US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure
The U.S. Department of Energy (DOE) released a summary report on the potential benefits and risks of artificial intelligence (AI) use for critical energy infrastructure, as part of the federal administration’s approach towards harnessing the benefits of AI and ensuring its responsible and safe deployment. The agency also provides an initial risk assessment on AI for the critical energy infrastructure.
As the Sector Risk Management Agency (SRMA) for the U.S. energy sector, the DOE assesses that AI has the potential to be of tremendous benefit to critical energy infrastructure, with a wide range of benefits that can dramatically improve nearly all aspects of the sector – including security, reliability, and resilience. However, it finds that the path to realizing these benefits reveals the clear need for regularly updated, risk-aware best practice guidance to facilitate safe, secure, and beneficial deployment of AI in critical energy infrastructure.
Titled ‘Potential Benefits and Risks of Artificial Intelligence for Critical Energy Infrastructure,’ the assessment identifies ten broad sets of AI applications for critical energy infrastructure, and four categories of potential risk: unintentional failure modes of AI, adversarial attacks against AI, hostile applications of AI, and compromise of the AI software supply chain.
The DOE also determined that “As we navigate the continued deployment of AI across our energy system, a risk-informed approach will allow us to realize the security, resilience, and systemic benefits that AI promises. CESER appreciates the support of energy sector stakeholders and subject matter experts in reviewing and providing feedback and recommendations for improvement on this assessment and is planning to issue an update to this assessment by the end of 2024.”
Building on this report, CESER is announcing plans to expand its engagement with energy sector partners on artificial intelligence, from a security and resilience perspective, over this year. The office will host listening sessions on artificial intelligence with energy sector partners and technical experts this summer and will issue an updated assessment by the end of the year.
Earlier this month, the U.S. administration revealed that the White House Office of Management and Budget (OMB) is releasing its initial government-wide policy to address risks linked to AI and capitalize on its advantages, aligning with President Joe Biden’s AI Executive Order. The Order mandated comprehensive measures to enhance AI safety and security, safeguard Americans’ privacy, promote equity and civil rights, advocate for consumers and workers, foster innovation and competition, bolster American leadership globally, and more.
DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), supported by Lawrence Livermore National Laboratory (LLNL), worked with energy sector partners to develop the interim assessment that identifies the potential benefits of AI use in the energy sector, as well as key sources of potential risk to the sector. CESER leads the Department’s role as the SRMA for the energy sector and works closely with public and private sector partners to strengthen the security and resilience of the nation’s critical energy infrastructure.
“Artificial intelligence holds both incredible promise and potential challenges for the U.S. energy sector,” Puesh M. Kumar, director of the DOE’s CESER, said in a media statement. “The assessment we are releasing today is an integral piece of our ongoing engagement with the sector to harness the power of AI to improve our overall security and resilience, while also working to identify and mitigate risk.”
“This assessment is a critical contribution to the safety, security, and governance of artificial intelligence in the energy sector,” said Helena Fu, DOE’s Chief Artificial Intelligence Officer and Director of the Office of Critical and Emerging Technologies (CET). “DOE is turning aspirations into action, leveraging the transformative potential of AI to address pressing needs such as enhancing the cybersecurity of the power grid, engineering new materials for batteries, and building the next generation of grid-scale storage solutions.”
The assessment identifies ten broad categories of AI applications for critical energy infrastructure, examining each across three timeframes – current applications, applications that are on the horizon, and applications that are in the far future. It includes infrastructure operational awareness, high-complexity modeling and simulation, active controls; and predictive maintenance to provide operators with enhanced, earlier warnings of potential energy equipment degradation or failure, enabling prioritization of the equipment most in need of maintenance, improving reliability, and preventing costly failures before they occur.
The DOE identified that AI can also help with anomalous event detection and diagnosis; malicious event detection and diagnosis; forecasting; system planning; resource exploration and extraction; and scenario generation to help generate ‘synthetic but realistic’ system data that can be used to train system operators on emerging energy technology, enable testing of protection and mitigation measures, and can allow system operators to better leverage the benefits of more distributed, flexible energy systems by bounding uncertainties.
The assessment finds that AI has the potential to be of tremendous benefit to critical energy infrastructure, with a wide range of benefits that can dramatically improve nearly all aspects of the sector –including security, reliability, and resilience. However, the path to realizing these benefits reveals the clear need for regularly updated, risk-aware best practice guidance to facilitate the safe, secure, and beneficial deployment of AI in critical energy infrastructure.
DOE identifies a set of four risk categories, as AI and its energy sector applications continue to evolve, it is expected that these categories will change. These include unintentional failure modes of AI covering bias, extrapolation, misalignment, and energy use of AI; adversarial attacks against AI addressing poisoning attacks, evasion attacks, and data extraction attacks; hostile applications of AI covering automatic parsing of text for vulnerabilities, model inference or model completion based on available data, facilitate model-based design of attacks, and enable autonomous control of devices for physical attacks.
The last risk category is the compromise of the AI software supply chain. An adversary may exploit AI software not only to attack the AI system but also as an intrusion vector to a victim’s broader energy infrastructure systems. This can occur through both proprietary and open-source software, which AI systems are often heavily reliant on –and is potentially a particular concern as AI tools, particularly those relying on generative AI techniques, shift from bespoke design to relying on common tools, libraries, and in some cases, foundation models. As such, cybersecurity and energy system supply chain security best practices are critical to securing the AI software supply chain.
The report identifies key next steps for the energy sector on AI, including convening energy stakeholders and technical experts over the coming months to collaboratively assess potential AI risks to critical energy infrastructure – as well as ways in which AI could potentially strengthen energy resilience and our ability to respond to threats. It will also continue to serve as a trusted partner for the energy sector, and within the government, in offering candid, science- and engineering-driven insights on the benefits and risks that artificial intelligence presents.
Furthermore, the report examines, in coordination with energy sector stakeholders, the public availability of energy sector data and its potential to impact the security posture of owners or operators of energy infrastructure – including when potentially leveraged using AI-enabled tools. It will also support the research and development of innovative tools and technologies that leverage artificial intelligence to strengthen the security and resilience of the U.S. energy system, including against cyber or physical threats.
Lastly, the DOE will explore ways in which AI can be leveraged by existing CESER programs, such as the Energy Threat Analysis Center (ETAC), to ensure that they continue to operate at the speed and scale required by a changing energy system and dynamic risk landscape.
The DOE and CESER view the role of AI in the U.S. energy system as a critical and dynamic topic, requiring an enduring program of effort and sustained engagement as this technology and its uses within the energy sector continue to evolve. For the year, the CESER will expand its engagement with sector partners on artificial intelligence, from the security and resilience perspective, while also working to identify areas of existing and upcoming programmatic focus, where AI is a key consideration.
CESER also plans to brief the highlights of the assessment to energy sector leadership, including the Oil and Natural Gas Subsector Coordinating, the Electricity Subsector Coordinating Council, and entities identified under Section 9 of Executive Order 13636 to inform future engagement on policies, tools and technologies, and risk management efforts.
CESER will host virtual listening sessions with energy sector partners and SMEs on artificial intelligence in the summer of 2024. These sessions will focus on engaging the sector on knowledge gaps, topic areas requiring further analysis or examination, and opportunities to use AI to help improve sector resilience and security.
Related
