AI usage in energy and utilities sector: Challenges and opportunities This blog post was authored by Tyler Chase - Managing Director, Energy and Utilities Industry Global Leader and Luis Castillo - Director, Security and Privacy on The Protiviti View.The challenge: Companies in the energy and utilities (E&U) industry are moving fast to adopt artificial intelligence (AI), including generative AI, to increase their competitive edge. But while AI can help these firms to drive innovation, boost profitability and reduce certain risks, it also increases their exposure to cyber threats.Why it matters: Cybersecurity risk has become only more heightened in the E&U industry in recent years. A proof point: E&U executives cited cyber risk as the number one concern for their industry this year; last year, it appeared among the top five. Meanwhile, cyber threat actors are accelerating efforts to use AI to increase the variety and effectiveness of their attack methods.Bottom line: While E&U companies are ramping up efforts to adopt AI, they may not realise they’re also racing against the clock to gain an upper hand on adversaries intent on using AI to target them. A silver lining is that E&U businesses can also use AI to fortify their cyber defenses. They just need to seize the opportunity to deploy the technology to take their cybersecurity to the next level.Go deeper: The race is on among companies across all industries to adopt AI, including generative AI, in their operations — and it is top of mind for E&U businesses. If they aren’t already piloting AI projects, leading players are either experimenting with the technology or planning to do so soon. Given the sector’s strong interest in maximising the use of AI, it’s not surprising that the value of AI in the energy and power market is projected to exceed US$14.5 billion by 2028. Topics Cybersecurity and Privacy Technology Enablement Industries Energy and Utilities The vast opportunity that AI presents to E&U businesses to increase efficiency and profitability, save costs, and reduce certain risks is clear. Here are some examples of how the technology is already changing how E&U companies operate and make the most of their existing capital and other resources:Utilities can use AI to optimise electricity distribution by analysing real-time data on energy demand, weather conditions and electrical grid performance. They can balance supply and demand more efficiently — adjusting the grid proactively to support anticipated demand — thereby reducing energy waste and improving grid stability.Renewable energy companies can use AI to help increase profitability by analysing real-time data from solar panels, wind turbines and other sources to maximise energy production. This allows them to increase energy output and to sell surplus energy to the grid or other customers.Many oil and gas businesses focused on modernisation have been quick to adopt AI to help reduce risks. For instance, with AI-driven predictive maintenance, they can identify potential equipment failures and reduce unplanned downtime. They can also use AI to analyse data from sensors and video feeds from cameras to monitor safety conditions at refineries, pipelines and drilling sites, and detect safety violations, potential hazards and incidents in real time.But as with all major technology advancements that bring about transformative change, there are potential downsides to making AI an integral part of everyday business operations in an E&U business. This isn’t just about the “garbage in, garbage out” risk associated with training AI models for support in decision-making, or even the challenge of navigating guidelines and requirements for explainable, ethical and responsible AI. Those are certainly top-of-mind concerns — but so, too, is the impact of AI on a long-standing area of risk for the E&U industry: cybersecurity.E&U companies, on the whole, have only recently started to prioritise cybersecurity — a welcome move from an industry that is responsible for maintaining critical infrastructure. However, as companies seek to embrace new tools like AI before they’ve fully addressed other known risks, such as vulnerabilities in their operational technology (OT) systems, they risk falling further behind in improving cybersecurity before they even have a chance to catch up.Cybercriminals Are Innovating With AI, TooFor one, AI tools and systems can expand a company’s attack surface, introducing a host of new vulnerabilities and risks that may not be apparent until it’s too late — just as we’ve seen with the Internet of Things (IoT) and shadow IT. Also, the technology is a powerful tool for threat actors, who are using AI to help them develop or enhance attack strategies such as:Spoofing: AI-driven text-to-speech and voice synthesis technology can mimic the voice of a specific person or impersonate an official entity. Cybercriminals can use AI voice-cloning tools to create convincing voice recordings for phishing calls or voice commands to bypass voice authentication systems and trick unsuspecting targets.Sophisticated phishing and spear-phishing schemes: Malicious actors are using AI to generate convincing and contextually relevant phishing emails, messages or content. Natural language generation models, for example, can create text that mimics the writing style of legitimate senders. AI is also useful for spear-phishing attacks — assisting cybercriminals in identifying high-value targets by analysing data to pinpoint individuals with access to sensitive information or those in key positions within companies.Custom malware creation: With AI, adversaries can enable malware to adapt to its environment so it can evade analysis — for example, malware that can detect if it’s running in a sandbox. Another strategy for evasion is to create fileless malware that resides in a system’s memory, which makes it difficult to detect through traditional signature-based antivirus software.Encryption-cracking: Cybercriminals were quick to embrace AI in their efforts to gain