Can Artificial Intelligence Keep the Lights On?
The global electricity system is undergoing a major transformation, shifting from a traditional, centralized model to a more digital, decentralized one. This evolution is driven by the integration of more flexible and connected energy assets, such as renewable energy sources, battery storage, and electric vehicles. As essential components of grid infrastructure, such as transformers, substations, advanced sensors, demand response systems, and Advanced Metering Infrastructure (AMI), become digital, we're witnessing a convergence of IT and OT.[1] This means that traditionally separate systems can no longer be managed in isolation, which creates new risks that utilities and their executives must address.
OT SECURITY AT RISK
The digital transformation also promises significant improvement potential for mission-critical functions such as load balancing, fault detection, predictive maintenance, security, and more. However, researchers and experts around the world agree that this creates a complex and expanding attack surface, which jeopardizes business continuity, safety, and security of supply.[2], [3]
Well-documented cyber-physical threats to systems in OT environments include:[4]
insecure communication protocols that lack encryption, authentication, and integrity checks;
weak patch management;
firmware vulnerabilities;
lack of a secure boot process;
Because many Internet of Things (IoT) and IIoT devices are integrated into the OT stack or bridge OT and IT systems, their lack of robust security makes them prime targets for attacks. These attacks can take many forms, including data modification, interruption of operations, malicious commands, or firmware attacks. They can also serve as entry points to other systems, including a utilityβs broader IT network.[5]
Reports indicate a significant rise in attacks targeting OT in the utilities sector. Some studies show a 70% increase in attacks like malware, ransomware, denial of service, and man-in-the-middle attacks in recent years, with some figures suggesting a 2-3x increase over the past five years. In addition, utilities must navigate an increasingly complex regulatory landscape to always ensure compliance.[6]
THE ROLE OF AI IN OT SECURITY
With more utilities adopting AI to optimize operations and create value, the reliance on OT data and its trustworthiness is increasing exponentially, especially as AI begins to automate key processes across the energy value chain.[7]
An emerging AI innovation topic for the coming years is how to leverage AI to address the very OT security challenges its adoption creates. By utilizing AI capabilities in anomaly detection, predictive maintenance, and automated response, utilities can proactively defend their systems.[8]
The following are key use cases currently being explored by researchers and experts:
Real-Time Threat Detection and Anomaly Identification β AI and Machine Learning (ML) algorithms can analyze network traffic, device behaviors, and system logs in OT environments, building behavioral baselines and identifying deviations that signal potential threats. ML-driven systems learn from historical data, flagging anomalous patterns such as unusual login events, unauthorized asset changes, or unexpected sensor values.
Predictive Intelligence and Proactive Defense β ML models can predict and preemptively address vulnerabilities by analyzing trends and patterns in OT data. This predictive capability empowers utilities to take proactive security measures, anticipate attack vectors, and adjust controls before threats materialize.
Automated Incident Response and Compliance β AI-powered orchestration automates repetitive or time sensitive tasks like log analysis, patching, and alert triaging, enabling rapid remediation and minimizing manual workload. This not only accelerates containment during incidents but helps organizations meet strict OT reporting requirements and compliance deadlines.
Tailored Protection for OT Assets β AI systems adapt to unique protocols, device models, and operational environments present in the electrical energy sector, ensuring more specific and effective defense strategies. As OT environments evolve, AI models dynamically adjust detection parameters, maintaining high-fidelity security as new assets and configurations enter the network.
Enhanced Visibility and Scalability β By aggregating and correlating massive, distributed datasets, AI solutions provide comprehensive visibility across largescale OT infrastructures and scale effortlessly with expanding networks. This is critical for utilities and critical infrastructure providers operating thousands of endpoints and sensors.
KEY CHALLENGES & SOLUTIONS
There is no AI without data. Therefore, robust data management and data governance are critical for the successful adoption of AI, particularly for use cases involving OT data and OT security.[9]
AI models require high-quality, well-labeled data, which many OT systems may struggle to produce. AI systems themselves may be targeted by attackers seeking to evade detection, so robust validation and continuous monitoring are essential. Using AI to manage OT security risks is an emerging field that requires time and collaboration.
However, the pace of innovation is rapid, use cases are emerging and some of the core technological building blocks already exist. A promising new approach combines AI-powered hardware and software to secure OT networks and ensure the integrity and authenticity of OT data. This modern, multi-layered approach includes several key features, such as:
Advanced Network Visibility & Monitoring β Deep inspection of traffic and telemetry-driven monitoring, AI-driven anomaly detection, and strict command authorization to prevent unauthorized control of critical processes.
AI-powered Threat and Intrusion Detection β Identifying unusual behavior patterns, detect sophisticated attack vectors that may bypass traditional security solutions in real time to stop cyberattacks before they disrupt operations, support security teams in delivering.
Data Authenticity & Tamper Resistance β Cryptographic protections that verify data origins, detect unauthorized changes, and secure information used in AI driven analytics. Ensures that OT data originates from trusted sources and has not been altered in transit or storage.
Protection against AI Training Data Poisoning β AI models used for predictive maintenance, anomaly detection, and automation in OT environments rely on high quality, trusted data. Prevent rogue data injection, ensuring that AI models are not compromised.
Secure interoperability β Enabling trusted data exchange across diverse energy systems, while bridging legacy and insecure protocols with application-layer protection.
Zero Trust Enforcement & Granular, Key-based Authorization β Ensuring that every command, connection, and dataset is authenticated and authorized. Enforces strong, extensible permissions at the edge, allowing fine-grained access control over OT data and operations, thereby minimizing insider threats and unauthorized access.
Bridging of Insecure Protocols β Address the security limitations of protocols like Modbus by providing application-layer protection. This contrasts with pipe protection technologies (VPN, TLS) and offers a significant advantage: the ability to secure data directly within the application.
Enabling New AI and Other Use Cases β Allows for extensibility to new and complex use cases that are not feasible with traditional network-level security measures.
Conclusion
The result is an end-to-end security framework that protects OT environments, network infrastructure and data integrity across the entire energy value chain from a broad range of threats β while supporting compliance with evolving cybersecurity standards. Utilities can enhance the resilience of their systems, safeguard critical operations, and mitigate the risks posed by modern threats.
[1] Definition OT: Software and hardware used to manage physical operations like SCADA, Industrial Control Systems (ICS), programmable logic controllers (PLCs), distributed control systems (DCS)
[2] M. Negi: Towards the integration of IT/OT technologies in electricity based digitalized energy systems, 2024, University of Vaasa
[3] B. Giacobone: Utilities are facing an AI-cybersecurity paradox, May 2025, Latitude Media
[4] J. Uddoh et al.: Cyber-Resilient Systems for Critical Infrastructure Security in High-Risk Energy and Utilities Operations, 2021, International Journal of Multidisciplinary Research and Growth Evaluation
[5] P. Dunn: AI for utilities: The new front line in defending against cyberthreats, June 2025, StateTech Magazine
[6] V. Kumar: Cyber security of OT networks, Feb 2025, Cornell University
[7] Technical Brief: Utility cyber security and AI challenges and opportunities, March 2023, EPRI
[8] I. Sarker: AI for enhancing ICS/OT cybersecurity, AI-Driven Cybersecurity and Threat Intelligence: Cyber Automation, Intelligent Decision Making and Explainability, Springer, 2024, pp. 137β152
[9]Technical Brief: Utility cyber security and AI challenges and opportunities, EPRI, March 2023