This post was originally published on Automation.com.
As organizations around the globe rapidly adopt AI, it is becoming clear that this transformation brings both significant opportunities and serious risks. In the latest McKinsey Global Survey on AI, 65% of participants said their companies regularly used AI, a dramatic increase in a very short period. This growing reliance on AI is transforming industries, especially in operational technology (OT) sectors like manufacturing and energy, where AI is a critical driver for efficiency and automation. However, it is also becoming a powerful tool for cybercriminals, raising the stakes for OT security.
While 74% of OT attacks originate from IT, with ransomware being the top concern, AI is accelerating the sophistication, scalability and speed of these threats. The ability to leverage AI for attacks has drastically reduced the time required for cybercriminals to develop and deploy sophisticated ransomware. What once took 12 hours now takes as little as 15 minutes with AI’s support.
Take, for instance, the recent Black Basta ransomware attack that inflicted $17 million in damages on a printed circuit board manufacturer. The attackers infiltrated the organization within 30 minutes via a phishing email. Within the next 90 minutes, they had escalated privileges, mapped the network and established communication with their command and control server. In just under 14 hours, they had launched a full-scale ransomware attack, exfiltrating terabytes of data and even generating multiple customized ransomware versions, all while the organization’s defenses were at rest.
With advancements in AI and large language models for faster data preparation and streamlined malware development, such attacks could see their timelines slashed even further, potentially taking as little as three hours from start to finish. This acceleration of attack speed and complexity underscores the need for OT leaders to adopt AI-driven defenses to counter these growing threats effectively and secure their AI-enabled systems.
AI: A Dual Force in OT Security
As OT environments face accelerated, AI-powered threats, AI is also transforming operations across industries, driving smarter workflows, heightened efficiency and even new revenue opportunities. By leveraging smarter technologies like AI for predictive maintenance, organizations can unlock greater value and optimize their processes more effectively. However, these advancements come with an urgent need for OT organizations to connect previously isolated assets to IT and cloud networks, expanding their attack surface and introducing new vulnerabilities.
At the same time, AI’s capabilities are being exploited by cyber adversaries to execute faster, more sophisticated and highly scalable attacks. The Palo Alto Networks and ABI Research survey highlights these risks, with 74% of OT leaders identifying AI-driven attacks as a primary concern and 80% viewing AI as essential to defending against them. This dual role of AI calls for a strategic approach: OT security leaders must harness AI-driven defenses to counteract the same technology empowering attackers. As cyber threats continuously evolve, AI-enabled security operations will be crucial to detecting and mitigating threats in real time, ensuring that this powerful technology remains an asset rather than a liability in the evolving OT security landscape.
Escalating Threats to OT Systems
The rise of digital transformation has driven OT environments to connect with IT networks, which increases productivity but also broadens the attack surface. Cybercriminals have taken advantage of this convergence, using sophisticated techniques, often aided by AI, to infiltrate OT systems. Unlike IT systems, OT environments are responsible for critical infrastructure and operations, making them high-value targets with potentially severe consequences.
Diverging IT and OT Security Challenges
In IT environments, cyber threats are addressed with more mature tools and frameworks that detect and respond to digital attacks. OT environments, however, face unique challenges. Many organizations are cautious about incorporating AI into OT security due to concerns about effectively managing AI-driven risks while maintaining strict priorities around uptime and safety. Traditional OT systems are designed with stability and continuous operation in mind, making them less adaptable to installing cybersecurity tools and more focused on avoiding disruptions that could impact safety or production continuity. Additionally, a lack of specialized OT security tools that can integrate with AI further complicates proactive defense measures.
Ensuring that OT security leaders can implement AI technologies confidently and effectively will be essential to bridging this gap. Organizations must focus on enhancing controls and clarifying risks around AI use to fully realize AI's benefits in OT security.
AI as Both Opportunity and Threat
While AI accelerates the sophistication of OT attacks, it also presents a significant opportunity for defense. For instance, AI can enhance anomaly detection and support real-time threat analysis by processing vast amounts of OT data, enabling teams to spot and respond to potential threats faster. However, AI-driven attacks, such as ransomware, increasingly exploit vulnerabilities in OT systems, reducing the time between compromise and damage. As cybercriminals continue to refine these methods, OT leaders must adapt defensive strategies that incorporate AI-driven tools specifically designed to handle the complex requirements of OT security.
Building Resilience Through a Balanced AI Strategy
To manage AI's dual role in OT environments, organizations need a balanced approach that includes rigorous risk assessment and clear governance protocols for deploying AI. Security strategies should prioritize tools developed with a deep understanding of OT-specific risks and challenges, offering enhanced visibility, continuous monitoring and a holistic defense approach that avoids disruptions to critical processes. By incorporating AI within well-defined boundaries and controls, OT leaders can improve their security posture, strengthening defenses against sophisticated AI-driven attacks while effectively managing the evolving risks associated with digital transformation.