AI is next front of the power sector cyber battle, experts tell US lawmakers

The US power sector should strengthen automated defenses against cybersecurity attacks, because China is using artificial intelligence to increase its capacity to plan attacks at a speed and scale that humans cannot address, panelists told US lawmakers July 18.

"Let’s not forget about artificial intelligence as a critical enabler for Chinese attack planning and execution," Paul Stockton, a senior fellow at Johns Hopkins University Applied Physics Laboratory told the US House Energy and Commerce Committee’s Oversight and Investigations Subcommittee.

"The grid is already highly automated in many respects, because of the speed with which operational decisions need to be made." Stockton said. "We need now to begin to explore how we can harness these AI tools to further enhance our defenses and avoid the trap of relying on AI when China may be able to compromise those same tools," he said.

Patient, stealthy attacks

China’s activities are important because the attackers are patient, stealthy and adept at obscuring what they are trying to do, said Manny Cancel, chief executive officer of the Electric Information Sharing and Analysis Center and senior vice president of the North American Electric Reliability Corporation.

The Volt Typhoon cyber campaign sponsored by China targeted critical infrastructure and relied on "living-off-the-land" techniques where attackers observe what is going on in the network and look for vulnerabilities that they can exploit, Cancel said.

China’s activities are particularly concerning because they could be preparing to target the natural gas pipeline system for disruption, which would have ripple effects on the power system, panelists said.

Over the past 15 years, the US power system has dramatically increased its reliance on gas-fired generation, Bruce Walker, the president and CEO of the non-profit Alliance for Critical Infrastructure Security, noted. In his written testimony, Walker cited a report to Congress earlier this year by the Office of the Director of National Intelligence that said China is "almost certainly capable" of cyberattacks that could disrupt critical infrastructure including pipelines.

"Let me connect some dots," Walker said. "Today the loss of critical infrastructure pipelines in the US would result in significant loss of gas-fired generation," which could, for example, trigger large automatic underfrequency load shedding.

Physical threats

In addition to cyberattacks, there has also been an uptick in physical attacks and vandalism to the US power grid. A string of substation attacks in December 2022 in the Pacific Northwest and North Carolina each left thousands of customers without power. In February, federal prosecutors charged an extremist group leader and a Maryland woman with plotting similar attacks on Baltimore's power grid.

Representative Debbie Lesko, Republican-Arizona, noted that there was a chain link fence around the substation that was attacked in North Carolina, and she asked if there should be block walls to physically protect substations.

It is impractical to protect the entire grid that way, Walker said. But there are highly important backbone corridors throughout our transmission system that hold each of the interconnects together that should be protected that way, he said.

"I would offer that those corridors would be protected in a way that we protect nothing else in this country," Walker said. Protecting a couple hundred of those corridors, as well as defense-critical corridors, would ensure the power system does not go completely black and enable the system to be rebuilt, he said.

Lesko asked if the government should pay to physically protect those critical corridors.

The regulatory models exist for utilities to make this investment, but partnership with the federal government or NERC would help, Walker said. Utilities could utilize the Federal Energy Regulatory Commission’s ratemaking process to socialize the costs of physical protection investments across the US, he said.

It is a national security investment, so utilities should be able to use an adder to pay for it, Walker said. "I think the federal government should do it because we are talking about national security and every citizen in the United States benefits from it."