![susi-blogbeitrag-visual-alan](https://its-owl.de/wp-content/uploads/2024/11/susi-blogbeitrag-visual-alan-1140x533.jpg)
Automating threat analyses in the industrial sector with GenAI
At a time when the digitalization and networking of industrial systems is advancing rapidly, more and more security risks are emerging that can become critical to a company’s existence. Cyber security is therefore becoming increasingly relevant. Generative artificial intelligence (GenAI) offers new approaches to make the previously very complex security analyses more efficient. The use of large language models (LLMs) is particularly promising for this purpose. The AI & digitalization consultancy Comma Soft has developed ‘Alan’, a GenAI solution based on a modern large language model. In the ‘Software-based Support for System Security (SUSI)’ project, it is working with other consortium partners, including component manufacturer Weidmüller, to investigate how such language models can be used to automate and optimize the threat analysis of industrial components and systems.
Challenges at Weidmüller: Manual processes and lack of experts
Like many companies in the industrial sector, Weidmüller is faced with the challenge that manual threat analyses are not only time-consuming, but also heavily dependent on the availability of qualified specialists. A threat analysis is a systematic process for identifying, evaluating and prioritizing potential security risks in a system or plant. Performing these analyses manually is resource-intensive and cannot be guaranteed with sufficient frequency given the current availability of experts. In particular, frequent changes and updates in industrial plants lead to a constantly increasing number of necessary analyses, which further exacerbates the problem.
More efficiency through GenAI and automation
The SUSI project is therefore researching a GenAI-based solution that will assist in the threat analysis process with the help of a software tool. By integrating a language model via an API and using Retrieval Augmented Generation (RAG), which allows subject-specific sources to be consulted, the process can be partially automated. The tool primarily takes over routine tasks in order to relieve the experts and make the analysis process more efficient. Security expertise is also incorporated into the language model for this purpose.
What is Retrieval Augmented Generation (RAG)?
Retrieval Augmented Generation is an AI technique that combines text generation with the search for external information. The model searches for relevant data in real time and uses it to provide more precise answers. In this way, it can not only access stored knowledge, but also incorporate current information.
In practice: language model in action
In the practical application, a language model should analyze the data of an industrial component and automatically generate a report on potential threats. The input for the language model consists of component descriptions and external information from public databases on threats and vulnerabilities, while the output comprises a list of possible threats and suggested countermeasures. By using RAG, extensive knowledge from the literature on threats and product contexts is incorporated to provide accurate and relevant results. By linking knowledge and application context, well-founded recommendations can be made.
Fewer security risks now and in the future
With the GenAI-based software solution envisaged in SUSI, companies can meet the growing security requirements as formulated in IEC62443, one of the most important standards for IT security in the industrial sector, and the EU Cyber Resilience Act. The ability of GenAI-based solutions to integrate current information, react dynamically to new threats and take continuous updates into account makes them a central building block for industrial security. By automating threat analysis with the help of GenAI-based solutions, companies are setting new standards in the efficiency and effectiveness of security assessments
.
Dr. Henrik Haeger of Comma Soft
“By automating threat analysis with the help of GenAI-based solutions, companies are setting new standards in the efficiency and effectiveness of security assessments,” says Dr. Henrik Haeger of Comma Soft. LLM-based automation is a promising example for the entire industry, showing how GenAI can contribute to positive developments in the security sector.