AI and ML Can Boost Cybersecurity Incident Response in the Utility Sector
This paper describes the current challenges faced by energy companies, the implications of observable industry trends, the characteristics that potential cybersecurity solutions must meet, and how artificial intelligence (AI) and machine learning (ML) can meet these requirements.
Protecting endpoint operating technologies (OT) is an increasingly important challenge for the energy sector. As energy companies continue to digitize existing assets and build new assets with intrinsic network connectivity, they present an ever-expanding target for escalating attacks. Trends show that cyberattacks on OT targets have increased in frequency and sophistication. Meanwhile, structural mismatches in the life cycles and maintenance cycles present a challenging business case for companies seeking to defend assets, rendering current cybersecurity best practices both technically difficult and potentially unaffordable to sustain.
Overall, the energy industry has made tremendous progress in maturing cybersecurity capabilities. Yet, current practices leave significant gaps because of lags between updates. Put simply, systems patched on Monday are powerless on Friday to stop attack methods developed on Tuesday, Wednesday, or Thursday.
To meet this challenge and answer both the technical and the business case, future cybersecurity solutions need to meet clear requirements: They must function while isolated; remain potent between updates; provide flexibility for deployment in unique, widely varied OT configurations; and meet or exceed the cost/benefit ratio of current practices. Artificial intelligence (AI) and machine learning (ML) offers these characteristics, as well as ancillary benefits.
This paper describes the current challenges faced by energy companies, the implications of observable industry trends, the characteristics that potential cybersecurity solutions must meet, and how AI and ML can meet these requirements.