COMMENTARY: Unlocking what pundits tout as the unprecedented potential of GenAI may require vast amounts of electric power, and it’s unclear if our existing energy infrastructure can handle the task.
The nation will have its challenges, especially since the adoption of GenAI comes while we face competing demands from other goals, such as developing electric vehicle charging stations, building domestic advanced manufacturing industries, and dealing with climate-change.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Security has also become a hot topic given the potential for GenAI to become an important element in our daily lives. Attackers could target GenAI’s availability indirectly via the power grid. Both nation-state adversaries and criminal groups already target the U.S.’s energy grid. As GenAI becomes more important, the energy sector will become an even more attractive target.
Addressing this need for more power, and also addressing new security considerations, requires partnerships between the public and private sectors, with participants ranging from federal agencies and state public utility commissions, to private sector data centers and energy companies.
Some perspective on our energy challenges
Both data center owners and public utilities are already grappling with the challenges of powering GenAI at scale. A computer server performing the large language model (LLM) data training that’s at the heart of GenAI can use up to seven times as much power as a server doing cloud computing or e-commerce. Additionally, GenAI servers often run at full-speed 24/7, unlike the variable power use seen in e-commerce or cloud computing.
For us to support GenAI power requirements, the handful of companies that operate the hyperscale data centers that house GenAI operations are already envisioning their next-generation facilities. Many see them as campuses the size of small towns, with a dedicated power plant on-site, instead of the individual city block-sized data centers seen today.
Finding solutions for powering GenAI at scale will require cooperation between the public and private sector. To build this energy infrastructure will require new technologies, faster building permitting and approval processes, and attention to energy efficiency at every stage, from power generation and transmission through its use. Data centers also require considerable quantities of water, since they can give off as much as 98% of their power as heat rather than as computing power.
GenAI security
Security has become top-of-mind, given the potential for GenAI to become not only an important part of our everyday lives, but also critical to our economic prosperity and national security. Most of the attention has been focused on securing the access and integrity of the foundational AI models and the mathematical weights that shapes their accuracy, of the LLM training data that fuels them, and of the queries made against these models that can reveal sensitive details about users and organizations.
On balance, GenAI security to date has been a “good news, bad news” story. The good news: there are reasonably effective controls for each of these disparate areas of GenAI security. The bad news: we have seen successful malicious exploitation in each of these areas when GenAI providers and users each assumed that someone else was responsible for security. So, while adequate security measures are available, today we must specify and order them a la carte.
We lack the equivalent of the widely-understood shared security responsibility model that exists for cloud computing. However, it took years of breaches and incremental progress for the model for cloud security to mature. This is time we can’t afford, considering the growing prominence of GenAI. The government can help drive the evolution and adoption of such a model by explicitly addressing security expectations in its contracts for GenAI services, by tying funding grants to adherence to security best practices, or potentially by regulation.
The electrical grid functions as a heterogeneous environment, with large well-resourced utilities and small rural producers that lack a full-time IT department, much less a dedicated cybersecurity staff–operating on the same regional power grid. Utility providers already face challenges. In fact, they’re breached twice as often as other types of organizations. Utilities are also often slower to respond and face higher costs than other types of organizations.
How the federal government can help
At the federal level, an alphabet soup of agencies are likely to address power or security for GenAI. Some of the planned AI data center complexes envision on-site nuclear power in the form of small modular nuclear reactors. So the Nuclear Regulatory Commission (NRC) will be involved, along with the Department of Energy (DOE), which recently approved the conceptual design of a plant for advanced nuclear fuel recycling.
Smaller agencies like the North American Electric Reliability Corporation (NERC) and the Federal Energy Regulatory Commission (FERC) will play important roles in ensuring grid resilience and reliability. On the security side, the resources and insight into threat activity delivered by the Cybersecurity and Infrastructure Security Agency (CISA) are invaluable, while the National Institute of Standards and Technology (NIST) creates models and taxonomies that will enhance both cybersecurity and technical/operator interoperability.
Cybersecurity aims to ensure the confidentiality, availability and integrity of information and information-driven services. While we usually think of attacks on availability, such as Denial-of-Service attacks that flood a provider with bogus requests and crowd out legitimate user activity, bad actors could also target GenAI’s availability indirectly through the power grid.
While data centers have onsite backup power, a sustained attack on power generation or transmission leading to a prolonged outage could cause an interruption of GenAI’s availability. Both nation-state adversaries and criminal groups already target our energy grid, and as GenAI becomes more important, the energy sector will become an even more attractive target.
The public and private sector must partner to address both the power and security implications of GenAI.
That’s why all organizations–including government agencies–should stay aware of the challenges that arise when new, unknown, and evolving technology like GenAI gets integrated into our everyday life, critical infrastructure, and into the essential functions of government.
Jim Richberg, head of cyber policy, Global Field CISO, Fortinet
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
