Today, national infrastructure is increasingly interconnected, complex, and dynamic. Yet as more sectors incorporate new connected infrastructures, and make use of the latest technologies, they also face fresh challenges. In particular, cybersecurity is an issue that is at the forefront of the minds of organisations operating critical national infrastructure; the recent attack on Colonial Pipeline has demonstrated that even attacks which are purely financially motivated result in serious collateral damage.
What this attack has made startlingly clear is the capacity for a cyberattack to cripple enormous sections of national infrastructure, cause mass power outages, and even have the potential to cause damage to human life. What’s more, it’s evident that the challenge has gone beyond a human scale problem. Security teams cannot operate at the same machine speed that ransomware does, and organisations urgently need to leverage technologies able to fight back on their behalf.
An evolving threat landscape
This new era of attacks on cyber-physical environments has become a reality faced by energy, utilities, water and other critical services across the globe. In addition, we have entered an era of cyber-threat which is seeing cyber-attackers leveraging vulnerabilities across the supply chain, attacking the ‘soft underbelly’ of organisations to gain remote access to infrastructure.
Attacks against critical national infrastructure may even be nation-state sponsored, such as the SolarWinds campaign, which infiltrated organisations across the world via seemingly legitimate software updates. These kinds of stealthy supply chain attacks have made glaring the vulnerabilities of our increasingly complex and interconnected digital systems and supply chains – and the risks are mounting by the day.
As a result, public services, local and state governments, and private organisations are turning to new ways of approaching the challenge of securing their interconnected networks of industrial infrastructure, equipment, and software. It is no longer an option for government cybersecurity policy and technical strategy to be reactionary when attackers are already employing ransomware to sabotage critical systems. The question is not if, but when, an attack will strike – and the challenge for organisations is how to respond once a threat inevitably does make its way inside.
The recent call by the United States Departments of Energy and Homeland Security for a 100-day cybersecurity sprint to bolster protection for the nation’s power grids is testament to the critical nature of this issue, and the latest in joint efforts between the public and private sectors to secure these critical infrastructures before attackers have the chance to compromise national and economic security.
AI: the saviour of cities
Today, even the most qualified human security teams will be outsmarted and outpaced by lines of code, with attacks capable of disabling several components of a system at once. Likewise, traditional security tools that operate based on historical rules and signatures are innately backwards-looking, and lack the ability to meet the novel, zero-day attacks that may threaten to destabilise a city’s entire infrastructure.
The solution is not to throw more people into the mix; the solution is to deploy technologies that can respond autonomously when humans cannot. AI that learns ‘self’ is uniquely capable of learning an entire smart city’s ‘normal,’ detecting and responding to any and all anomalous activity that appears within the digital environment, and autonomously distinguishing between malicious and benign. AI can seamlessly integrate with the other security tools already employed across the city’s interconnected assets, and act as a ‘brain’ that directs other security tools on how to best respond to breaches.
AI is even able to detect the silent and stealthy attacks that slip under the radar, far before human IT and security teams may have even noticed the breach. Ultimately, AI augments human teams, giving them back time to focus on higher-value tasks – like maintaining the digital architecture of an entire city.
Organisations across the US have already adopted AI technology to protect their complex infrastructure in this new era of cyber threats. After repeated ransomware attacks that bypassed the city’s existing legacy tools, the City of Portland employed Darktrace AI to protect its entire digital ecosystem, including its tools essential to emergency response. The security team has described this AI as invaluable to “securing [its] data everywhere—from employees working remotely, to emergency call centres, to [its] connections with third party networks.”
Portland is not alone in recognising AI as a necessity in protecting all of their environments. The city of Montebello also turned to autonomous response technology after a weekend ransomware attack, which originated from an email that bypassed legacy security tools and spread across the city’s digital infrastructure. This attack left security officials who had just returned from a weekend out of the office scrambling for a solution capable of halting in-progress malware. Once AI was deployed, city officials cited it as a force multiplier, stating that without AI their teams “would not have been able to act fast enough to stop the ransomware…before it even had a chance of encrypting [their] files.”
Learning to fight back
Ultimately, the lesson learned in Portland and Montebello is one that should be heeded by organisations across the globe – that prevention and mitigation are essential for cybersecurity that spans the entirety of a nation’s infrastructure. As interconnected, technologically cyber-physical environments become more of a reality, so do advanced ransomware attacks targeted against them. Autonomous, artificial intelligence-based solutions have proven uniquely capable of increasing visibility across all environments, from cloud systems to industrial IoT, proactively stopping threats before they are able to release malicious software throughout a digital ecosystem.
The future of cyberattacks is here, but so too is the future of cybersecurity in the form of autonomous AI technology. Organisations must evolve their security approaches to incorporate these technologies – fighting back before the damage is done.