Why Artificial Intelligence Depends on Secure Energy

Recent months have been eventful month for the world’s energy grids, and the future of Artificial Intelligence might be impacted by these happenings. Let us first look at some of the key developments.

In the U.S., the House Committee on Energy and Commerce heard from former Google CEO Eric Schmidt about the impact and reliance of Artificial Intelligence (AI) on the energy grid. Schmidt told Congress: “Many people project demand for our industry will go from 3 percent to 9 percent of total generation, an additional 29 gigawatts by 2027 and 67 more gigawatts by 2030, this is at a scale I have never seen in my life in terms of energy planning.”

He added: “If China comes to superintelligence first, it changes the dynamic of power globally, in ways that we have no way of understanding or predicting.”

Artificial Intelligence’s dependence on the energy grid is clear. The energy requirements of data centres are predicted to skyrocket, especially with more advanced and power-hungry systems on the way. Energy grids are being stretched beyond limits and AI could push up energy prices and create shortages. Energy is essential to powering the boom in AI and this makes it a prime target for threat actors seeking to destabilise AI leadership or dependent critical systems.

In April, we also saw massive blackouts across Spain, Portugal, and parts of France that halted public transportation, banking cashpoints, and internet connectivity in one of Europe’s biggest ever power system collapses. Spain, Europe’s fourth-largest economy had no electricity. Whatever the cause, it is an admonitory tale of the importance of a resilient energy grid.

Although some have ruled out cyberattacks as the cause of the recent blackouts, attacks in the sector are growing. Energy systems are increasingly dependent on IT at every stage of supply chain-generation, transmission, and distribution—all of which must be protected.

Artificial Intelligence’s Demand for Electricity

The world’s data centres are using ever more electricity. In fact, the International Energy Agency (IEA) estimates that global electricity usage by data centres will double in just four years, increasing from 460 terawatt hours of electricity in 2022 to 1,000 terawatt hours annually by 2026. This demand is roughly equivalent to the total electricity consumption of Japan. With governments around the world announcing multi-billion-dollar investments in AI, data centre electricity consumption is expected to grow at a rapid pace as AI applications begin to penetrate the market.

Goldman Sachs Research estimates that data centre power demand will grow by 160% by 2030. Currently, data centres globally consume 1–2% of overall power, but this percentage will likely double to 3–4% by the end of the decade. The overall increase in data center power consumption from AI is expected to be roughly 200TWh/year between 2023 and 2028, with AI representing about 19% of total datacenter power demand.

This heightens the dependence as well as the risk profile of the energy systems that support AI data centres and applications, making them targets for cyberattack.

It is also worth highlighting the additional dependency on water consumption. Data centres use fresh mains water rather than surface water, so that the pipes, pumps, and heat exchangers used to cool racks of servers do not get clogged up with contaminants. Microsoft’s global water use soared by 34% while it was developing its initial AI tools, and a data center cluster in Iowa used 6% of the district’s water supply in one month during the training of OpenAI’s GPT-4. Therefore, cyberattacks impacting water supply to the data centre operations may also be of concern.

The Energy Sector Is a Major Target for Cyberattack

In some parts of the world, energy grids face persistent threats from cyber criminals and hostile states  exploiting ransomware, Artificial Intelligence, and advanced intrusion tools. State-linked cyber groups increasingly target industrial control systems pivotal to energy infrastructure. There are major areas of concern in the energy supply chain, where vulnerabilities exist in interconnected systems, for example GNSS and GPS for timing, and the targeting of subsea cables.

For example, in 2021 the Colonial Pipeline Ransomware attack disabled its IT computer systems resulting in fuel shortages and panic buying in affected states. In 2022 a Russian attack on satellites knocked out communications and control of thousands of wind turbines in Ukraine. In 2023 the China-linked group, RedEcho, attacked India’s power sector during border tension.

In addition to the IT-focused attacks which have downstream impacts on industrial control systems (ICS), there has also been an increase in ICS-targeting malware intentionally designed for adverse effects on operational technology (OT) environments.

Legislation and Proactive Cybersecurity Testing

Cyberattacks are why regulators like the U.S. Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) are updating their cybersecurity controls requirements for grid and power providers, to ensure power companies are preparing for the latest threats.

With cyberattacks in the energy sector on the rise, it is crucial to implement proactive security measures to safeguard infrastructure and mitigate potential risks. It is important to validate new devices, networks, application workloads and traffic mixes. But the good news is that security testing solutions can replicate an environment and support a wide range of protocols and applications with real-world test scenarios.

Keysight can help you validate and refine energy infrastructure security postures, improving resilience to cyberattacks and ensuring adherence to cyber security requirements with awareness and training, configuration management, incident response, risk assessment, security assessment, access control, identification, and authentication, as well as system and communications protection.