Image: Getty Images/iStockphoto

Today, Siemens and industrial AI-firm, SparkCognition, announced a new cybersecurity solution for industrial control system (ICS) endpoints.

DeepArmor Industrial, fortified by Siemens, leverages artificial intelligence (AI) to protect endpoints and other remote operational technology (OT) assets by monitoring and detecting attacks using a range of methods and modeling that can even stop zero-day exploits.

Machine learning (ML) understands what constitutes a threat,” said Leo Simonovich, global head of Industrial Cybersecurity for Siemens. “What we’ve done is … trained the ML models to understand the types of attacks that can happen in the OT environment, which can be quite different [from IT environments].”

While DeepArmor will work in any ICS system, the two companies are focused on the energy sector because it is the number one target of an increasing array of cyberattacks, said Simonovich. According to a joint study conducted by the Ponemon Institute and Siemens that surveyed global energy industry executives, 67% of respondents said industrial control systems are more at risk today from cyberattack than ever before. The study also found that 61% of respondents said their organization’s ICS cyber defenses were not adequate.

SEE: Managing AI and ML in the enterprise 2020 (free PDF) (TechRepublic)

“DeepArmor is designed to fill what we believe to be a widening gap in cybersecurity in the energy industry,” said Sridhar Sudarsan, SparkCognition’s CTO, “…but there is no reason why it won’t work on control systems running in different environments.”

“It’s just where we are starting from a focused approach but it’s not going to end there,” added Simonovich.

Operational assets are particularly vulnerable to cyberattacks because much of the energy industry’s critical infrastructure is old, widely distributed, and geographically isolated, making it difficult to update and secure.

Many ICSs systems and endpoints were designed and deployed long before digitization took hold in the ICS industry. Yet these systems and devices increasingly interface with modern IT systems that can serve as a bridge for attackers to move from IT systems to OT systems. This can leave a company’s operations open to attackers since older OT devices run insecure communications protocols, unsupported OSs like Windows 2000 or XP, and cannot be patched or updated to incorporate modern-day cyber defenses, said Simonovich.

Perhaps the most famous ICS cyber attack occurred in 2010 when the Stuxnet virus caused Iranian uranium-enrichment centrifuges run by Siemens programmable logic controllers to self-destruct.

DeepArmor is vendor-agnostic and will deliver antivirus, threat detection, application control, zero-day attack prevention and “precision defense” to endpoint power generation, oil and gas, and transmission and distribution assets. It relies on agents to monitor endpoints and AI modeling to help cybersecurity teams understand the severity of threats, as well as what impact a particular attack may have on the company’s overall operations. DeepArmor also creates and maintains device and system risk profiles cybersecurity teams can use to gain insight into operation vulnerabilities and potential attack vectors.

Even though there are many vendors already using AI and ML to protect ICSs and endpoints, the companies claim this is the energy industry’s “first solution capable of detecting and protecting remote assets against cyberattacks.”

“Through our extensive work with the energy industry, we’ve seen the pain points and challenges the industry is facing right now,” said Sudarsan, in a statement. “The industry needs security solutions that can both operate autonomously and are designed with the modern industrial environment in mind.”