The Radiflow Security Blog

Using AI for securing critical information infrastructures and systems

By Dr. Yehonatan Kfir, Chief Technology Officer, Radiflow
November 5, 2020

At one of Asia’s largest real estate groups, the management of multiple properties across a global portfolio of commercial buildings, industrial parks and residential estates is the responsibility of estate managers.

Even with the help of building management systems (BMS) to handle everything from access controls and elevators to heating, ventilation and air conditioning systems, overseeing multiple standalone systems is very complicated.

To make it easier of estate managers, we have designed a system which integrates these BMS sub-systems into a seamless one-stop monitoring network. Here, building managers can easily control and view the status of all the critical systems that keep buildings running.

However, beyond ensuring that the systems function reliably, these sites also need to be protected from hackers who can wreak havoc on the properties remotely. This is where AI and automated cybersecurity processes come in.

Smart cyber-security for smart infrastructure

BMS, IACS and SCADA systems play a central role in running everything from industrial machinery to critical services and coordinating the operations of multiple sub-systems. However, system interconnectivity has also increased the risk of cyber attacks.

Take critical infrastructure such as rail networks that run on command, control and communications (C3) systems. Train systems rely on IACS and SCADA to ensure that commuters are shuttled from one place to another safely. Power stations and water processing plants also count on similar control systems to keep the power grid and taps keep running.

To protect lives and national security, we have developed the next generation of automated industrial security monitoring systems that are powered by Artificial Intelligence (AI) and data analytics.

Automatic Detection and monitoring

Like a sentinel on the lookout for malware and ransomware, our systems monitor and analyse every data packet, in real time, for suspicious behaviour and threats.

Our trio of systems work in tandem to ensure the protection of industrial operations:

  • Radiflow’s iSID provides the processing brains for automatic threat detection and monitoring;
  • The iSAP smart collector aggregates and compresses (using a novel algorithm) data traffic from production units, allowing low-bandwidth transfer to a centralised location for analysis by iSID.
  • The iCEN central monitoring and management platform allows handling an array of iSID systems, providing a high-level overview of cyber-risk information for better decision-making.

Installation is easy and seamless – there is no need to teach iSID what to do since its automatic learning function scans the network and establishes the links between the assets and business processes. It is also able to plan and simulate attacks on its own networks – a useful feature which helps to identify and eradicate vulnerabilities.

Speeding up the risk management process

When it comes to risk assessment, the image of cybersecurity experts scrutinising spreadsheets often comes to mind. It is, after all, a complex and time-consuming process that’s prone to human error.

What if we could overcome the limitations of humans with automation and AI? This year, we are proud to launch the Cyber Industrial Automated Risk Analysis (CIARA) system – the first fully automated ROI-driven risk assessment and management platform for industries.

CIARA prioritises the most critical risk factors by analysing thousands of data points for network and sector-specific threats. It then automatically and continuously displays the current overall risk level based on the current threat level and the security controls in place.

By studying the signatures and fingerprints of hundreds of cyber threat types, CIARA automates the process of risk identification by finding the most relevant security threats, based on the protocols, vulnerability, firmware versions, topology and device types used on the industrial network.  

It is also fully compliant with the IEC 62443 standard, and is able to generate a detailed risk assessment report based on the international standard.

By adopting advanced analysis algorithms to automate and manage the entire cybersecurity risk, threats such as drive-by compromises, spear-phishing attempts and public-facing application exploits can be mitigated effectively and easily. This is achieved thanks to CIARA’s use of a matrix of tens of thousands of permutations (that would be impossible for humans to analyse). Within minutes, it is able to produce an accurate risk score and make recommendations for mitigations.

The future of cybersecurity is in AI

As machinery and processes get smarter, it is not enough to simply monitor and keep a lookout for threats today – companies have to do more to protect themselves in an increasingly connected world.

Our next generation of industrial security monitoring systems provide a fully automated suite for assets data collection, data-driven analysis and transparent risk metrics calculation. They are critical in protecting every sector, and may soon become the de facto standard.

CIARA’s business-driven approach to risk analysis allows assessing for and setting different target risk levels per business process/network zone