AI-Powered Cyber Threats: Protecting Your Critical Infrastructure

In an era where artificial intelligence dominates headlines, its impact extends far beyond futuristic applications into the realm of cyber warfare, profoundly reshaping the threat landscape for critical infrastructure. Recently, I hosted a webinar exploring how AI amplifies cyber risks, making attackers more effective and critical assets more vulnerable. The core message? While AI may not introduce entirely new vulnerabilities in the short term, it significantly enhances the efficiency and reach of existing, identity-related attack methods.

The Uncomfortable Truth: CISA’s Findings

My discussion began with the sobering facts from the CISA FY23 Risk and Vulnerability Assessment. CISA’s analysis of successful attacks on critical infrastructure revealed a stark reality:

• 42% exploited valid accounts.
• 26% originated from spearphishing.
• 10% succeeded via brute force attempts.

When combined, these figures demonstrate that a staggering 80% of successful attacks on critical infrastructure leveraged user authentication and identity weaknesses. This highlights a crucial insight: if you’re spending less than 80% of your cybersecurity efforts on identity and access management, you might be misallocating resources. Hardening firewalls and physical security are important, but ignoring the primary ingress method leaves your organisation dangerously exposed.

AI: The Attacker’s Force Multiplier

AI acts as a powerful magnifier for cybercriminals, transforming “lazy” attackers into effective ones and “dumb” attackers into sufficiently “smart” ones. It democratises advanced attack capabilities, making sophisticated techniques accessible to a broader range of malicious actors.

Here’s how AI is empowering attackers:

• Reduced Cost, Increased Success: AI slashes the time, effort, and money required for attacks.
• Pattern Space Reduction: By analyzing publicly available data, AI can generate highly targeted password patterns, significantly improving the success rate of brute force attacks while reducing the number of attempts needed.
• Simplified Integration: AI can interface with diverse systems using protocols like Model Control Protocol (MCP), allowing attackers to query databases, log servers, and other critical components without deep prior knowledge.
• Enhanced Search Space and Lateral Options: AI identifies connections and common configurations (e.g., Rockwell PLC implies Rockwell PanelView nearby), enabling attackers to quickly map out network topology and identify lateral movement opportunities.
• The Rise of AI Agents: Beyond simple chat interfaces, AI agents represent a paradigm shift from “I ask, it answers” to “I ask, it does.” These autonomous agents can execute complex tasks, removing the human from the attack loop and increasing speed exponentially. Imagine an AI agent, given a simulated environment, autonomously figuring out how to exfiltrate data, as demonstrated in a recent study mimicking the Equifax hack.

This leverage fundamentally shifts the attacker’s return on investment. The more damage or financial gain they can achieve per unit of time and resource, the more motivated they become. The implications extend beyond ransomware to potentially devastating outcomes like crippling critical infrastructure, causing economic damage, or even endangering human lives.

Debunking the “Air Gap” Myth and Embracing Zero Trust

Many in critical infrastructure believe they are protected by an “air gap.” The reality, however, is that true air gaps are virtually non-existent in modern interconnected environments. Cellular antennas, Wi-Fi access points, USB keys, cloud-connected license managers, and remote vendors all create potential vulnerabilities.

The core of the problem often lies in the “identity battleground” within organisations. Shared credentials (e.g., “contractor_one@myco.com”) and unmanaged local accounts become massive security liabilities. These are precisely the weaknesses that account for 80% of successful attacks.

The Solution: Universal Single Sign-On and Zero Trust

This is where a robust defense-in-depth strategy centered on identity becomes indispensable. Agilicus champions universal Single Sign-On (SSO) and Zero Trust as critical components:

• Eliminating Shared Credentials: SSO ensures each individual, whether an employee, partner, or vendor, uses their unique, verified corporate identity for access. This eliminates the widespread sharing of passwords, directly addressing the 42% valid account compromise vector.
• Thwarting Spearphishing: When all logins happen through a consistent, trusted SSO portal, users are less likely to fall for fraudulent login pages. Furthermore, enforcing multi-factor authentication (MFA) with passkeys makes “actor-in-the-middle” attacks, common in spearphishing, vastly more difficult, even if credentials are accidentally compromised.
• Defeating Brute Force: With no shared passwords to guess and all authentication funneled through a single, secure identity provider, brute force attacks become detectable and blockable, rather than being distributed across numerous edge systems.

Zero Trust in Action

Zero Trust operates on three core principles:

1. Who are you? (Identity): Strict verification of every user’s identity.
2. What are you allowed to do? (Fine-grained Access): Granting access only to the specific resources a user needs, and nothing more (e.g., read-only access to HMI2, not blanket network access).
3. How do you get there? (Secure Delivery): Ensuring access pathways are isolated and do not expose broader network segments.

By implementing Zero Trust, you dramatically reduce the impact of a breach, slowing down attackers and providing critical time for detection and response. It’s about being “better than average”—making your organisation a less appealing target, encouraging attackers to move on to easier prey.

The Inevitable Drivers of Change

The need for robust identity and access management is not just a security imperative; it’s driven by fundamental business trends:

• Remote Operations & Complexity: Systems are becoming more interconnected and complex.
• “Sassification”: The shift from capital expenditure to operational expenditure, with more services being “rented” (e.g., software-as-a-service, equipment-as-a-service).
• Big Data & Cloud Adoption: Industrial plants generate vast amounts of data, increasingly processed and stored in the cloud for analytics and optimisation, necessitating secure, interconnected access.

These trends mean your critical infrastructure is no longer an isolated island. It’s part of a global, interconnected ecosystem, making the principles of Zero Trust and unified authentication more relevant than ever.

Conclusion: Act Now

AI is here to stay, and it’s democratising sophisticated attack capabilities, making critical infrastructure a prime target for not just financial gain, but also for reputational damage and geopolitical leverage. While there’s no single “silver bullet,” Zero Trust is a cornerstone of a comprehensive defence-in-depth toolkit, specifically addressing the 80% of successful attacks rooted in identity and credential weaknesses.

Don’t wait to become another statistic. By adopting unified authentication and Zero Trust principles, you can significantly reduce your attack surface, increase your resilience, and ensure your organisation is not the “weakest link.” Agilicus can help make this deployment simple and incremental, often without requiring extensive network changes.