Zero-trust, AI and other new tools nose into cybersecurity

Paralleling digitalization and AI’s emergence in other fields, cybersecurity developers are quickly experimenting and adapting similar tools to meet their needs. These include zero-trust, AI-enabled surveillance and others that can benefit from IT-OT convergence, according to Eric Medecke, IT/OT solutions director at E Tech Group, which is (etechgroup.com) a system integrator in West Chester Township, Ohio, and certified member of the Control System Integrators Association.

“Traditional perimeter-based security is being replaced by zero-trust architectures, which are never-trust-always-verify models tailored for operations technology (OT). This includes micro-segmentation and robust identity and access management for industrial systems,” says Medecke. “As operational systems become more connected, IT/OT security teams and toolsets are merging to better monitor and protect the broader attack surface across both domains.

“Likewise, growth in secure gateways and zero-trust access are being prompted by the growing demand for remote operations and access to industrial assets, especially for maintenance and configuration. Plus, machine learning (ML)-based threat detection is increasingly being deployed to model normal behavior in order to spot deviations that might signal attacks or safety hazards.”

Impact of recent history

Medecke reports many cybersecurity efforts are fueled by recent geopolitical crises, such as regional wars and lingering shifts from COVID-19, especially persistent workforce shortages. These and other events continue to drive demand for remote operations, automated tools and managed services, and reshape how industries secure their critical infrastructures, emphasizing resilience and proactive defenses. The pandemic fueled digitalization of many operations, including adoption of cloud-computing, remote monitoring and automated orchestration, but the downside was expanded cyber-attack surfaces, and the need for increased focus on securing these new pathways.

“The wars in Ukraine and the Gaza Strip heightened awareness of cyber-threats to power grids, water systems, and manufacturing elsewhere. There’s also been a sharp increase in nation-state-influenced attacks on industrial systems, prompting more stringent network segmentation and monitoring,” explains Medecke. “In response to these elevated geopolitical cyber-risks, infrastructure operators and regional governments are exchanging threat intelligence more proactively, especially regarding malware tactics targeting OT. Operators are also investing more in contingency planning, backup systems, resilience and redundancy measures, and emergency response simulations to ensure continuity despite cyber-attacks.”

End-user experiences and advice

In conjunction with its usual system integration services, Medecke reports that E Tech has collaborated with multiple clients on their cybersecurity initiatives and programs.

For example, a large pharmaceutical company operating multiple, global manufacturing sites unintentionally expanded remote access during COVID-19, and subsequently discovered multiple virtual private networks (VPN) with weak authentication and flat network architecture. E Tech helped it implement zero-trust gateways, enforce multi-factor authentication (MFA), separate and segment its OT network from IT, and conduct tabletop exercises to validate incident response plans.

Likewise, a global machine builder needed to balance cybersecurity with useability on the automated lines it installs worldwide because its customers wanted convenient remote monitoring, but this could expose its machine controls to significant risks. To resolve this dilemma, E Tech worked with the machine builder to deploy secure remote access via provider-managed gateways, with session logging and strict access policies. They also standardized hardened configurations for equipment before installation.

Lastly, a system integrator for water utilities had field sites with legacy PLCs and HMIs with default configurations, unsegmented networks, and remote updates performed via USB drives or poorly secured remote links. It and E Tech paired air-gapping practices with data diodes for safe data extraction, and deployed OT-specific, anomaly-detection tools to flag suspicious behavior.

“The pharmaceutical manufacturer reported gaining better visibility and control over its systems. It even improved remote diagnostics once unnecessary routes were removed,” explains Medecke. “Securing systems upfront meant the machine builder’s clients had control without compromising safety, and support became smoother with clean baselines. And, the water systems integrator found that even simple tweaks like blocking auto-runs on USB devices or forcing configuration backups prevented potential breaches.”

Get your subscription to Control's tri-weekly newsletter.

Baked-in, automated, AI-aided future

Going forward, Medecke reports that cybersecurity will be increasingly integrated into devices and networks ahead of time, and these protections will be accelerated by AI, ML and other types of automation.

“The never-trust-always-verify ethos of zero-trust cybersecurity will be the default, and will be applied deeply in OT down to the device level. Likewise, role-based, identity-aware controls will be baked into every connection, not just at the perimeter,” says Medecke. “Users can also expect more micro-segmentation with automated policy enforcement, and integration of OT-specific, cyber-threat intelligence.”

Medecke reports that real-time feeds tailored to industrial protocols and equipment will become standard, and new cyber-threat intelligence will be correlated directly with asset inventories to flag risks the moment a vulnerability surfaces. Similarly, AI-driven anomaly detection will be enabled by ML that will baseline every asset’s normal behavior such as traffic patterns, PLC logic, and sensor and process data, and production systems will auto-generate alerts, and even initiate containment without waiting for human reviews. AI will contribute by distinguishing malicious activity from normal process variations.

“Unified monitoring dashboards will combine IT and OT events in one place for stronger, converged security programs. Coordinated incident response between IT and plant operations will become the norm, and security policies will be written to account for both sides from the start,” explains Medecke. “On the supplier side, more OEMs will ship secure-by-design PLCs, HMIs and sensors with built-in encryption, authentication and hardened firmware. Plus, firmware signing and secure-boot up procedures will be standard, making tampering harder.”

Finally, more facilities and companies will outsource continuous monitoring and other cybersecurity services to managed security service provider (MSSP) or security operations centers (SoC) with OT expertise. This will be especially crucial for smaller organizations and users without in-house, 24/7 coverage.

“As more control data moves to the cloud for analytics, expect robust encryption, tokenized access, and one-way transfer devices. Edge gateways will act as security enforcement points, filtering and inspecting data before it leaves the facility,” adds Medecke. “This will be increasingly essential as compliance frameworks and standards, such as CMMC, IEC 62443 and NIST 800-82. drive adoption of certain controls. In addition, cybersecurity-related, business insurance policies will increasingly require proof of segmentation, MFA, monitoring and pretested recovery plans.”