"In this short non-exhaustive note, we reflect on Artificial intelligence, the fastest growing technological branch, which may be viewed as a key component that shall define the greatest challenge of our time; the absence of reliable and robust security. With the capabilities provided by AI, and with its proper utilization in the energy sector, we could witness a big difference in predicting failures, achieving efficiency and recovery, and preventing critical data loss and control."
Universal access to affordable, reliable, sustainable, and modern energy for all is a 2030 sustainable development goal, but it can only be realized – Goal to Reality – if modern technologies and innovations are implemented in a way that addresses our major challenges, such as waste segregation, decarbonization, and climate change, among others. The energy sector has been witnessing increased investments and interest over the past years, particularly in renewables, electric vehicles, hydrogen cells, and all sorts of investments geared towards enabling a more sustainable and reliable sector. Not only that, but the digital revolution has caused multiple companies in the sector to rely on the cloud, software programs and transition towards managing and controlling energy-based operations solely via technology.
In this new era that is becoming increasingly interconnected and digitized, digitalization in the energy sector has become integral to both modernization and security. With the capabilities provided by AI, and with its proper utilization in the energy sector, we could witness a big difference in predicting failures, achieving efficiency and recovery, and preventing critical data loss and control. Cyber threats have become dominant and traditional cybersecurity measures are no longer sufficient in detecting, addressing, and combating advanced adversarial cyberattacks. Hence, with such interest in digitalizing and transforming the energy sector comes the threat of cyberattacks.
The obvious question is; why has the energy sector become such an attractive target for cyberattackers? The direct answer would be to destabilize the smooth functioning of societies and governments, in which their survivability is contingent upon a reliable energy infrastructure. A noteworthy event is the 2021 ransomware attack on the corporate computer networks of the colonial pipeline, one of America’s largest pipelines system for gasoline and jet fuel that originates in Houston, was forced to shut down till the adversaries – later identified as DarkSide – received the ransomware demanded. The attack reflected the aging energy utilities and the lack of full scope perspective of the network’s cyber security posture. Other striking attacks include the Shamoon cyberattack on Saudi Arabia’s national oil and gas company, ARAMCO, the attack on Qatar’s national oil and gas company, RasGas – now merged with Qatargas, and the Stuxnet attack aimed at Iranian nuclear facilities. This all reflects that energy companies must prepare for advanced cyberattacks in the sense that this is the new normal.
We won’t go into a discussion relating to the basics and building components of AI as we’ve already done so in previous talks and articles; we shall briefly consider how AI can play a role in not only transforming the energy infrastructure, but also in addressing the established goals of cybersecurity.
The energy sector does indeed become more efficient as a result of AI's ability to analyze a flood of data, but two issues remain unresolved: completely digitizing the sector and the security issue, which continues to be a source of concern and annoyance as cyberattackers have been deliberately targeting energy utilities around the world to alter, disrupt, deceive, or even destroy the systems and networks of energy companies. Obviously, the motivations or aims behind such attacks vary, from data theft to manipulation. The importance of cybersecurity is threefold: confidentiality, integrity, and availability, which are the defined goals of cybersecurity, and when such interconnected systems are attacked, these goals may all be compromised.
With the increase in the volume of data sets, AI thrives in multiple aspects, whether in predicting scenarios, forecasting, preventing unpredictable outcomes, and detect anomalies and stabilize systems and networks by applying different mechanisms such as adversarial training and predictive analytics. It is integral to touch upon the most recent proposed regulation for AI – proposed by the EU in 2021 – which shall, from its text, impose significant obligations impacting businesses across many sectors. The purpose behind such a proposal, still an ongoing legislative battle, is to ensure a human centric and risk-based approach in adoption and utilization of artificially intelligent powered technologies. The proposal classifies AI utilized in the energy sector as high risk, specifically if AI is used as a safety component in the management and operation of critical infrastructure” Article 6. In relation to technical robustness – security of AI – the draft legislation stresses that it is a critical requirement for high-risk artificially intelligent systems. And that “High-risk AI systems shall be designed and developed in such a way that they achieve, in the light of their intended purpose, an appropriate level of accuracy, robustness and cybersecurity, and perform consistently in those respects throughout their lifecycle.” In essence, the proposal reflects that in order to ensure an appropriate level of cybersecurity in such systems, suitable measures should be taken by the providers of high-risk artificially intelligent systems. Regulation of AI and advanced technologies is worthy of a separate discussion as multiple views can be presented, such as – “personal view:” – proposals always tend to either underregulate or overregulate, and the difficulty in adopting legislation that can strike a balance and adjust to a rapidly evolving area.
In the energy industry, AI has the potential to make significant security advances, particularly in terms of evaluating big data sets and spotting anomalies and aberrant behavior. Energy companies will be better positioned to stay ahead of possible assaults by properly utilizing predictive analytics and other protection measures, since they will attain insight and understand potential weaknesses. As a result, machine learning in AI is better at spotting patterns than humans, and such advanced tech grows more impactful over time.
True, not all energy companies are capable or have the resources to implement resilient security programs supported by AI, but they should be aware of the pressures they face. Building robustness into artificially intelligent systems necessitates a thorough understanding of how AI and its sub-disciplines work, as well as the fundamentals and causes of failure. Most importantly, the sector's recurring yearly attacks highlight the need for meaningful advancements and clear-cut cybersecurity agendas to enable a smooth and continuous transition to being fully digitalized and AI dependent.
Security-by design is the way forward.