GridSecCon Speakers Cite Threats, Opportunities of AI

From left: Carter Manucy, NRECA; Manny Cancel, E-ISAC; Brian Harrell, Avangrid; Jonathan Homer, CPS Energy; Adam Lee, Dominion Energy | © RTO Insider LLC

Oct 23, 2024 | Holden Mann

Speakers at NERC's annual grid security conference noted that new technology provides opportunities both for threats to the grid as well as for its defenders.

MINNEAPOLIS — With the annual GridSecCon security conference in its 13th year, Electricity Information Sharing and Analysis Center (E-ISAC) CEO Manny Cancel said the event was “incredibly important” for the electric industry and encouraged attendees to use the opportunity to strengthen their bonds.

In his opening remarks on the first day of the conference, Cancel observed this was his first time attending GridSecCon in person, despite having headed the E-ISAC for nearly five years. The first two conferences during his tenure at NERC were held remotely because of the COVID-19 pandemic. Scheduling conflicts kept him away last year, and in the years when he worked at Consolidated Edison, the conference always conflicted with the company’s Board of Directors meeting.

Cancel later added he was glad for the chance to finally attend the event before his planned retirement early next year. (See NERC’s Cancel, Hoptroff to Retire in 2025.)

GridSecCon allows stakeholders “to share our subject matter expertise [and] open up new doors, new connections, collaborations and ways of thinking, especially in the face of … a very complex and challenging cyber and physical security threat environment,” Cancel said, citing a “maturity of cyber attacks [that is] probably at a point that it’s never been at in history.”

“We see threat actors with goofy names or crazy names like Volt Typhoon and Fancy Bear, [but] don’t be fooled,” he continued. “They’re very concerning [and] very sophisticated. … And then, to add insult to injury, we see attempts at ransomware all the time. Our networks are scanned and reconned every single day, billions and billions of times.”

Cancel’s fellow keynote speaker, Sara Patrick, CEO of GridSecCon co-host the Midwest Reliability Organization, agreed that the industry is “witnessing a paradigm shift,” with load growth “larger than anything that we’ve anticipated or seen in decades.” She described how the electric grid had changed just in the time since she joined MRO 16 years ago. She quoted the author April Rinne, saying, “The pace of change has never been as fast as it is today, and yet it is likely to never again be this slow.”

E-ISAC CEO Manny Cancel speaks at GridSecCon in Minneapolis. | © RTO Insider LLC

“We’re living in a world where there’s so much more uncertainty than we’ve ever experienced,” Patrick said. “And I think we, everybody in this room, is a testament to that. We managed our way through a … pandemic, and I like to think that, perhaps as a silver lining from that … was that it brought the world together a bit, and today we have a higher tolerance for uncertainty.”

Cancel joined a panel later in the day examining the risks that artificial intelligence and other technological advances could pose to grid reliability. Along with his fellow panelists, Cancel spoke to concerns about the rapidly expanding capabilities of technology to harm the grid but also noted the opportunities it could present to aid in utilities’ defense strategies.

Adam Lee, chief security officer at Dominion Energy, warned that recent advances in technology have given criminals and extremist groups “tool sets that only nation-state actors have had before.”

Lee was echoing Avangrid CSO Brian Harrell, who said on the same panel that tools like AI could give threat actors the ability to compile immense amounts of information to use against individuals and their employers, or even to impersonate them.

But Lee also observed a danger from businesses using AI tools internally, for example to prepare summaries of information for executives or the public. He said machines reviewing internal data may not notice discrepancies that could point to problems.

“That’s something that we’re really thinking hard about at Dominion,” Lee said. “We built a series of policies around not just the use of AI, but how we manage our internal, proprietary data … what tools are we making available to manipulate that data, and then what are we enabling our work force to [do with] that internal data?”

CPS Energy CSO Jonathan Homer agreed with these concerns, but also suggested companies can benefit from AI to create insights that would have taken much longer in earlier days.

“AI significantly advances the ability to sort through data and find what you’re looking for, even if you can’t accurately describe it,” Homer said, invoking the familiar analogy of a needle in a haystack.

Lee chimed in, suggesting “AI will help you find not only the needle in the haystack, but all the other haystacks you didn’t know existed. … In fact, sometimes you find needles that you weren’t aware existed before you started.”

MRO