“AI is not an Autopilot for Cybersecurity”

Jochen Wargulski: The boundaries between information technology and operational technology are becoming increasingly blurred. Office systems, control systems, control centers, network control, sensor technology, remote maintenance, and smart metering systems are now much more closely interconnected than they used to be. This interconnectivity continues to grow as a result of digitalization, remote access, and real-time data. While this brings several operational advantages, it also increases security requirements. Many utilities operate legacy infrastructures that were not originally designed for this level of interconnectivity.

Marcus Bergsträßer: Companies today must take a more comprehensive view of cyber risks than they did a few years ago. It is no longer just about protecting individual systems, but about IT and OT, service providers, supply chains, and crisis and emergency response processes. This is especially true for municipal utilities, as they are responsible for providing essential public services. With NIS2 and the KRITIS umbrella law, greater emphasis is being placed on detection capabilities, responsiveness, crisis management, and traceability. At the same time, management’s responsibility to actively manage cyber risks and comply with regulatory requirements in a transparent manner is increasing. Cybersecurity is thus becoming an integral part of corporate governance.

Jochen Wargulski: The threat landscape is evolving very rapidly. It ranges from opportunistic “script kiddies” using automated tools to organized cybercriminals and state-sponsored groups with long-term objectives. Particularly challenging are attacks in which legitimate system tools are misused, making the activities appear inconspicuous. Traditional defenses alone fall short in such cases. In practice, while companies collect a lot of data, they cannot always reliably filter out and interpret security-relevant signals. It is crucial to understand the normal state of an environment and to detect deviations in a timely manner. This is particularly challenging in OT environments.

Marcus Bergsträßer: On top of that, vulnerabilities often arise at interfaces – whether technical, organizational, or external. Complex service provider and supply chain structures make security management more difficult because third-party providers must also be taken into account. Security must therefore not be viewed as an isolated technical issue. Responsibility does not end at the company’s boundaries.

Jochen Wargulski: AI does not replace security teams or a security strategy. Nor is it an “autopilot” for cybersecurity. However, AI-powered monitoring can help identify correlations more quickly, especially where traditional methods reach their limits. In OT environments, communication patterns are often stable. A control system communicates with known systems, and sensors provide defined data. If a new connection to an external target suddenly appears or a system becomes active at night, this must be noticed. But an alarm alone is not enough. Security teams need context: Which systems are affected? How should the incident be classified? How urgent is the response? How should the incident be classified? How urgent is the response? Gaining this insight can help detect, prevent and contain potential attacks earlier.

Marcus Bergsträßer: It all starts with transparency. Companies need to know which systems, interfaces, and critical processes exist. Only then can risks be prioritized effectively. Building on that, there needs to be clear lines of responsibility, modern monitoring strategies, defined escalation procedures, and regular crisis drills. One example is new digital measurement and control systems: Every additional interface provides benefits, but it also increases the need to keep track of dependencies and risks. Cyber resilience arises from the interplay of technology, processes, and organization. No company can prevent every attack. What matters most is remaining capable of taking action even in the event of a disruption and being able to reliably maintain operations.