Originally Posted Here

Utilitydive

Canada’s pipeline hack was a warning. Here’s why we need AI to protect our energy infrastructure

Artificial intelligence can keep atop of cybersecurity maintenance by providing real-time, autonomous protection against the likes of zero-day threats, which exploit bugs or access in software.

In April, hackers successfully breached the networks of a Canadian gas pipeline. Once in, they were able to increase valve pressure, disable alarms, and make emergency shutdowns. An attack at this level is unprecedented, but the reality is the energy sector is increasingly exposed to malicious players.

One report already shows that the energy industry is a top target for cyberattacks. Energy is essential to communities, and part of the reason that the sector is so attractive to criminals is that they hold substantial leverage if they compromise networks. In 2015, for example, a hack on a power grid in Ukraine saw a quarter of a million inhabitants lose electricity.

  • In 2022, 10.7% of observed cyberattacks targeted the energy industry.
  • More than 75% of energy companies are vulnerable to ransomware attacks because their account credentials are readily available online.
  • Cyber attacks cost the energy sector $4.72 million per breach on average in 2022.

The risk posed to the energy sector is exacerbated by its infrastructure. Much of the operational and informational technologies responsible for running energy systems haven’t been engineered for today’s digital environment – and this disconnect creates gaps in energy systems that hackers can take advantage of. Moving forward, energy organizations need to update their defensive toolkit to more accurately identify vulnerabilities, detect foul play, and strengthen authentication steps.

It starts with artificial intelligence.

Strengthening the overall energy cybersecurity chain

The energy sector’s defense against hacks is only as impactful as its weakest contributor. All players need to implement smart solutions that construct a collective front and ensure inefficiencies are addressed quickly. With a stronger security net over the entire energy sector, hackers won’t be able to carry out attacks on a large scale and therefore lose a lot of their leverage.

Using AI, energy companies can detect and monitor threats in their operating technologies. Insights can also be shared across companies, helping educate organizations about emerging attacks and how to thwart them. AI can also process the huge swaths of data that energy companies have and generate valuable outcomes for cybersecurity. For example, data around system usage, historical performance, and behavioral trends could suggest when an attack would happen and at what localized point of the network. Machine learning algorithms can equally be trained to recognize patterns and anomalies in data, and in response, can alert an operator or even automatically shut down designated system components.

As AI becomes more affordable and versatile, energy companies of all sizes can apply and scale it within their business. And, with more players integrating AI, takeaways around cybersecurity will be more informed and more effective as a protective measure.

Automated AI for the highest level of protection

Automation is at the core of good cybersecurity. Energy companies need to know that they have high-quality defenses in place on a continuous basis. Rather than spend large amounts of time on manual reviews, AI can keep atop of cybersecurity maintenance by providing real-time, autonomous protection against the likes of zero-day threats (which exploit bugs or access in software).