11 Oct 2022
by Dr Ryan Heartfield

Securing UK Manufacturers from Cyber Attacks with Cyber-Physical AI (Guest blog by Exalens)

Guest blog by Dr Ryan Heartfield, Co-founder and CTO / Chief Scientist at Exalens #Cyber2022

Manufacturers have been transforming their operations to harness the power of connected devices to optimise production, but this move to enhance operational output has opened the door to new threats– cyber criminals eager to take advantage of gaps in the system.

According to IBM’s X-Force Threat Intelligence Index, manufacturing ranked as the most targeted industry by cyber attacks in 2021. This unfortunate prize used to be awarded to financial services, but the landscape has shifted and so has the focus of threat actors.

Let’s look at the nature of these risks, and actions that manufacturers can take to minimise the impact of cyber attacks using artificial intelligence (AI).

Risks that manufacturers are facing

Many businesses operate under the misconception that they are unlikely targets and that cyber criminals prefer to infiltrate larger enterprises. But it’s shown that attacks are more likely to occur on the vulnerable. Cyber criminals of all stature are searching for the path of least resistance– casting a wide net for easy marks to compromise and extort.

Ransomware was observed as the primary method of attack against manufacturers (after initial access was gained). Malicious actors find vulnerabilities in a system, gain access, encrypt its contents (and in various cases steal it as well), then demand payment to release the data back to its owner. 

Ransomware as an attack may have multiple other vectors leading to it. Malware (malicious software), a broad term which ransomware falls under, represents a host of programs used to gain control of a system and cause harmful actions (locking devices, disrupting system processes, deleting, corrupting data, or stealing data etc). Phishing operations (social engineered emails luring people to fake websites to extract sensitive information, or with infected file attachments that will compromise their system) have also been a key area of exploitation. All of which provide an entry point to compromise a company and need few resources to execute.

Mitigate risk with the fundamentals

The first step to cyber defence requires a cultural mindset and alignment from the organization and teams on strategies and measures. This means creating policies to patch and update firmware and operating systems and enforcing security protocols for secure passwords, keys, and multi-factor authentication. Manufacturers should have a system backup and restore strategy and need to build a network map with their interconnections.

This is not an exhaustive list, but it can act as a starting point. There are always new tactics being used by criminals, so this is often a one-sided interaction. Organizations find themselves playing catchup in a never-ending game of attack and defence.

But there are new developments using AI that further mitigate risks and reduce incident response time so that manufacturers can stay resilient in the face of attacks.

Build resilience to cyber attacks with cyber-physical AI

Resilience is the key objective to prioritise when it comes to cyber attacks, because threats are inevitable, and we cannot eradicate the source of every malicious attempt – no matter how many preventative controls we may put in place!

The challenges add up for manufacturers because they are entering a new paradigm with cyber-physical interconnections. IT and OT systems now interact to optimise production with connected devices. But this ever-growing interplay between the digital and physical world compounds the demand for cybersecurity. Digital transformation for operators means understanding new and probable risks, dealing with an increased load of data processing, time restraints to coordinate growing complexity, and a skills gap between available human resources and the necessary experience to manage these workflows.

Through research I conducted with other leading academics, we categorised cyber-physical threats and their impact on smart environments and used deep learning models to detect cyber-physical intrusions. Our research showed that AI offers scalable solutions to support the growing cyber-physical security demands on smart environments. This research background led me to co-found Exalens where we focus on securing smart manufacturers with cyber-physical AI – which intelligently combines both computer-related and physical process data to improve the way in which operational threats are detected and categorised.

Cyber-physical security may be a new term to some, but it is a more complete description of what manufacturers are facing. Visibility across the interconnection of every system adds complexity but is vital for security. AI allows us to utilise data from cyber-physical systems to test and train models, then automate processes.

The benefits of cyber-physical AI for manufacturers include:

  • Real-time visibility and correlation between IT and OT systems
  • Automated detection and classification of threats and faults (e.g., cyber attack vs equipment failure)
  • Increased speed of incident detection
  • Reduction in operational downtime
  • Reduced burden on the workforce
  • Reduction in human error
  • Improved oversight, responsiveness, and serviceability by IT and OT teams

The pathway for manufacturers going through their digital transformation journey requires a first step– establishing a firm foundation of cybersecurity protocols and solutions. The next step forward for manufacturers building resilience to cyber attacks requires scalable solutions that leverage the power of cyber-physical AI to automate processes. This reduces the burden on the team, improves cyber-physical visibility, and speeds up response time to threats, which increases resilience and reduces downtime.


Help to shape and govern the work of techUK’s Cyber Security Programme

Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.

*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.


Upcoming events 

Cyber Innovation Den

On Thursday 3 November, techUK will host our fourth annual Cyber Innovation Den online. This year we’ll explore efforts being made to realised the ambition set out in the National Cyber Strategy, with speakers taking a look at the progress we’ve seen to date, including the foundation of the UK Cyber Security Council, the reinvigoration of the Cyber Growth Partnership and the continued growth in the value of the sector to the UK economy.

Book now!

Cyber Security Dinner

In November techUK will host the first ever Cyber Security Dinner. The dinner will be a fantastic networking opportunity, bringing together senior stakeholders from across industry and government for informal discussions around some of the key cyber security issues for 2022 and beyond.

Book now!


Get involved

All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.

lock-tech-security-web-training.jpg

The Cyber Management Committee sets the strategic vision for the cyber security programme, helping the programme engage with government and senior industry stakeholders.

Office-working-laptop-196947631-web-1500px.jpg

The CSSMEF is comprised of SME companies from the techUK membership. The CSSMEF seeks to include a broad grouping of different SME companies working in the Cyber Security (CS) sectors.

 

 

Authors

Dr Ryan Heartfield

Dr Ryan Heartfield

Co-founder and CTO / Chief Scientist, Exalens

Dr. Ryan Heartfield Co-founder and CTO/Chief Scientist at Exalens. He has over a decade of experience in combatting complex cybersecurity threats through AI-driven threat detection and incident response capabilities, and dynamic software-defined network security architecture.

Prior to Exalens, Ryan was a senior security architect at Splunk for Security Orchestration Automation and Response (SOAR), and security architect for UK Government, where he led the delivery of advanced cybersecurity operations capabilities. He is a previous Research Fellow of Cybersecurity within the Internet of Things and Security Research Centre at the University of Greenwich, and he holds a PhD in Cybersecurity and First-class degree in Computer Systems and Networking from the University of Greenwich.

LinkedIn:
https://www.linkedin.com/in/ryan-h-607627198/

Read lessmore