Adopting AI to Protect Industrial Control Systems: Assessing Challenges and Opportunities from the Operators’ Perspective

Industrial control systems (ICS) manage critical physical processes such as electric distribution and water treatment. Attackers infiltrate ICS and manipulate these critical processes, causing damage and harm. AI-based approaches can detect such attacks and raise alarms for operators, but they are not commonly used in practice and it is unclear why. In this work, we directly asked practitioners about current practices for alarms in ICS and their perspectives on adopting AI to support these practices. We conducted 18 semi-structured interviews with practitioners who work on protecting ICS, through which we identified tasks commonly performed for alarms such as raising alarms when anomalies are detected, coordinating operator response to alarms, and analyzing data to improve alarm rule sets. We found that practitioners often struggle with tasks beyond anomaly detection, such as alarm diagnosis, and we propose designing AI-based tools to support these tasks. We also identified barriers to adopting AI in ICS (e.g., limited data collection, low trust in vendor technology) and recommend ways to make AI-based tools more effective and trusted by practitioners, such as demonstrating model transparency through interactive pilot projects.