We live in uncertain times.

When we consider the “known unknowns” – like war, financial crises, and of course, cyber disruptions – as events that we can conceive, the likelihood and severity of them remain shrouded in uncertainty. The realm of cybersecurity, like many aspects of our interconnected world, is characterised by a constant dance with that unknown.

Take the CrowdStrike incident that happened in July, for example. An unexpected flaw in its own software was responsible for taking down systems all over the globe, with critical infrastructure hit the hardest. From airports and hospitals to utilities and data centres, the event underscored how devastating a single, unexpected incident can be to global operations.

Critical infrastructure is the lifeblood of modern Australian society, and it now sits at a particularly vulnerable juncture. The Australian Cyber and Infrastructure Security Centre (CISC) recently designated 46 additional critical infrastructure assets as Systems of National Significance. This means there are now over 200 assets across the energy, communications, transport, financial services and markets, food and grocery and data storage or processing sectors which come under the purview of enhanced cyber security obligations to better strengthen national security. Beyond the assets covered within CISC, there are potentially hundreds or thousands of other connected physical assets within these environments that are leveraged for day-to-day operations.

The growing complexity in the IT, IoT and OT environments in this sector mean attack surfaces are expanding rapidly, serving as entry points for cybercriminals to target core systems of energy, water, transportation, and healthcare and create widespread disruptions. Prioritising the resilience of the nation’s critical systems, through proactive and strategic cybersecurity measures, is crucial to protect against increasingly sophisticated threats.

Understanding the dilemma

Aside from the never-ending string of cyberattacks, the sector is grappling with a deluge of challenges. These challenges often lead to attacks that could have been prevented.

Many critical infrastructure organisations are still encumbered by legacy technology, unpatched bugs and badly configured internet connections, resulting in bad actors being able to attack decades-old vulnerabilities. The prevalence of AI has made this even easier, supercharging cyberwarfare to the point where 60% say that their organisation has stalled or stopped digital transformation projects from the threat of cyberwarfare. Without those digital upgrades, organisations only become more vulnerable.

This challenge is only heightened by the unprecedented volume of data that could now be at a greater risk. It must remain secure. After all, data is the lifeblood of modern business and, when it comes to cybersecurity, many already find it overwhelming to analyse and process information, with some using up to eight different sources to collect data relating to threat intelligence. The sheer volume makes it nearly impossible to identify anomalies or potential threats without advanced tools.

Moreover, these threats can come from anywhere. From North Korean hackers targeting critical infrastructure for military gain to 17-year-olds hacking to access customer data. The frequent breaches we witness are often avoidable, but in the chaos of cyberwarfare, prioritising resources remains a complex challenge for many. If proactive action is not taken, more critical organisations will regrettably fall victim.

Using AI to uncover the unknown

AI-powered threat intelligence provides the proactive edge needed to safeguard this sector, transforming the way threats are detected and mitigated before they escalate into full-blown crises.

Cybersecurity must function like a network of strategic defence layers – starting with the fundamentals, like applying the latest updates or enforcing multi-factor authentication (MFA) – while also constantly scanning for entry points and vulnerabilities. Rather than waiting for breaches to happen, AI offers the capability to identify and neutralise threats before they can exploit weaknesses in the system. With predictive AI models, the security teams can flip the narrative, turning the tables on cybercriminals and moving from reactive measures to a proactive defence strategy.

Through a blend of AI and machine learning (ML), organisations can deploy predictive technologies that scour both surface and dark web spaces for indicators of impending attacks. These systems provide real-time situational awareness by making the “unknown known” through AI-driven intelligence to monitor threat actors’ chatter and methods.

AI-powered systems not only detect threats but also serve as precision tools for threat hunting through advanced solutions such as Natural Language Processing (NLP). Predictive AI can tailor ‘honeypots’ to the specific attack surfaces of the sector, turning potential hotspots into traps for bad actors. These honeypots enable security teams to observe malicious behaviour without risking the integrity of core operations, effectively turning the attacker’s own tactics against them.

But detecting threats is just the first step. AI also plays a vital role in vulnerability management, mapping the entire landscape of a network to reveal every entry point and potential blind spot. From there, AI-powered threat prioritisation helps infrastructure teams focus their efforts on the most dangerous vulnerabilities first by predicting which threats are most likely to be exploited. This proactive defence mechanism helps reduce unnecessary alerts and manual processes of sifting through different data sources, while making sure that resources are allocated to the most urgent risks.

What the future holds

Cybercriminals are becoming more creative, and AI is a powerful tool that can be leveraged to outpace them. By embedding AI into the fabric of cybersecurity defences, critical infrastructure can become as resilient as the essential services it provides. Bad actors are embracing the use of AI, so it’s about time we do the same to mitigate the threat.

The digital safety of critical infrastructure depends on anticipating the next move, not just responding to it. By adopting AI-powered threat intelligence, we can move from reactive to proactive cyber defences, keeping operations secure and resilient. This simply ensures that the “known unknowns” – those unpredictable yet inevitable threats that can cripple essential services – don’t become catastrophic realities.