unauthorised access to sensitive data, including financial data and intellectual property. One common technique is using AI to accelerate brute-force attacks by automating the process of trying all possible combinations of keys or passwords until the correct one is found. Machine learning algorithms can also learn from previous decryption attempts and optimise the order in which combinations are tried, making these attacks more efficient than ever.The above uses of AI to further cyber threat activity aren’t just risks for the E&U sector, of course. To help create a clearer picture of the risks that AI presents to energy companies and utilities, here is a quick overview of how the technology’s application in four specific areas can create opportunities for E&U businesses — as well as cybercriminals.OperationsAI opportunities for E&U companies:Enhanced offline mobile apps capable of running AI on the edgeRemote monitoring and controlOptimisation of oil and gas processingAutomated review of contracts and assessment of vendor risksAI opportunities for threat actors:Increased connectivity (via IoT) and an expanded attack surfaceResiliency of attack impact, with the potential for operational shutdownData breaches, including unauthorised access to sensitive operational dataSafetyAI opportunities for E&U companies:Leak and hazard detection and responseDeployment of intelligent, unmanned equipment in high-risk environmentsPreventive maintenanceAI opportunities for threat actors:Compromise of OT systemsSafety event triggeringSpoofing attacks designed to ignore safety responsesTrading and MarketingAI opportunities for E&U companies:Automated demand forecastingOil and gas supply optimisationReal-time data analysis to support trading decisionsAI opportunities for threat actors:Market manipulation (e.g., through the use of deepfake AI)Compromise of financial data and trade secretsGovernance, Risk and Compliance (GRC)/Environmental, Social and Governance (ESG)AI opportunities for E&U companies:Monitoring of environmental parametersIdentifying opportunities to decrease carbon footprintMaking reporting faster, easier, and more data-driven, accurate and completeAI opportunities for threat actors:Data breaches, including the theft or release of sensitive environmental informationManipulation of data to over- or underreport the impacts of environmental incidents or progress toward reducing carbon footprintSilver Lining: AI Can Also Help E&U Companies Take Their Cybersecurity to the Next LevelE&U businesses can leverage AI capabilities to fortify security and gain an edge on adversaries using the technology to attempt to breach their defenses to steal data, disrupt operations, or create other mischief or harm. AI has a vital role to play in these companies’ security operations centers (SOCs) by helping analysts to enhance their ability to detect, respond to and mitigate security threats.AI can be used to automate threat detection and analysis and tirelessly monitor network traffic, logs and data from various sources in real time to identify suspicious activities, malware and anomalies — including insider threat behavior. AI can detect patterns indicative of known threats or emerging attacks that traditional approaches may miss. The technology can help to improve threat hunting by helping SOC analysts to identify and mitigate cybersecurity threats within the network more proactively.And when a cyberattack inevitably occurs, AI-driven automated incident response can greatly enhance an E&U company’s response efforts, including by classifying the threat and recommending how and which SOC analysts should take action based on their skills and availability.AI presents a wealth of opportunity for energy companies and utilities — and for the cybercriminals and other bad actors who seek to target them. In the race against cyber adversaries, E&U companies have every opportunity to get ahead by making AI central to their efforts to improve cybersecurity, both in terms of understanding the risks AI presents and using the technology to create security advantages. Find out more about our solutions: Artificial Intelligence Services AI is changing the way we do business and there’s applied value for almost every function in every industry. We partner with clients to unlock the power of intelligence-based innovations for your business. Cybersecurity Consulting From the speed of innovation, digital transformation, and economic expectations to evolving cyber threats, the talent gap, and a dynamic regulatory landscape, technology leaders are expected to effectively respond to and manage these competing priorities. Power, Utilities and Renewables In today’s rapidly evolving environment, a trusted advisor — who not only provides relevant insights but delivers a combination of strategic vision, proven expertise and practical experience — can enhance the value of your business. Leadership Sam Bassett Sam is the country leader for Singapore. With over 25 years' experience, he's primarily worked in financial services with consulting firms or directly in the banking industry to deliver change and support strategic, tactical, and operation goals across Asia, Europe and ... Learn More Digitising Experiences (Customer & Employee) Creates Value for Energy and Utilities Firms Leaders of energy and utilities (E&U) businesses are becoming increasingly focused on the business impacts of rapidly evolving technology. Read more Podcast – Today’s Challenges and Trends for Utilities Like organisations in virtually every industry today, utilities are addressing a number of critical challenges and trends in the market, from infrastructure demands, to calls to improve the customer experience, to talent demands, and much more. Read more The 5G Effect As the world advances into a more digitised and connected future, what can be learned from organisations that are successfully deploying 5G technology to enable business processes and efficiency. Where is 5G making the biggest difference in the real world? Read more