A recent report from Gartner predicts that by 2028, misconfigured artificial intelligence (AI) will lead to shutdowns of national critical infrastructure in major G20 countries. However, some consultants believe this scenario could occur even sooner.
Gartner emphasizes the need for organizations, particularly Chief Information Officers (CIOs), to reevaluate their industrial control systems as these are increasingly managed by autonomous AI technologies. These technologies, referred to as Cyber Physical Systems (CPS), encompass various components like operational technology, industrial control systems, and the Industrial Internet of Things (IIoT). The report highlights that the primary concern is not typical mistakes made by AI, but rather its inability to recognize subtle changes that skilled human operators typically notice. Small errors can escalate into significant failures.
Wam Voster, a Gartner VP, warned that major infrastructure failures might stem from issues like flawed software updates, rather than external attacks. He stressed the urgency for secure "kill-switches," accessible only to authorized personnel, to prevent unintended shutdowns from AI misconfigurations. As AI systems grow more complex and opaque, the risks associated with misconfiguration increase, necessitating robust human intervention when necessary.
Industry leaders have long been aware of these risks. For instance, Matt Morris, founder of Ghostline Strategies, noted that AI may struggle with detecting gradual changes, which could lead to severe problems if such changes aren’t properly recognized.
Flavio Villanustre from LexisNexis Risk Solutions Group echoed these concerns, observing that AI’s rapid deployment could bring about dire consequences, especially in critical energy and environmental systems. He cautioned that many executives overlook the risks associated with industrial AI, potentially leading to catastrophic outcomes.
Cybersecurity consultant Brian Levine described the reliance on outdated automation layers combined with recent AI implementations as creating an unstable structure prone to failure. He advocates for organizations to adopt established frameworks for AI safety and security to reinforce resilience.
Bob Wilson from the Info-Tech Research Group expressed concern over the rapid advancement of AI outpacing governance measures, stating that the architectural setup of AI should be treated similarly to monitoring insider threats, with rigorous protocols surrounding configuration changes.
Sanchit Vir Gogia, chief analyst at Greyhound Research, suggested that organizations need to shift their perspective on AI, recognizing it as an integral part of the control system rather than merely an analytical tool. This reframed viewpoint mandates a deeper understanding of the potentially catastrophic outcomes of misconfiguration within cyber-physical environments.
Adopting a comprehensive risk management framework that includes monitoring AI behavior and articulating worst-case scenarios for operational components is vital for companies aiming to navigate these challenges effectively.
