Comments on QUB Cyber-AI Hub Partnership and Collaboration

By Richard Robinson | May 8th 2023

We are very excited to be part of the collaboration with the QUB Cyber-AI Hub team and Industry Partners working to address many of the rapidly evolving threats and solutions to monitoring and securing OT & ICS systems and critical infrastructure.

The evolving application and use of AI in this space is of critical importance and focus to us through this partnership. As if the “IT/OT Convergence” and “Industry 4.0+” projects aren’t creating enough challenges and misinformation in the market, AI is now also posing an equally challenging set of problems, where there is NO shortage of misunderstanding and intentional mismarketing happening.  

Specifically, in AI, is the purported use of Generative AI for OT and ICS environments. Generative AI (which is the current marketing rage) uses deep learning techniques to generate new data that is similar to the input data it has been trained on. Generative AI is not well-suited for industrial control systems (ICS), time series analysis, and machine-to-machine (M2M) communications due to the complexity and variability of ICS communication protocols, which can make it challenging for generative AI algorithms to accurately predict future events or identify anomalies.

For example, ICS protocols such as the Distributed Network Protocol version 3 (DNP3) are commonly used in ICS applications for monitoring and control of electrical power systems. DNP3 uses a time-stamped sequence of events (SOE) to record events in the system, such as the opening and closing of circuit breakers or the activation of alarms. These events can be highly variable in their timing and frequency, which make it challenging for generative AI algorithms to accurately predict future events or identify anomalies in the system making this technology un-suited for industrial control systems (ICS) and machine-to-machine (M2M) communications. This is due to a litany of reasons not limited to, the lack of control over generated data, limited ability to handle complex data, and lack of interpretability.

DNP3 is a widely used protocol in the utility and energy sectors for communicating between remote terminal units (RTUs), intelligent electronic devices (IEDs), and master stations. It provides a standardized way for devices to communicate with each other and exchange data. However, the data exchanged in these systems is often critical and requires HIGH levels of accuracy and reliability.

Again, generative AI, on the other hand, generates data that is similar to the training data, but there is no guarantee that the output will be accurate or reliable (this is very bad!).

Furthermore, the DNP3 Protocol is designed to handle complex data types, such as analog values, status points, and counters. Generative AI algorithms struggle to handle this level of complexity, as they are designed to generate simple patterns or sequences. In addition, the DNP3 Protocol provides strict rules for data transmission and validation, which may not be compatible with the output of generative AI algorithms.

The lack of interpretability of generative AI algorithms is a significant drawback in ICS and OT applications. In the case of the DNP3 Protocol (there are many others), operators need to understand why certain decisions are being made, such as why a certain RTU is sending out a specific alarm or why an IED is taking a particular action. Generative AI algorithms lack transparency, and operators cannot easily understand how the algorithms are making these decisions.

Addressing these types of challenges is why we are thrilled to be partnering with QUB and its Cyber-AI Hub.

Also, if a marketing person tells you they are using Generative AI for their ICS & OT security platform, at a minimum ask questions, get examples and be critical or maybe just run.

Subscribe to Newsletter