2024 November End User Challenge Statement
CS03: Incorporating Generative AI into Cybersecurity Incident Management in OT/IoT.
Challenge
Develop a cyber security incident response utility employing GenAI to synthesise the incident details, carry out an impact assessment, offer remediation strategies, and compile a report summary.
Background
Cybercriminals around the world now have access to new AI tools as these become more commercially available. These tools significantly enhance their ability to conduct sophisticated cyber-attacks. The inherent limitations in OT/IoT environments, such as the inability to install agents and security tools, further increase cybersecurity risks.
To adapt to these changing times and upgrade our capabilities, our organisation must also embrace AI to bolster our rapid response to cyber-attacks while meeting global regulatory reporting requirements. The solution we seek should not only reduce response times but also improve the accuracy of incident handling in OT/IoT environments.
Our organisation requires a swift response to any cybersecurity incidents to enhance our capabilities in responding to cyber-attacks and to comply with reporting requirements from regulators worldwide, thereby protecting our Operational Technology (OT)/Internet of Things (IoT) environments globally.
Requirements
The solution should encompass, but not be limited to, the following features:
- The ability to collect information on and conduct analysis of a cybersecurity incident.
- The ability to conduct impact analysis of the cybersecurity incident.
- Utilising AI to summarise the cybersecurity incident and generate user-friendly reports for management and local authorities.
- Ensuring that incident summarisation is conducted swiftly, within the response times mandated by local authorities.
- The ability to identify the point of entry and the path of the cybersecurity incident to pinpoint vulnerabilities within our organisation.
- The ability to provide recommended remediation and guided responses.
Additional Information
The solution could be an end-to-end system or an integration with existing Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), or extended Detection and Response (xDR) platforms.