Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda...
Transcript of Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda...
![Page 1: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/1.jpg)
Using AI
for OT Security
InnoTech summit
Ilan Barda
Taiwan, August 2018
![Page 2: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/2.jpg)
© Copyright 2018, Radiflow Ltd.- 2 -
Securing the Operational Networks
![Page 3: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/3.jpg)
© Copyright 2018, Radiflow Ltd.- 3 -
About Radiflow
Empower users to maintain visibility and control of
their operational network in the Industrial IoT era
• Focus on OT Security since 2014
• Tier-1 customers and partners
• Validation by 3rd-party labs
![Page 4: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/4.jpg)
© Copyright 2018, Radiflow Ltd.- 4 -
Recent success-stories
![Page 5: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/5.jpg)
© Copyright 2018, Radiflow Ltd.- 5 -
Security Vulnerabilities in an Industrial Network
Production LAN Production LAN
Control LAN
CompromisedController
Network Malicious Activity
Compromised Control Stations
UnauthorizedAccess
![Page 6: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/6.jpg)
© Copyright 2018, Radiflow Ltd.- 6 -
Attribute IT Systems OT Systems
C- Confidentiality High Most cases - Low
I - Integrity Low-Medium Very High
A - Availability Medium Very High
Authentication Medium to High High
System Lifetime 3-5 years 10-15 Years
Typically Utilized OS Windows/Linux Windows/Linux/Embedded
Security patching Standard/Frequent Strongly Tested/Rare
Differences between IT and OT
![Page 7: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/7.jpg)
© Copyright 2018, Radiflow Ltd.- 7 -
Target – Ease the deployment of OT Security (1)
Assess
ProtectDetect
Respond
![Page 8: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/8.jpg)
© Copyright 2018, Radiflow Ltd.- 8 -
Target – Ease the deployment of OT Security (2)
▪Asset Inventory
▪Risk mapping
▪Anomaly detection
Network Firewalls Smart Probes
Op Center HMI Security Center
![Page 9: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/9.jpg)
© Copyright 2018, Radiflow Ltd.- 9 -
Case study – Securing Renewable power plants
• Site Threat Detection
• Secure remote access
• Integration with SCADA/SIEM
![Page 10: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/10.jpg)
© Copyright 2018, Radiflow Ltd.- 10 -
OT Security Engines
Network
Topology
Operation
Updates*Cyber
Exploits
M2M
Policy
Task
Policy*
Behavior
Anomaly*
* AI
Potential
![Page 11: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/11.jpg)
© Copyright 2018, Radiflow Ltd.- 11 -
What is AI
AI is technology that appears to emulate human analytics
performance by learning, processing complex data and
reaching its own conclusions
![Page 12: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/12.jpg)
© Copyright 2018, Radiflow Ltd.- 12 -
AI Machine Learning Overview
Source: CFML
![Page 13: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/13.jpg)
© Copyright 2018, Radiflow Ltd.- 13 -
Status of AI today
Source: XKCD
The challenge for using AI in
Security systems is not around
the algorithms implementation
but rather about applying them
with a high degree of confidence
![Page 14: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/14.jpg)
© Copyright 2018, Radiflow Ltd.- 14 -
AI in OT Security – Issues to consider
• Value of AI for Industrial Networks
• Explaining the AI results
• Industrial Data for training AI Engines
![Page 15: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/15.jpg)
© Copyright 2018, Radiflow Ltd.- 15 -
Use-cases for AI in OT Security
• M2M sessions
– OT Assets
• Well-defined behavior → Rule-based Policy monitoring
• Many vendors, Types & Protocols → AI for modeling
– OT Processes – Many variations → AI for modeling?
• Multiple sources of information – Sensors, Network, Servers
• Process Anomaly alarms should be explainable
• H2M sessions
– Restricted access → Rule-based task monitoring
– Malicious actors → AI for Behavioral analysis?
– Firmware & Logic updates → AI for impact analysis?
![Page 16: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/16.jpg)
© Copyright 2018, Radiflow Ltd.- 16 -
Status of AI Explainability
Source: DARPA
![Page 17: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/17.jpg)
© Copyright 2018, Radiflow Ltd.- 17 -
XAI model
Source: DARPA
![Page 18: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/18.jpg)
© Copyright 2018, Radiflow Ltd.- 18 -
Training Data for ML
• Effective ML algorithms require high amount of training data
• Such data is not easily-available for OT networks
– Collecting such data requires the customer approval
– Structuring the data requires the operator support
![Page 19: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/19.jpg)
© Copyright 2018, Radiflow Ltd.- 19 -
AI in OT Security – Recommended Roadmap
• Current Use of AI
– Automation – Parse new protocols and new types of devices
• Future Use of AI
– Gather Data for Training AI algorithms
– Decouple explainability from ML models
![Page 20: Using AI for OT Security - 數位時代 · Using AI for OT Security InnoTech summit Ilan Barda Taiwan, August 2018](https://reader030.fdocuments.us/reader030/viewer/2022040613/5f07032f7e708231d41adbe1/html5/thumbnails/20.jpg)
For more details:
www.radiflow.com
THANK YOU