Why effective OT cyber security means learning on the job

1 April 2020 | 21959 Shares


Historically, when CISOs thought about cybersecurity, they typically prioritized implementing measures for software systems over those for physical assets. But the threat landscape has rapidly evolved over the past few years, and a new kind of threat is on the rise. Sophisticated attackers have set their eyes on a different type of target: the technology systems that support manufacturing, energy generation, and transportation. CISOs are now held responsible not only for securing the digital business, but also its physical infrastructure. And as Operational Technology (OT) becomes more and more digitized, from the advent of AI-powered cranes to automated trains, this challenge has become nearly insurmountable.

Our new reality is that physical assets are just as susceptible to cyber-attacks as their purely digital counterparts and demand just as much protection. Indeed, if hacked successfully, OT systems are capable of generating far more considerable damage than a standard hijacked IT device; the potential carnage arising from unauthorized access to a nuclear power plant hardly needs to be spelled out. And with the digitalization of a host of industrial technologies continuing apace, the number of entry points for cyber-criminals increases, making the situation even more fraught.

A growing number of workspaces are now leveraging new and interesting applications of intelligence-powered, connected devices. According to the World Economic Forum, there are already 21 billion IoT devices worldwide; by 2025, this number is predicted to have doubled. Unsurprisingly, the industrial sector is one of the principal beneficiaries, using smart devices in an array of forms, from monitoring machinery to facilitating the production flow. Even oil rigs have gone digital, streamlining and partially automating operations.

IoT has precipitated such efficiency and cost-saving benefits, making it a savvy investment for many organizations. But, the unfortunate counterpoint to smart technologies’ proliferation is the exponential widening of the attack surface, leaving companies more vulnerable than ever before.

To protect these deployments, organizations need a smart cybersecurity solution that is capable of neutralizing all types of cyber-threat across both OT and IT systems.

Many companies facing the challenge of defending both cyber and physical infrastructure have turned to Darktrace, a world-leading cyber AI company, for the answer. Using an ‘immune system’ approach to cybersecurity, its technology works by learning the unique ‘DNA’ of each organization. Through a combination of unsupervised and deep learning techniques, the cyber AI understands ‘normal’ for every user, device, and container across both IT and OT environments – enabling it to detect deviations indicative of a threat in real-time.

Operative in industrial environments, Darktrace monitors this sense of normal across both OT and IT networks, observing the entire digital business in one, unified view. Technology, industry, and protocol agnostic, Darktrace’s Industrial Immune System is adaptable to both the newest and oldest technological devices. Everything from the latest after-market sensors, through to the “traditional” attenuators are protected.

Such contextual knowledge of the entire digital estate enables the identification of the most subtle indicators of threat. With Darktrace’s module Antigena, the AI goes one step further, autonomously responding to threats at machine speed, and neutralizing them in their tracks. Antigena’s surgical precision means that only malicious activity is stopped – normal business actions are free to continue, even on infected devices or systems.

These capabilities are vital for the business continuity of Industrial Control Systems – downtime is not an option. Continually examining the digital environment, Darktrace can take action against emerging threats as soon as they occur. And with the cyber AI’s evolving understanding of ordinary, these anomalies are always current and relevant.

This means that ROI is protected by the most up-to-date technology and digital insights, so malware cannot take over or jeopardize what are, in some cases, multi-million-dollar investments.

In turn, uptimes are maximized, and productivity can be guaranteed, as no malware is allowed into any part of the network, from remote installations to main facilities. Thanks to cyber AI, Darktrace can detect and contain the silent threats that consistently bypass traditional defense mechanisms.

Already protecting industrial environments around the world, from Drax, the UK’s leading power infrastructure company, to King’s Hawaiian, a favorite US food manufacturer, Darktrace is at the forefront of industrial cyber defense.

To learn more about Darktrace Industrial, and understand its specific features in the context of your environment, visit the Darktrace website today.