AI is changing the world as we know it. From powering the development of autonomous vehicles, to driving breakthroughs in healthcare and medicine, to enhancing decision-making and productivity for businesses, AI has proven its value many times over. 

But there’s no AI without power, and the technology has a massive appetite for energy. In fact, Goldman Sachs Research predicts that data center power usage will increase by 160% by 2030 due to AI’s sky-high energy requirements. While this spike in demand creates exciting new opportunities for utilities, it also makes them a prime target for both physical and cyberattacks.

Earlier this year, the North American Electric Reliability Corporation warned that U.S. power grids are becoming increasingly vulnerable to cyberattacks, with “the number of susceptible points in electrical networks increasing by about 60 per day.” Physical attacks are on the rise too, as “power grid operators identified 200 instances of vandalism, suspicious activity, sabotage, or physical attacks” on energy substations last year. 

Utility companies need to get ahead of these threats now, because the impact of a widespread attack could be devastating — think power outages that disrupt critical infrastructure like hospitals, severe economic loss, and, most concerningly, the potential threat to public safety and national security.

Utilities’ preparedness for such scenarios varies, but there is a general urgent need for stronger security measures as these companies increasingly partner with large cloud providers and systems integrators. While some utility companies have taken a proactive approach by investing in AI and other advanced technologies to detect and respond to threats more effectively, they are not the majority.

Furthermore, many utilities rely on aging, legacy infrastructure — both virtual and physical — that leaves them vulnerable. The average age of electrical infrastructure in the U.S. is forty — with 25% of the grid being fifty-plus years old — and many still use decades-old IT systems.

Let’s explore how utilities can safeguard against the heightened risk of attacks as they power the next wave of AI innovation. 

Adopt AI-powered solutions to bolster physical security

With so much emphasis on the importance of cybersecurity in today’s world — and for good reason — physical security can tend to fall by the wayside. But as the demand for power skyrockets, investing in stronger physical security is crucial not only to drive AI innovation, but to protect critical infrastructure and prevent outages. 

In 2022, there were over 100 reports of attacks and suspicious activity at U.S. substations and power plants within the first eight months of the year alone. And in December of that year, intruders opened fire on two electrical distribution substations in North Carolina, leaving over 40,000 residents without power for up to four days. These types of incidents will likely increase alongside the demand for power.

Utilities can mitigate these risks by investing in AI-powered solutions that offer enhanced protection against physical threats. For example, AI-infused video surveillance systems can be used to spot abandoned objects or vehicles, detect unauthorized individuals via facial recognition, or alert security personnel to unusual behavior patterns in real time. Additionally, AI can conduct predictive maintenance, identifying potential infrastructure vulnerabilities and scheduling timely repairs and upgrades. 

Use behavioral analytics and anomaly detection to stave off cyberattacks

Anomaly detection is vital for utilities to reduce the risk and negative impact of cyberattacks. It all starts with behavioral analytics: Utilities need to monitor users’ behavior in real time to uncover patterns and gain a holistic view of how they interact with their network. This provides a baseline of “normal” (i.e., safe) behavior, and they can then use AI-powered anomaly detection to alert them to any unusual or potentially dangerous behaviors. 

For example, picture a utility worker doing maintenance in the field. They are supposed to have a work-issued device on their person at all times, but the cybersecurity team receives a notification that the device is miles away from where the worker is supposed to be. Or, perhaps they get an unauthorized access alert. 

This information could indicate that the device is no longer in the possession of the worker, or it is being accessed by a bad actor either remotely or physically. In any case, the utility can immediately lock the device until the issue has been investigated and resolved, potentially thwarting a full-blown cyberattack.

Adopt infrastructure built for the AI era

Although many utilities still use legacy IT infrastructure, there has been a growing trend towards modernization in recent years. Now more than ever, utility companies need to consider adopting infrastructure that can keep up with the new and unique demands of the AI era. 

One such example is a zero-trust architecture, or ZTA, a security framework that operates on the principle that no user, device, or network connection should be trusted by default, even those within an organization’s network. A ZTA framework can enhance utilities’ cybersecurity posture by reducing their attack surface, improving compliance and aiding in real-time threat response.

Utilities can also deploy a data pillar within their ZTA framework to further bolster the protection and management of their data within the architecture. Data pillars can enforce strict access controls and implement data encryption to protect utilities’ most sensitive information.

AI’s demand for power isn’t going anywhere. Now is the time for utilities to adopt new technologies and best practices to improve their security posture. By leveraging AI-powered solutions for physical security, and a combination of behavioral analytics, anomaly detection, and ZTA to protect data and mitigate cyber threats, utilities can power the next generation of AI innovation safely and securely.