Acyberattack on any organization is always a serious incident with potentially costly consequences, not just in direct financial terms, but also for brand reputation. But when cyberattacks target industrial OT systems or utilities such as energy supply grids, the consequent damages can be severe, and not just economically.

One such example occurred in 2019, when a Western US utility was alerted to a serious incident by the authorities. Its own security systems had failed to detect the presence of cyberattackers who had entered the system and had gone unnoticed for months. In this case, there had been no further action from these external agents, yet the incident laid bare the potential consequences of such actions.

So, what might happen in the event of a successful attack on a utility? If a power outage hitting entire cities, business parks, or public buildings such as hospitals or airports were to occur, such a security breach could give way to a scenario that no country or community would want to have to face. One main difficulty that utilities encounter is that, as highlighted above, these organizations are often unable to detect security breaches.

Systems that were not designed for the digital era_

The energy sector in particular has a problem in that its systems were not designed to meet the challenges of the digital era. Both the information and operational technologies (IT and OT) that drive their IT resources are not adequate for dealing with the growing number of cybersecurity threats, and have the added disadvantage that in such an interconnected network, a cyberattack on one poorly protected component of the grid could bring down the entire power supply system.

This intercommunication of networks in the energy and industrial sectors makes organizations more vulnerable and adversaries are well aware of this, as utilities are witnessing exponential growth of cyberattacks on their systems. There is an additional component to this scenario: the motives are not exclusively financial, but can sometimes have a geopolitical angle. A 2019 survey by the Ponemon Institute of players in the energy sector revealed that 64 percent of respondents said that sophisticated, government-backed attacks were a top challenge.

Unified picture to detect cyberattacks_

One major difficulty that CISOs and technical teams in these organizations encounter is that they cannot analyze the entire volume of data on their systems and so some security breaches can go undetected. How can attacks on an infrastructure that is not prepared be avoided? Leo Simonovich, Vice President of Siemens Energy, published an article for the Atlantic Council about attacks on industrial and energy OT systems claiming that developments in artificial intelligence are set to be key to countering such attacks.

Simonovich explained that AI would provide “a unified picture of anomalous behavior and “draw out actionable insights for defenders” that could be used to stop attacks. Artificial Intelligence has become a fundamental tool in the dynamic environment of cyberattacks and, to this effect, Cytomic solutions integrate AI and machine learning as the basis of their technology.

The Cytomic Platform correlates and analyzes -in real time- more than eight million interconnected events thanks to AI and machine learning algorithms which, in addition to continually classifying applications according to their behavior, look for any type of suspicious behavior applying big data analysis in the cloud, even when there are no indications of malicious activity.

This way, CISOs and IT professionals in industrial or energy organizations could have far greater chances of detecting anomalies that could indicate a potentially serious incident or intrusion attempt.