Protecting Australia’s critical infrastructure with AI
By Darktrace director of enterprise security APJ, Tony Jarvis.
In December 2015, an unprecedented cyber-attack against a power grid left nearly a quarter of a million people without electricity for hours in Ukraine. And though this incident occurred overseas, Australia is not immune to threats against critical infrastructure. This November, almost 3 million homes lost power when a major Australian energy network was hit by a cyber-attack.
In recent years, Australia's energy sector has faced a 10-hour distributed denial of service (DDoS) attack against a state-owned energy provider, as well as reports of sophisticated threat actors performing espionage on an energy company to gain information regarding the Australian power line construction.
These threats persist, with Australian PM Scott Morrison detailing that state actors are actively targeting critical infrastructure, including power grids. The Department of Home Affairs affirmed in the Australia Cyber Security Strategy 2020 that around 35% of attacks that year "impacted critical infrastructure providers that deliver essential services including healthcare, education, banking, water, communications, transport and energy."
It's not all bad news for defenders. Sophisticated technologies are already available to provide a practical path forward for securing our critical infrastructure. AI is making breakthroughs in the pursuit to overcome this challenge, ensuring that Australia's move towards more sustainable smart grids and renewable energies is safe from cyber compromise.
The limitations of legislation and government strategies
The Australia Government has advanced critical infrastructure cyber defence initiatives for years now. Parliament passed the Security of Critical Infrastructure Act in 2018. The Australian Energy Sector Cyber Security Framework (AESCSF) was published by the Australian Energy Market Operator (AEMO) in 2019. In 2020 Australia's Department of Home Affairs also released its Australian Cyber Security Strategy.
Australia's legislative efforts are laudable. At the same time, a deep dive into the AESCSF will reveal some of the inherent limitations of even the more recent and informed legislation. First, this strategy aims to "identify and resolve immediate vulnerabilities." This provides a crucial first step, but a focus on immediate vulnerabilities—including previously seen attack vectors and known areas of weakness—leaves organisations unprepared for the full range of novel attacks and unknown vulnerabilities, such as zero-days.
The document also acknowledges the widely discussed cyber skills shortage by noting that the government will work with businesses and universities to grow the "cyber skilled workforce of the future." This aspiration is necessary but not sufficient, as the threats facing Australia's critical infrastructure are ongoing and imminent.
Rather than waiting for a future cyber workforce to be adequately educated, Australia needs to act now.
Sophisticated technologies provide a promising solution
Identifying threats that exploit both known and unknown vulnerabilities, defending against both historical and novel attacks, and closing the cyber skills gap can all be readily achieved with innovations in AI technology.
Darktrace's Self-Learning AI learns the digital 'DNA' of critical infrastructure organisations from scratch, mathematically understanding 'self' for each human, machine, and system within them. This means that it does not need to rely on historically observed attacks and documented vulnerabilities. Rather, by detecting subtle forms of unusual behavior, it can defend against threats that have never been seen before, much like the human immune system, which constantly fights back against novel forms of illness.
AI can also augment the abilities of available security staff, acting as a force multiplier to dramatically mitigate the consequences of the skills gap in advance of the arrival of our expanded future cyber workforce. Darktrace's Cyber AI Analyst has learned by observing the investigations of a team of leading analysts, achieving the ability to automate investigations by combining the flexibility of human intuition with the scalability of AI. This is why analysts and industry leaders repeatedly point toward AI when discussing how to best defend critical infrastructure.
Global Data's senior power analyst Sneha Susan Elias, affirms the crucial role of AI and behavioural analytics for protecting power utilities in Australia. Similarly, Siemens' vice president and global head of industrial cyber and digital security Leo Simonovich, confirms that that "the only way to enable rapid human understanding at the scale and pace needed to discover and stop an attack is using AI" in an article discussing protecting energy firms that was recently posted on the World Economic Forum.
Critical infrastructure cannot overcome these threats alone
Threats against Australia's critical infrastructure are not going away anytime soon. In fact, Iranian threat actors are actively engaging in a campaign of malicious activity against critical infrastructure and other Australian organisations, according to a joint advisory recently authored by the Australian Cyber Security Center alongside US and UK intelligence agencies.
State-sponsored cyber threats like this are often too sophisticated for human security teams to handle alone. When facing these nation-state threats, as well as advanced cybercriminals, Australia's critical infrastructure deserves a technology as sophisticated as Self-Learning AI to protect their sensitive and vital systems.