Trust—a cornerstone of today’s AI-driven, flexible, digital energy ecosystem

As is true with most industries, trust is the bedrock that the electrical utility industry is built on. In the end, the customer expects their utility to reliably and safely deliver power and trusts it to do that year round without fail. To maintain that trust, utilities mobilize massive amounts of capital and manpower. In 2023, U.S. investor-owned utilities spent over $170 billion in capital expenditures on their operations. 

The challenges and solutions for maintaining trust in today’s centralized physical grid are well understood. However, the grid is rapidly moving to a more digital, flexible, and distributed model. In this new ecosystem, the challenges to maintain the same customer trust are moving to the digital realm. Unless the utility industry adopts and invests in the digital infrastructure and technologies needed to maintain it, they risk not only greatly damaging customer trust and relationships but creating issues with regulators as well.   

AI-driven flexibility is both valuable and inevitable

With decarbonization of the electricity system well underway, the combination of increasing amounts of renewable energy, distributed energy resources (DERs), and demands for electricity is stressing the grid in ways not seen before. The tried and true methods of over a hundred years of history of grid operations still have their place, but the current logjam of interconnection requests and need for new generation combined with long lead times for new construction is showing their limitations.

Modern IoT, communication, and AI technologies have created solutions for a more flexible grid that holds the promise of meeting the various demands on the grid while reducing the need for new infrastructure investments. Virtual power plants (VPPs) are one emerging flexibility solution that uses AI-driven software to orchestrate both utility and customer-owned assets for the benefit of the grid (for more information on VPPs and their benefits see this white paper). Other digital applications for improved grid resilience and flexibility include digital twins, AI-driven vegetation management and fire detection/prediction, dynamic line rating and predictive maintenance. 

The digital threats to trust

While the future of a more digital and flexible grid is bright, today’s headlines reveal an ugly reality: grids around the world are in the bullseye of an increasing number of cyberattacks. For example, a survey found that between January to August in 2024, there were 1,162 cyberattacks on U.S. utilities, a jump of nearly 70% compared to 2023. As a part of critical infrastructure, the grid is a target of sophisticated cybercriminals, often backed by nation states, something that is constantly being warned about by government national security agencies. 

This outlines the current state of digitalization. Let’s look at VPPs as an example of what sort of cybersecurity challenges utilities will face as digital flexibility solutions gain traction.

It’s safe to say that threat actors, many sponsored by nation states, are currently focusing on utility-owned internet connected assets. The adoption of VPPs means we are now adding customer-owned DERs onto an utility’s digital grid. These can range from combined heat and power plants used in industrial facilities to consumer assets such as home batteries, EV chargers, and heat pumps. The unifying factor here is that the utility can no longer fully control the cybersecurity posture of these DERs and they are a rapidly expanding target for threat actors. 

With the expanded attack surface, the opportunities for cybercriminals to create havoc and damage to customer trust in utilities also multiplies. Here are several ways that cybercriminals could abuse DERs to undermine the grid.

• Cybersecurity attacks. With the increase in touch points on the grid, cybercriminals have more opportunities to penetrate these systems. Since DERs and VPPs communicate with an utility’s IT and OT systems, bad actors could potentially reach both of these. This could lead to disruptions in power supply from the utility as well as damage to a customers’ DER assets.
• Breach privacy and confidentiality. To operate, VPPs need to handle information about customers’ use of their DERs. This is very sensitive information. For consumers, a data breach could result in a violation of their privacy and for C&I customers, reveal confidential information about their operations. Not only could this damage customer trust, it could open up utilities to lawsuits as well as regulatory action.
• AI algorithm “poisoning”. There are numerous concerns about errors, bias, lack of transparency, traceability, explainability, and accountability with AI, and these concerns are amplified when an AI system is managing the delivery of a crucial service. AI algorithms rely on accurate data. A cyberattack could potentially alter data coming from DERs or introduce false data into the system, producing potentially dangerous malfunctions in the AI system—and in the energy system it controls. 

Working together to maintain trust in the flexible grid

The move to a more flexible grid will benefit all the members of the energy ecosystem. In this effort though, it’s imperative that customer trust in the reliability and security of the grid be maintained in all layers of the digital infrastructure. 

The expansive and growing number of devices and actors in the ecosystem represents a major challenge to maintain this trust, but it’s not insurmountable. E-commerce systems face myriads of attacks each day from bad actors, but with the cooperation and collaboration from the industry and regulators, it has become a reliable and mainstream part of everyday life. With efforts from all of the energy ecosystem members, we can make the flexible grid a trusted cornerstone of our society.  

Intertrust’s innovations have been part of the effort to keep ecommerce viable and we continue this work in support of the energy industry. Intertrust’s XPNTM (Explicit Private Networking) technology, and the Trusted Energy Interoperability Association (TEIA) standard that XPN is based on, is designed to bring trust through security and interoperability for DERs and the data streams that they produce—regardless of who owns and operates them. 

This is the first in a series of blogs that will explore some of the key elements for ensuring trust in digital flexibility solutions and the AI systems behind them—and how XPN can contribute. The next segment will look at cybersecurity risks inherent in these solutions.