Establishing Strong Roots of Grid Security for the Sustainable Growth of AI

As we move into May, my garden in Austin Texas is at its best, the Japanese Maple is flourishing, and the roses and lantana are giving pops of color. The garden benefits from the mild temperatures and gentler spring conditions to allow plants to establish strong roots before the summer heat arrives.

I find myself wondering if there’s an AI tool that would help me keep some of my more challenging plants alive before the weather machine turns to “broil”. This takes me back to my day job, which includes working with energy grid operators to help build the strong roots of cyber security.

April has been an eventful month for the world’s energy grids, let’s look at some of the key developments.

In the U.S., the House Committee on Energy and Commerce heard from former Google CEO Eric Schmidt about the impact and reliance of AI on the energy grid. Schmidt told Congress “Many people project demand for our industry will go from 3 percent to 9 percent of total generation, an additional 29 gigawatts by 2027 and 67 more gigawatts by 2030, this is at a scale I have never seen in my life in terms of energy planning.”

“If China comes to superintelligence first, it changes the dynamic of power globally, in ways that we have no way of understanding or predicting.”

AI’s dependence on the energy grid is clear and if the US cannot keep up with power needs, other countries like China could gain a competitive edge. The energy requirements of data centers are predicted to skyrocket, especially with more advanced and power-hungry systems on the way. The energy grid is being stretched beyond its limits and AI could push up energy prices and create shortages. The energy grid is essential to powering the boom in AI and makes it a prime target for threat actors seeking to destabilize AI leadership or dependent critical systems.

In April we also saw massive blackouts across Spain, Portugal and parts of France that halted public transportation, banking cashpoints and internet connectivity, in one of Europe's biggest ever power system collapses. Spain, Europe’s fourth-largest economy had no electricity, Red Eléctrica de España, the grid operator, is working to figure out what led to this worst-case scenario, a system completely devoid of energy. Whatever the cause, it is an admonitory tale of the importance of a resilient energy grid.

Although some have ruled out cyberattacks as the cause of the recent blackouts, attacks in the sector are growing. Energy systems are increasingly dependent on IT at every stage of the supply chain-generation, transmission, and distribution- all of which must be protected. The need to strengthen grid security has become more urgent since the invasion of Ukraine.

Over the course of a series of blogs we will explore how Keysight is helping grid operators and manufacturers rise to the challenge of improving power generation and cybersecurity while maintaining agility and regulatory compliance. We will discuss the latest trends and how operators can stay ahead of attackers. You will see coverage of IoT, OT and device security, cloud, and network security, as well as the importance of resilient time in the energy grid.

In today’s blog we will focus on the increasing susceptibility of AI to the hidden threats in IoT/OT and devices in the energy sector.

AI’s demand for electricity

The world’s data centers are using ever more electricity, the International Energy Agency (IEA) estimates that global electricity usage by data centers will double in just four years, increasing from 460 terawatt hours of electricity in 2022 to 1,000 terawatt hours annually by 2026. This demand is roughly equivalent to the total electricity consumption of Japan. With governments around the world announcing multi-billion-dollar investments in AI, data center electricity consumption is expected to grow at a rapid pace as AI applications begin to penetrate the market.

Goldman Sachs Research estimates that data center power demand will grow by 160% by 2030. Currently, data centers globally consume 1-2% of overall power, but this percentage will likely double to 3-4% by the end of the decade. The overall increase in data center power consumption from AI is expected to be roughly 200TWh/year between 2023 and 2028, with AI representing about 19% of total datacenter power demand.

This heightens the dependence as well as the risk profile of the energy systems that support the AI datacenters and applications, making them targets for cyberattack.

It is also worth highlighting the additional dependency on water consumption. Data centers use fresh mains water, rather than surface water, so that the pipes, pumps, and heat exchangers used to cool racks of servers do not get clogged up with contaminants. Microsoft's global water use soared by 34% while it was developing its initial AI tools, and a data center cluster in Iowa used 6% of the district's water supply in one month during the training of OpenAI's GPT-4. Therefore, cyber-attacks impacting water supply to the datacenter operations may also be of concern.

The energy sector is a major target for cyberattack

The energy grid faces persistent threats from cyber criminals and hostile states such as Russia, China, Iran, and North Korea exploiting ransomware, AI, and advanced intrusion tools. State-linked cyber groups increasingly target industrial control systems pivotal to energy infrastructure. There are major areas of concern in the energy supply chain, where vulnerabilities exist in interconnected systems, for example GNSS and GPS for timing, and the targeting of subsea cables.

