The Growing Role of AI in Industrial IoT Security and How Vendors Can Utilize It to Accelerate IoT/OT Security Maturity

Ontinue, a leading provider of Artificial Intelligence (AI)-powered detection and response, has announced ION for IoT Security: an expansion of its managed MXDR service to encompass IoT/Operational Technology (OT) environments, in collaboration with Microsoft Defender for IoT. As an additional bolt-on service to the flagship MXDR, ION for IoT Security brings together Microsoft’s passive neutral sensor technology for comprehensive inventory-taking of connected Internet of Things (IoT) devices with Ontinue’s 24/7 ION Cyber Defense Center and AI-enhanced analytical capabilities, producing a managed service that boasts tailored incident assessment and response, coupled with expert-supported guidance for Critical Infrastructure (CI) operators utilizing IoT technology within their OT ecosystems, namely Industrial IoT (IIoT).

Ontinue’s announcement signals the continuing convergence between security in the OT and Information Technology (IT) spaces, with ION for IoT Security promising enhanced security protection for IoT/OT, which parallels what is available for traditional IT environments. The rise of IIoT is predominately fueled by demands for bolstered efficiency and productivity, with integrated IoT devices used to enhance the monitoring, decision-making, and asset management capabilities of existing CI ecosystems, as well as to modernize existing CI legacy assets by equipping them with Internet connectivity via the IoT. Yet, embedding IoT devices into OT systems simultaneously expands the attack surface that OT systems are exposed to, innately rendering those systems more susceptible to cyberthreats and new system vulnerabilities.

ION for IoT Security’s launch is the latest manifestation of a trend that is likely to accelerate in the coming years: boosted investment in a company’s IoT/OT security posture in an effort to align with increasing digitalization efforts in the OT space. By combining its detection and response services with AI-powered capabilities, Ontinue’s solution demonstrates AI’s emerging role in accelerating the maturation of the IoT/OT security market. AI’s pattern recognition capabilities are a force multiplier when it comes to effectively analyzing network activity and anomaly detection, thus enabling proactive threat detection and avoiding the immobilization of essential services, i.e., dreaded downtime. Expertise and knowledge gaps plague OT security as it stands. These gaps, in conjunction with staffing and resource pressures, contribute to the growing momentum for automated security capabilities in the OT space that will continue to stimulate AI adoption within IoT/OT security. Automated solutions that offer Chief Information Security Officers (CISOs) and their teams a support presence streamline threat detection and incident management, reducing management overhead and accelerating teams’ IoT/OT security maturity by providing tailored IoT/OT security expertise.

The functionalities prioritized by Ontinue within its ION for IoT Security service are aligned with the security priorities for CISOs in the OT space, while simultaneously showcasing the growing role that AI is expected to have in bolstering the growth of this subsegment. Yet, despite its advantages, it is important to note that AI is not a panacea for the issues faced by IoT/OT security. Adopting AI-enhanced solutions should be approached with caution and the requisite protections put in place. Thus, to best capitalize on the potential of AI’s potential in IoT/OT security, OT operators and CISOs should take the following actions:

• Prioritize Inventory-Focused Solutions: Given the large number of interconnected IoT devices in one OT system, as well as their extended shelf life, asset management is a crucial security issue for OT operators. Additionally, clear visibility is of increasing importance due to the mounting regulatory and standards pressures faced by CISOs and OT operators. Within the European Union (EU), legislation governing critical infrastructure has ramped up in recent years, namely with the introduction of the NIS2 Directive and EU Cyber Resilience Act, with the latter dictating security standards for all connected devices, including IoT devices. Vertical-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), International Organization for Standardization (ISO)/ International Electrotechnical Commission (IEC) 27001, North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP), etc.), IIoT-specific standards (National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), ISO 27000, etc.), and Industrial Control System (ICS) standards that pertain to all embedded components (IEC 62443) all require careful compliance from OT operators. Thus, inventory-focused solutions that ameliorate security risks caused by poor device visibility will be king, especially those that are augmented with AI-enhanced capabilities.

• Implement a Multi-Layered Security Approach: Despite AI’s advantages as a shield in advanced threat detection, Machine Learning (ML) can also be weaponized as a sword by malicious actors. Combining AI with multiple layers of security is key to defending against the potential security challenges it poses. This can include integrating AI within a Zero-Trust architecture, helping to alleviate the potential latency challenges that implementing Zero-Trust principles, such as continuous authentication and strict access control, into OT environments poses. Simultaneously, Zero-Trust models can help detect data or model manipulation on the ML side, protecting against potential adversarial attacks.
• Consider Which Type of ML Is Best for Your Organization’s Purposes: While one-size-fits-all-solutions may be sufficiently abstracted to fit a wide range of use cases, OT security is a diverse and, at times, fractured ecosystem, often with differing priorities across different verticals. Selecting an algorithmic approach that is aligned with these priorities is essential to maximizing the benefits promised by AI within IoT/OT security. For example, clustering algorithms are well-adapted to identifying anomalies in IoT device operation, while rule-based systems are suited to learning particular policy or security rules from a given set of data.
• Invest in IoT/OT Security Now, Rather Than Later: Compared to other subsegments in Critical Infrastructure (CI) security, OT/IoT security spending is expected to grow at the fastest rate, placing increased impetus on CISOs and OT operators to invest now, rather than later. As a growing category in OT and CI security spending, IoT/OT security is a ripe market for increased AI deployment, helping to shift further away from the habitually reactionary nature of OT security toward a more dynamic, proactive approach.