The Unreal describes how the utility industry is increasingly filled with machines that are passably human. The Unreal delivers many benefits across the utility value chain. For example, personalized chatbots can help the least tech-savvy customers make the right choices and feel safe. At the other end of the scale, connecting billions of sensors with automation software will enable new business models that were, until recently, unthinkable. Advanced algorithms will automate local-level network balancing, making real-time decisions that are currently made by grid operators.1
The utility industry is rapidly transitioning from a long period of stability into a new phase of unprecedented disruption through innovation. It is an exciting time for the industry. The changes it makes now will dictate the was energy is produced, transported, stored, traded, and consumed for the rest of the century. However, the benefits can only be realized if the industry pays sufficient attention to the challenges of the Unreal.
Embedding this intelligence into critical national infrastructure exposes the industry to malicious actors using this technology, igniting concerns that may turn into the biggest hurdle for utilities looking to grow their use of AI. Security must be embedded into the DNA of any organization planning to leapfrog into the energy transition. Utilities must plan how to do this from the ground up. The energy system of the future is unique and there are few industries that utilities can learn from. Consequently, the industry will become advanced security pioneers, and become world leaders that other industries will look to.
Protecting critical infrastructure in the future
Connecting billions of sensors to the grid greatly increases the potential risk of cyberattack. And because network utilities will extend their reach behind the meter, so these risks also extend into customers’ premises. A malicious actor that can manipulate price signals can create a huge problem for system operators and all energy users.
Standardizing, modularizing and, automating customers’ assets so they can react to pricing signals involves a significant degree of trust. System operators will bear a huge responsibility to ensure customers’ assets are not hacked or tampered with. Commercial and industrial customers and utilities will both increasingly put plant and maintenance schematics in the cloud, and expose this data to partners. How does the industry protect this information on critical infrastructure?
of consumers trust how AI is being implemented by organizations, overshadowed by the 65% that do not.
If all grid-connect assets are digitized, each asset will have a unique digital identity. If a malicious actor were to change an asset’s ID, a grid operator may think it’s controlling a solar panel, but is in fact controlling an EV charger. In the world of distributed IoT, if asset IDs are wrongly assigned, the system operator will completely lose control of the grid. Furthermore, if a malicious actor initiates the charging of all EVs under the same transformer, they could cause significant disruption.
Expect the unexpected
Customers may not be prepared for the new energy system. Uncertainty, mistrust, and a lack of knowledge of the new market are weaknesses that could be exploited by scammers, particularly where energy is traded, used as a new currency, or shared with others.
of consumers are confident or very confident they can recognize or identify deepfake videos or synthetic content.
For instance, some regulators may encourage a customer-centric market design (CCMD), where energy markets are completely decentralized. Future markets will be incredibly complex and cannot operate under existing settlement rules. They may well be designed to store most transactional data at the point of use, creating a new challenge in data privacy: how to protect customers’ data in a distributed architecture.
The number of energy and service suppliers will proliferate. A customer may have different suppliers for grid-sourced power, aggregation into a local energy market, EV charging, solar and storage maintenance, end energy efficiency. All these suppliers will require data to do their invoicing, which maybe too complex for a grid operator or retailer to manage centrally. Instead, all this customer data could be stored at the premise, and shared by the customer with their suppliers.
of consumers expect businesses to clearly communicate their use of AI as it pertains to the consumers’ interactions with them.
However, retaining transactional data at the point of use not only creates the risk of customer fraud, but also creates a risk that customer data could get into the hands of a malicious actor – for example, using a customer’s consumption pattern to identify when they are unlikely to be in.
Individuals will bear much responsibility so they do not fall victim to scams, but utilities must bear some of this responsibility. Utilities must be vigilant for any energy-related scams that could be developed, use analytics to help customers identify potentially fraudulent activity.
Security becomes a proactive business process
Assets previously hidden to the outside world are now connecting to the internet. All asset owners will expose themselves to risk if they don’t embed security into asset design, from the ground up. Historically, cybersecurity has been a reactive process. Although it has always been complex, it has usually been approached from the perspectives of technology and risk reduction. However, this will change. Utilities will take a more proactive approach to security. As the industry evolves, so do the threats it faces.
of utilities executives report concern over deepfakes and/or disinformation attacks
Security will no longer be an independent function. It will increasingly converge with other aspects of the business, and will become a key parameter of operational resilience. The mantra will be to embed security into the DNA of the utility, across the entire lifecycle of both assets and software, and across the supply chain. Chief Security Officers will sit on the board and have oversight of how security touches all aspects of a utility’s business.
of utilities executives agree that their organizations are committed to authenticating the origin of their data and genuine use of AI.
Many utilities have implemented different approaches to IT and OT management. Many utilities have adopted a cloud-first approach to their IT assets, but OT remains tightly controlled in house. However, utilities will no longer be able to centrally manage grids with billions of connected sensors. The profusion of new devices being deployed will force utilities to embrace edge and cloud if they are to adopt these many new business models. How will utilities protect themselves and their customers from cyberattack? Security must be embedded in the new architectures that include IoT, the metaverse, edge, and cloud computing.
As the utility industry evolves, so malicious actors will also evolve. That means security strategies must also evolve. They will be more proactive, integrated, and holistic to protect against the new risks exposed by the convergence of cyber and physical worlds.
of utilities executives reporting that their organizations are planning to mitigate risks of deepfakes and/or misinformation attacks by preparing proactively
of utilities executives reporting that their organizations are planning to mitigate risks of deepfakes and/or misinformation attacks by implementing verification mechanisms
Timing is everything. So when should utilities embed security into their DNA? The sooner the better, the sooner the simpler, the sooner the cheaper.