In 2021 the Colonial Pipeline Ransomware attack disabled its IT computer systems resulting in fuel shortages and panic buying in affected states. In 2022 a Russian attack on satellites knocked out communications and control of thousands of wind turbines in Ukraine. In 2023 the China-linked group, RedEcho, attacked India’s power sector during border tension.

According to the E-ISAC, Electricity Information Sharing and Analysis Center, the nation state actors targeting the US energy sector in 2024 included Volt Typhoon, Salt Typhoon, Lemon Sandstorm/UNC757, APT 29 – Midnight Blizzard and GRU Unit 29155.

Last year Volt Typhoon, a China state-sponsored threat actor, targeted energy, transportation, and water sectors in the US and Canada. Its campaigns affected industrial sectors including Electricity Power Generation, Transmission and Distribution. Chinese hackers were active in Massachusetts’ Littleton Electric Light & Water Departments (LELWD) for over 300 days without detection.

We have seen CyberArmyofRussia_Reborn (CARR) confirm attacks on US water and energy facilities. Hunt3r Kill3rs targeted internet exposed OT/ICS devices in the US, Europe, and Israel. And just in the last couple of days I saw a new headline about a cyberattack against a Canadian operator, Nova Scotia Power.

In addition to the IT-focused attacks such as Colonial Pipeline which have downstream impacts on industrial control systems (ICS), there has also been an increase in ICS-targeting malware intentionally designed for adverse effects on operational technology (OT) environments. FrostyGoop Malware is an ICS-specific malware tracked by Dragos. It interacts with ICS devices over Modbus TCP/502, a standard ICS protocol used worldwide. It is undetectable by common antivirus software and was used in Ukraine heating outages in 2024.

Legislation and proactive cyber security testing

Laws like the Network and Information Systems (NIS) Regulations and EO 13636 require enhanced resilience in critical sectors, including energy. The cyberattacks in the US and elsewhere are why regulators like Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) are updating their requirements, to ensure power companies are preparing for the latest threats. FERC has begun to take steps to increase stricter cyber security controls for grid and power providers. FERC 887 and NERC CIP 003-9 are new regulations that impose stricter requirements on electric utilities for internal network security monitoring and remote access.

The costs of non-compliance can be significant. Back in 2019 NERC fined Duke Energy $10 million for cybersecurity failings relating to the CIP (critical infrastructure protection) compliance program.

How Keysight can help

With cyberattacks in the energy sector on the rise it is crucial to implement proactive security measures to safeguard your infrastructure and mitigate potential risks. It is important to validate new devices, networks, application workloads and traffic mixes. Our security testing solutions replicate your environment and support a wide range of protocols and applications with real-world test scenarios.

Keysight can help you to validate and refine your security posture, improving resilience to cyberattacks and ensuring adherence to cyber security requirements. To safeguard your infrastructure Keysight helps you in several ways including awareness and training, configuration management, incident response, risk assessment, security assessment, access control, identification, and authentication, as well as system and communications protection.

Let us explore further how Keysight can help you with device and IoT security.

Spotlight: Device and IoT security in the energy sector

As the energy sector becomes increasingly connected, communications networks will include both terrestrial and non-terrestrial networks which open up additional attack vectors. Back in 2022, Starlink terminals were hacked using voltage fault injection and side channel attacks to gain access to the Starlink network.

Keysight can conduct security assessments of devices connected to the energy grid, including validation of Smart Meters to the relevant Common Criteria Protection Profile. We analyze the hardware (debug and test interfaces and memories), software design, secure boot process, OS (Linux, Android, RTOS), as well as application security and perform targeted reviews to understand the security of your device. We can also analyze the security of the chipsets by considering logical, fault injection and side-channel threats, as well as the immutable firmware on the chips and the overall architecture.

Upgrades, especially of production OT devices, can be very expensive. Do you really want to take a substation down because you need to upgrade the firmware to fix a security flaw? This is why it is so important to do extensive pre-deployment testing of smart inverters, relays, phasors, and other operational devices so you can fix as many problems as possible early. It is also important to maintain an SBOM of deployed devices so that you can get immediate notification if a vulnerability is discovered in a library utilized in a device’s firmware so that it can be remedied or mitigated before hackers can exploit it.

With a long history in the energy sector, Keysight is dedicated to safeguarding critical national energy systems. You can read more about how we keep energy grids safe on our Grid Modernization page.

Keysight is your partner for energy cyber security.