Moreno Carullo, co-founder and CTO, Nozomi Networks
Moreno Carullo, co-founder and CTO, Nozomi Networks

ICS (Industrial Control Systems) and SCADA systems are a vital part of the UK's critical national infrastructure, yet they are among the most vulnerable systems in use. Many were originally designed before security became an issue, so traditionally they are not well-protected. Over the years, we've seen attacks shutting down plants and affecting facilities – uranium centrifuges in Iran, a blast furnace in Germany and more recently infiltrated systems of German conglomerate ThyssenKrupp are all evidence that hackers are successfully targeting these systems.

The threat is real and will only increase. So how can we keep our critical infrastructure safe from hackers?

Man versus machine

Traditional cyber-security solutions have involved cumbersome manual configurations, a requirement that doesn't fit with the complexity of industrial installations and the skill set of industrial engineers.

A standard power plant will typically have thousands of real-time processes that generate a high volume of data. Analysing and monitoring this data to detect anomalies that might be caused by a cyber-attack is akin to mission impossible – unless you have two things. One is the help of advanced computer science techniques such as AI and machine learning and the other is the insight and structure that ICS security experts provide to these techniques to make them effective.

Direct programming versus machine learning

Standard networking and cyber-security tools rely heavily on direct programming. Using this technique, a programmer has an idea, they code it, and then the computer executes it. In contrast, machine learning is devoted to solving problems without direct programming. Instead, the principle is to program algorithms that use artificial intelligence to learn from data to solve problems, with minimal additional direct programming.

The software engineers who design machine learning algorithms for securing critical infrastructure need to collaborate with experts who have a deep understanding of ICS cyber-security. Then they can create the structures that allow the machine-learning algorithm to view and interpret data correctly. Once AI algorithms are enabled in this way, they can rapidly analyse high volumes of data that are impossible to evaluate any other way.

Machine learning examples

To illustrate the machine learning process, think about the way humans make sense of the world. For example, our eyes capture shapes and colour, our ears sound, and even our skin feeds back basic information to build a picture of our surroundings. To this, a “second layer” is then added by our brains that uses historical information to decode the shapes, sounds, etc and flesh out the scenario our senses have captured. For example, we may see a man climbing a ladder to an open window. Our brain deciphers the clues to add context and determines if the activity is normal or suspicious.

In the ICS and SCADA world, machine learning can be used to model large, heterogeneous industrial systems and the thousands of processes they run. It can also be combined with behavioural analytics and continuous monitoring to automate anomaly detection. The result is rapid identification and alerting of possible breaches and incidents in real-time. This speeds the investigation of incidents and contains attacks before significant damage can occur.

Machine learning helps secure critical infrastructure

Cyber-security is an important field where machine learning and artificial intelligence has the potential to make a significant difference. The ability to learn from large data sets enables the discovery of hidden correlation that is simply too complex to be identified by humans using direct programming techniques.

Critical infrastructure components are firmly in the crosshairs of sophisticated and well-organised hackers, whose goals of malicious disruption are broad and varied, but it's just one element of the challenge. To truly ensure reliability, cyber-security and real-time operational monitoring go hand-in-hand. Innovation and implementation of advanced cyber-security technologies, such as machine learning and artificial intelligence, are an important step toward safe and reliable critical infrastructure.

Contributed by Moreno Carullo, co-founder and CTO, Nozomi Networks

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.