We will use AI in a defensive manner and therefore see to what extent AI can provide added value in detecting attacks on industrial systems.\n\nIn addition, we will also use explainable AI to provide as much information as possible to end users, so that they do not regard the AI ​​model as a black box. The intention is therefore to provide useful alerts when an attack has been detected so that the end user can use these alerts to solve the actual problem. So we will not only let the end user know that an attack is underway, but also why the AI ​​model thinks an attack is underway and which attack it would most likely be.

The reason why we focus exclusively on industrial security is because - unlike IT security - there are no standard policies yet. This is partly because OT devices use special protocols that are sometimes brand-related and the full functionality of which is not always fully disclosed by the manufacturer. Over time, however, these devices were increasingly connected to the internet, making them publicly accessible. As a result - and because hackers increasingly realize the impact of shutting down an OT network - more and more attacks are happening that focus on industrial networks.