report, conducted by Cisco and Sapio Research, surveyed 1,000 industry professionals across 17 countries and found cybersecurity challenges and AI adoption are top concerns for large OT organizations.

As OT networks increasingly converge with IT systems, such as enterprise resource planning (ERP) and manufacturing execution systems (MES), they enhance production management but expose companies to more cyber threats.

The survey results indicated unpatched vulnerabilities in outdated software across legacy systems make IT/OT a target for threat actors launching malware and ransomware attacks.

Most respondents said they expect AI to enhance network management (49%) and improve collaboration between IT/OT teams (46%).

As operational technology becomes an increasingly desirable target for threat actors, AI offers a more efficient and effective approach to automated detection, analysis and response compared to traditional rule-based methods.

With this approach, multiple ML techniques are needed to gain accurate insight and intelligence like understanding the pattern of life of an organization’s assets using multiple layers of pattern analysis, probabilistic modeling and relationship analysis.

Using this inherent understanding, anomaly detection can be performed to identify asset misuse, abuse and misconfigurations.

“This can also highlight novel attacks, insider threats and security vulnerabilities, said Marcus Fowler, CEO of Darktrace Federal.

Limits of the Air Gap Approach

He explained many organizations featuring OT environments have tried to maintain an ‘air gap’ within their environments, distinctly separating the management of their IT systems from their OT environments.

“However, modern IT/OT convergence and network complexity makes maintaining this divide increasingly difficult – creating a critical need for active visibility, continuous monitoring of network activity and validation of segmentation,” he said.

This approach positions organizations to identify all points of IT/OT convergence, showcasing key areas of cross-activity and helping organizations achieve more cohesive alignment between teams.

“The key to success is shifting away from viewing IT and OT security in siloes to a more holistic cyber-physical security view,” Fowler said.

He said when integrating IT and OT, organizations must also keep in mind that historically these teams have had different priorities.

While IT teams have long embraced the benefits of digital transformation in their business operations, OT teams are often dependent on legacy systems and therefore have traditionally been slow to adopt new technologies — creating new vulnerabilities and areas of opportunity for bad actors to exploit.

“To combat this disconnect, it is vital that organizations look to platforms that can secure both IT/OT environments, enabling teams to work across environments and develop an understanding of every point of convergence between their IT/OT environments,” Fowler explained.

AI as Force Multiplier

Jose Seara, CEO and founder at DeNexus noted OT systems are harder and more costly to patch than IT systems — narrow maintenance windows, staff needed to be deployed on-site at multiple facilities, or even obsolete firmware that’s no longer supported.

“Given these constraints, CISO need to evolve to a risk-based approach to cybersecurity with AI-based risk model guide them in identifying vulnerabilities that could trigger the greatest financial damages to the organization,” he said.

He said AI can be a “force multiplier” that brings unprecedented efficiency in the detection of anomalies and intrusions across hundreds, if not thousands, of endpoints that might be deployed in industrial environments.

Seara said implementing cybersecurity solutions between IT/OT is an opportunity to reinforce team collaboration, develop a common understanding of respective constraints and opportunities, and agree on continuous monitoring protocols for IT/OT systems.

“Running what-if scenarios on risk mitigation projects is essential to avoid wasting time and resources on projects with low or limited results in reducing risk,” he said.