The constantly increasing cybersecurity threats in critical infrastructure stress the need for the adoption of new techniques capable to provide the next generation of cyber security. Future cyber security systems should continually learn and improve, adopting their mechanisms to new information covering new cyber-threats, providing protection even to zero-day attacks. The integration of AI allows cybersecurity systems to learn iteratively from new experiences and, eventually, act dynamically to new cyber threats. In the rise of these new cyber-threats, critical infrastructure (CI) is a domain that requires special attention from cybersecurity experts.
There are different CI sectors whose assets, systems, and networks are considered so vital to the community that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. System administrators in CI must face multiple tasks while they are overwhelmed by a great volume of data, such as network traffic, assets monitoring, firewall setup, etc. On top of that, the training process for new system administrators is a time and resource-consuming process creating a skill shortage in the domain. Therefore, there is a need for the integration of AI aspects into CI cybersecurity.
The integration of AI methods into the cybersecurity domain can increase the accuracy in the detection of true positive instances reducing the load of incidents the security managers receive, allowing them to focus on strategic aspects of cybersecurity. The integration of AI will enable superior predictive intelligence by looking at behavioural patterns, system administrators can recognize the difference between normal and suspicious traffic. Overall, AI will automate a series of processes, such as threat detection, increasing the level of cybersecurity and accelerating the transition of CI to the new era of cybersecurity.
The steps that have to be followed to offer the new generation cybersecurity include training the AI algorithms right data, testing the algorithms for bias, and ensuring the robustness of the system. Because AI algorithms usually follow a data-driven approach, they require multiple data sets for their training phase, meaning that it requires many distinct sets of malware codes, non-malicious codes, and anomalies. Acquiring all of these data sets is time-intensive and requires investments that most organizations cannot afford. In the context of SPEAR, new datasets that emulate the different type of cyber-attacks have been created, novel AI algorithms have been trained, and the execution of the different pilots ensure the robustness of the system.