Close Menu
    Cybersecurity for Specific Industries

    Navigating the Hype of AI in Operational Technology

    HackWatchitBy No Comments4 Mins Read
    Navigating the Hype of AI in Operational Technology

    At the ongoing S4x25 conference, Jeffrey Macre, industrial security solutions architect at Darktrace, highlighted the rapidly evolving role of artificial intelligence (AI) in operational technology (OT) environments. The discussion, titled ‘Navigating the Hype in AI,’ focused on demystifying AI’s applications in industrial control systems (ICS) and addressing its promises and limitations. 

    Setting the Stage: AI Imperative in OT 

    Macre began by highlighting the overwhelming consensus among global leaders on the necessity of integrating AI into their organizations. A striking 95 percent of respondents in Darktrace’s global survey acknowledged the need for AI to enhance security and resilience against emerging threats. However, a mere 26 percent of these leaders truly understood the different types of AI embedded within their security platforms. 

    This disparity set the foundation for the session’s core objective: to bridge the knowledge gap and empower security professionals to critically evaluate AI claims made by vendors. 

    Understanding AI fundamentals: Supervised vs. Unsupervised learning 

    The session delved into two primary forms of machine learning—supervised and unsupervised—both pivotal in OT cybersecurity. 

    1. Supervised Machine Learning (ML): 
    • Purpose: Detects known threats by analyzing pre-labeled data such as common vulnerabilities and exposures (CVEs), threat intelligence feeds, and known attack patterns. 
    • Application: Predominantly used in threat detection tools that rely on historical data to identify familiar attack vectors. 
    • Limitations: Ineffective against zero-day threats or novel attack techniques that haven’t been previously documented. 
    1. Unsupervised Machine Learning (ML): 
    • Purpose: Identifies unknown or novel threats by analyzing patterns and anomalies within real-time data without relying on predefined labels. 
    • Application: Crucial for predictive maintenance, device behavior analysis, and detecting emerging threats that deviate from normal operational baselines. 
    • Benefits: Offers greater adaptability in dynamic environments, making it indispensable for detecting sophisticated, previously unseen cyber threats. 

    Generative AI: New frontier in OT security 

    Moving beyond traditional ML models, Macre explored the burgeoning field of generative AI, particularly large language models (LLMs). He shared a case study involving a Frito-Lay facility where AI-driven acoustic analysis was used to optimize production. By monitoring the sound of corn processing, the AI system adjusted operations in real-time to maintain product consistency—a testament to AI’s potential beyond cybersecurity. 

    Common Use Cases for Generative AI in OT: 

    • Data Retrieval and Optimization: Enhances efficiency in analyzing complex PLC logic and network traffic. 
    • Content Summarization: Synthesizes data from multiple sources to provide actionable insights. 
    • Automated Code Generation: Assists in creating and optimizing PLC code based on real-time feedback. 
    • Multilingual Support: Translates security alerts for global operations, improving situational awareness across diverse teams. 

    Critical Considerations: Limitations of AI 

    Despite its advantages, AI is not without flaws. Macre emphasized key limitations: 

    • Accuracy Challenges: AI systems can produce false positives or negatives, especially when trained on biased or insufficient data. 
    • Data Privacy Concerns: Supervised ML often requires internet connectivity to ingest threat intelligence, raising potential security risks related to data exposure. 
    • Over-Reliance on AI: Organizations must avoid viewing AI as a silver bullet; human oversight remains crucial to validate AI-driven insights. 

    Key Questions to Ask Vendors 

    To empower attendees in evaluating AI solutions, Macre provided a checklist of critical questions: 

    1. What are the strengths and limitations of your AI models? 
    2. Is the AI continuously learning or reliant on static datasets? 
    3. Where is the data analyzed and stored—on-premises or in the cloud? 
    4. How do you prevent bias in AI training models? 
    5. What measures are in place to minimize false positives and negatives? 

    The Path Forward: Combining AI with Human Expertise 

    Macre concluded with a message that AI is a transformative tool, but it’s true value emerges when combined with human intelligence. Security professionals must not only deploy AI solutions but also understand their underlying mechanisms, continuously question their outputs, and adapt strategies as threats evolve. 

    The session served as a critical reminder that while AI can significantly enhance OT security, its efficacy depends on informed implementation, rigorous evaluation, and ongoing collaboration between technology and human expertise. 

    Final Thoughts 

    The S4x25 session on AI in OT environments was more than just a technical deep dive; it was a call to action for security leaders to become discerning consumers of AI technology. As organizations increasingly integrate AI into their cybersecurity arsenals, the ability to separate hype from reality will be key to building resilient, future-proof security strategies.


    Industrial Cyber News Desk


    Industrial Cyber News Desk

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Leave A Reply