AI in the OT/IoT environment: Deus ex machina – the good, bad & ugly
Antoinette Hodes is a Global Solutions Architect, specializing in IoT, and serves as an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years and is an experienced security solutions architect in the cyber security industry.
In this high-caliber, expert interview with Antoinette Hodes, we discuss how AI is shaping the fields of OT and IoT, the risks and challenges associated with implementing AI in OT/IoT environments, and the questions that OT/IoT industry leaders should be asking. In addition, we explore AI-based OT/IoT solutions with a critical eye towards what’s upcoming on the horizon. If you want to know about what’s happening in regards to AI and OT/IoT, don’t miss this interview!
Let's get started.
How is artificial intelligence shaping the field of OT (Operational Technology) and IoT (Internet of Things)?
Let me start with “the good”… The use of AI (and ML) is massively improving operational efficiency and productivity; think of automated security tasks. AI is offering better and faster automated decision-making. It helps in addressing topics like monitoring, providing in-depth, real-time visibility and insights into the OT assets' performance. Another benefit of AI is that telemetry data can be harvested, and it holds very valuable information, such IoC (Indicators of Compromise) or can spot potential malicious traffic and lateral movement in the network (inspecting East-West but also North-South traffic). The latter is amazing, as AI has enabled machines to make autonomous decisions and perform complex tasks that would otherwise be impossible in the absence of human intervention.
AI combined with DL (Deep Learning) models are preventing issues/problems and minimizing damage. Furthermore, AI is enhancing trust. Now combine that with Industry 4.0, the fourth industrial revolution, which is characterized by the integration of advanced technologies, such as the Internet of Things (IoT), cyber-physical systems, cloud computing and big data analytics. This integration provides real-time visibility and transparency as mentioned above, across the entire process, enabling OT environments to optimize their daily operation, reduce costs and improve productivity.
Would you like to share an example of how AI has been successfully used to enhance efficiency and productivity in OT and IoT apps/environments?
Let’s focus on Industry 4.0, in which AI can be used to automate and optimize different manufacturing processes, including predictive maintenance (extending lifespan of assets), proactive remediation (minimizing damage), detecting anomalies and threats (minimizing impact and risk of security issues), quality control (reducing the need for human inspection), supply chain management (efficient inventory management, real-time tracking of goods and faster response to customer demand) and production planning. By incorporating AI-driven systems and algorithms, manufacturers can achieve higher levels of efficiency, productivity and accuracy, leading to improved performance and profitability. Other AI-related successes include becoming green (low emission and carbon footprint,) reduction of waste (effective recycling and reuse) and autonomous robots (carry out complex tasks with high degree of accuracy). Basically, AI improves OT, Industry 4.0, IoT & Industrial IoT environments. If we take a look at “the bad,” we see increased complexity and expanded attack surfaces (from all those smart, internet connected assets). The big question is: How do we address those security concerns? Do we have the right security controls in place?
What are the potential challenges and risks associated with implementing AI in OT and IoT environments?
“The ugly” is that AI can become an attractive attack vector that can lead to harm in the OT environment. And what about reliability risks? How will AI handle corrupted data for decision making? Is the interpretation right (false positives and negatives)?
What will happen if there are serious and unexpected problems, design errors, malfunctions and cyber attacks? Another worry pertains to the vast amounts of data and the privacy concerns that come with that data. And then we have the ethical issues.
How can the challenges be addressed?
AH. Good cyber hygiene with security controls based on zero trust and zero tolerance are needed to keep the OT and IoT environments safe. Mandatory regulations will help to address security concerns, however they will not address the AI itself. AI should be regulated to address concerns like: Data protection, bias, transparency, accountability, and privacy. In early 2020, the European Commission released its white paper on AI, which outlined its approach to AI regulation, highlighting the need for transparency, accountability, and fairness. Additionally, countries such as Canada and Japan have also introduced guidelines on ethical AI development. Another example we have seen U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023. Two researchers won a Zero Day Initiative hackathon by taking control of industrial systems through the use of ChatGPT.
Is there anything else that you wish to share with the Cyber Talk audience?
Now with Industry 4.0, it is key to minimize security concerns associated with convergence of IT and OT. Things that we need to think about include: How is the shop floor addressing the expanded attack surface, how to guarantee there is no impact on processes, or production critical downtime.
I tend to compare what's happening now with the second Industrial Revolution, in which the first cars were build around 1899. There were no regulations, traffic rules…etc. whatsoever and yet it changed the world immensely. Let’s take a look at the concept car with the horse head, Horsey Horseless. The car was developed in such a way as to avoid scaring other horses on the road and you could easily discern where the front of the car would be; although it is unclear as to whether or not it was ever manufactured.
And what about the first electrical car? This car was produced by the Baker Motor Vehicle Company in 1902.
I would like to conclude that the future of AI is promising, with ongoing advancements in ML, natural language processing and computer vision. AI will transform the way we live (personalized experiences and personalized healthcare) and work (transform the job market itself).
AI launches us right into Industry 5.0. The fifth industrial revolution follows a human-centric model. It is about people utilizing all Industry 4.0 technologies and AI to work faster, more effectively, efficiently, and better. “There is no reason and no way that a human mind can keep up with an artificial intelligence machine by 2035.” — Gray Scott, the futurist, techno-philosopher.
For more insights from Antoinette Hodes, please see CyberTalk.org's past coverage. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.