Symantec unveils AI-based protection for critical infrastructure

Symantec’s Industrial Control System Protection (ICSP) Neural is a neural network-integrated USB storage scanning station aimed at protecting critical national infrastructure (CNI).

The platform, which is scheduled to be available from early 2019, is designed to prevent physical consequences of cyber attacks on operational technology (OT) by ensuring that air-gapped systems are not infected by the USB flash drives used to update them.

OT is mission-critical in industries such as energy, oil and gas, manufacturing, and transportation. But according to Symantec, legacy systems are often outdated and nearly impossible to secure with traditional endpoint security, with companies typically relying on USB devices to update these systems, thereby increasing the potential for malware infection and targeted attacks.

The best-known example of this is the Stuxnet worm, which used USB-borne malware to manipulate centrifuges in Iranian nuclear plants to sabotage a key part of the country’s nuclear programme.

Adding to the risk of cyber attacks that could cause physical damage and threaten personal safety is the fact that many industrial control systems used for critical infrastructure often run on outdated operating systems, leaving them vulnerable to both known and unknown threats.

According to a report by risk management firm Marsh, 76% of energy executives polled cited business interruption as the most impactful cyber loss scenario for their organisations.

To address this growing issue, Symantec says its new ICSP Neural platform uses artificial intelligence to prevent known and unknown attacks on internet connected devices (IoT) and OT environments by detecting and providing protection against malware on USB devices.

According to Symantec, existing ICSP deployments have shown that up to 50% of scanned USB devices are infected with malware.

“USB devices are given away at events, shared between co-workers, and reused again and again for business and personal use, introducing the risk of accidental or malicious infection,” said Patrick Gardner, senior vice-president, advanced threat protection and email security, at Symantec.

“The impact of connecting an infected device to a critical system can be devastating, but behind the scenes, ICSP Neural will retrofit existing infrastructure with a central nervous system to provide protection for critical infrastructure by highlighting potential threats.”

Gardner said simplifying the scanning process is critical to overall security hygiene, as operational technology environments are often in remote areas or field operations, far removed from an organisation’s IT teams.

“As such, the ICSP Neural scanning process is simple, requiring no specific security or IT training,” he said. “Once connected, ICSP Neural emits visualisations and real-time signals through the LED light ring that indicate when malware has been detected and sanitised.”

The Symantec-designed neural engine uses the company’s threat intelligence network to increase detection efficacy by up to 15%, it claims.

The platform is also designed to detect adversarial machine learning attempts and initiates self-learning to provide protection against unknown threats.

The neural engine enables “high-intensity detection” with “near-zero false positives” as low as one-hundredth of a percent, based on internal tests of malware samples in the field, said Symantec.

The security risks associated with the increasing number of internet-connected devices that are being put into homes and businesses was highlighted in the CNI track of the recent International Security Expo 2018 in London.  

“We are becoming more interconnected as individuals and businesses, and we are putting millions of devices onto the internet in an insecure manner, some of which are making it into our networks and are connected to our critical infrastructure,” said Mike Gillespie, managing director and co-founder of security consultancy Advent IM.