AI can protect all energy firms from cyberattack. Here's how

Digitalization is increasing the energy sector's cyber-risk

Digitalization is increasing the energy sector's cyber-risk Image: J Plenio / Pixabay

Leo Simonovich
Vice-President; Global Head, Industrial Cyber and Digital Security, Siemens Energy
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


  • Most energy companies today struggle to detect and prevent cyberattacks on critical infrastructure.
  • Digitalization in the sector has opened up new opportunities for cyberattackers.
  • Could affordable, AI-driven cybersecurity monitoring services be the answer?

In 2019, the Wall Street Journal uncovered a nightmare scenario for any energy company. A small utility in the Western United States had its cybersecurity systems breached by malicious actors based overseas, and did not know about it until government agents informed them. Hackers gained a foothold inside the utility’s defenses and went undetected for months with the capability to cause catastrophic financial and physical damage whenever they pleased by cutting power to businesses, homes, and emergency and national security installations. Energy companies should learn a key lesson from this real-world incident: in today’s energy ecosystem, cybersecurity professionals cannot defend against attacks that they cannot see.

Most energy companies today struggle with the complex technological and economic challenges involved in detecting, monitoring and preventing cyberattacks on critical infrastructure. The operational technologies (OT) and information technologies (IT) responsible for running energy systems today were never engineered to be secured in a digital environment; doing so poses a technical challenge tough to solve and difficult for small and mid-sized operators to afford. Yet in today’s digital energy ecosystem, the failure of weak links can take down critical infrastructure for all participants. Protecting the entire system requires all industrial operators – both large and small – to detect and defend against cyberattacks. New developments in artificial intelligence (AI) based solutions can help all energy companies put defenders ahead of attackers, while adapting to the changing energy landscape.

Have you read?

In the past decade, critical infrastructure has become a prime target for cyberattacks. The digital and technological revolution has transformed the energy sector into a multi-directional network that transfers information with internet-like speed to control physical assets. Digitalization empowers energy companies, utilities and consumers to integrate new OT energy assets – such as power generation, transmission, distribution and end-use technologies – with IT control systems to reduce costs, improve efficiency and lower emissions. But along with these major benefits, each digitally connected node presents a possible cyber vulnerability – that is, a point where malicious actors may potentially enter or manipulate energy infrastructure.

The energy system is witnessing an exponential increase in the number of industrial devices connected to critical infrastructure, both broadening and complicating cyber-defence for the industry’s vast area of attack. What is more, malicious actors are no longer just cybercriminals seeking financial gain. Attackers now include sophisticated state and non-state actors using energy and critical infrastructure in geo-political conflicts. A 2019 Ponemon Institute study surveying the energy sector’s readiness to address this growing spectrum of cyberattacks found that 64% of respondents believed sophisticated attacks, like those designed by nation-states, are a top challenge. Moreover, 54% expected an attack on critical infrastructure in the next 12 months.

This 2019 survey of energy utilities shows the scale of the cyber-threats they face
This 2019 survey of energy utilities shows the scale of the cyber-threats they face Image: Siemens

In this ever-expanding threat landscape, cybersecurity professionals are forced to defend OT and IT systems that were never designed to integrate with a unified security architecture. Defenders are unable to translate huge flows of raw OT and IT data and analyze it to monitor for credible threats in time to take decisive action. In practical terms, this means that defenders cannot see what is happening within their own operations and can easily miss attackers who are actively exploring the network in search of vulnerabilities. Most OT security professionals lack the visibility and context to monitor, identify and prevent attacks before they happen.

The only way to enable rapid human understanding at the scale and pace needed to discover and stop an attack is using AI and automated domain expertise to provide visibility and context. Applying AI for monitoring and detecting cyberthreats in the OT operating environment helps defenders create a unified picture of anomalous behavior and draw out actionable insights for defenders to stop attacks. Automated AI-driven analysis capabilities have so far been limited to the industry’s largest operators, where research budgets can support in-house development. Meanwhile, many small and mid-sized companies struggle to hire or train the personnel needed to maintain status quo cyberdefenses, leaving little budget for research and development expenses. That means a significant share of companies are getting left behind and becoming the weak links in the overall energy system.


What is the World Economic Forum doing about making our electricity ecosystem cyber resilient?

To secure the entire energy ecosystem, the industry needs affordable, AI-driven cybersecurity monitoring services to harden OT targets regardless of fleet size or market share. By combining interoperable and manufacturer-agnostic AI technologies, and efficiently leveraging OT-native human expertise, small and medium-sized energy companies can gain access to monitoring, detection and cyberattack-prevention capabilities, a level of protection only previously attempted in-house at companies with large budgets.

Only by securing all the links in the energy value chain can the industry as a whole continue to develop smart infrastructure, electric vehicles, and decentralized power generation. That means ensuring small and medium-sized companies have the tools and technologies necessary to stop attacks before they start.

This post was originally published by the Atlantic Council.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityEnergy TransitionEmerging Technologies
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum