AI for Utilities: The New Front Line in Defending Against Cyberthreats

From asset discovery to threat detection and response, AI helps force multiply their resources.

Peter Dunn is Federal CTO for CDW Government.

Federal, state and local governments are being asked to do more with less. That includes public utilities, where threats are rampant, stakes are high, and budgets are tight. Yesteryear’s revenue surpluses are behind for state and local entities, and federal funding cuts — including to the Cybersecurity and Infrastructure Security Agency — will only pile the pressure on critical infrastructure security.

Artificial intelligence has been touted as an efficiency driver. It isn’t a fix-all, but it can be a force multiplier in cybersecurity operations. By securing electric grids, water systems and transportation infrastructure, AI can expedite detection, improve response times and help critical infrastructure providers better understand what’s going on in their environments.

But extracting this value from AI requires a strategy. It starts with identifying the problem and not chasing a false promise that AI can do it all.

DIVE DEEPER: Protect OT and critical infrastructure in an evolving threat landscape.

AI Use Cases That Are Already in Motion

AI already delivers strong returns for public utilities in a few key areas.

First, there’s smart grid monitoring. AI algorithms can flag abnormal fluctuations in energy usage or chemical distribution, which can be potential signs of system manipulation or failure. AI tools can provide 24/7/365 monitoring to keep an eye on things when no one else can.

Then, there’s phishing detection. Email filtering tools increasingly rely on natural language processing to provide a frontline defense against phishing attacks. Ransomware typically enters networks through a simple email, and hackers use AI to make those emails more convincing.

AI has also demonstrated value in vulnerability prioritization. Especially in OT- and IT-heavy environments, patching every new vulnerability isn’t realistic. AI can triage vulnerabilities, prioritize high-risk assets and reduce attack surfaces quickly and efficiently.

What all of these use cases have in common is that AI isn’t replacing human decision-makers. Rather, it’s enabling them to work smarter with limited resources.

Click the banner below to access exclusive AI insights.

AI-Based Detection and Response Makes Utilities More Proactive

AI is contributing to a shift away from reactive security and toward proactive security. Again, we’re already seeing this to some extent in real-time threat detection.

Traditionally, detecting threats meant waiting for alerts, then having analysts sort through logs. AI removes the lag by continuously monitoring network behavior and flagging anomalies in real time before damage is done. It provides a tap on the shoulder for the people who need to act, and it does so much faster than previous technologies ever could.

Some machine learning models can even forecast likely attack paths based on historical incidents, threat intelligence and industry patterns. That means utilities don’t have to wait to be hit before they start defending their environments.

On the incident response side, AI tools can take predefined actions the moment a threat is detected. These might include isolating endpoints, alerting responders and preventing lateral movement, which shortens dwell time and reduces potential impact dramatically.

In all of these ways, AI stands at the security frontline.

Overlooked Attack Surfaces: Physical Equipment and Edge Devices

Equipment used by public utilities such as transformers is susceptible to physical damage. The power grid in particular has certain chokepoints that, if damaged, can cause widespread outages. The most obvious way that AI can provide support here is by enhancing video surveillance. Behavioral analytics can recognize and automatically flag potential threats or hazards to physical systems — everything from the recurring appearance of a particular vehicle to a precariously positioned tree branch — and alert authorities.

Other cyberthreats to utilities are simpler but no less dangerous. For instance, one of the most overlooked entry points is sitting in the cab of every public utility vehicle.

Utility trucks often house ruggedized laptops such as Panasonic Toughbooks, which connect to sensitive control systems through wireless networks. These devices can contain operational data, remote access tools and sometimes even credentials technicians use to interface with supervisory systems.

Many utilities aren’t aware of how many of these endpoints are out there, let alone whether they’re patched, monitored and secured.

Additionally, the wireless networks that connect those devices to the mothership may not be hardened. If someone intercepts that traffic or compromises the laptop, the reward could be a direct path into the broader network.

AI can help here, too, by assisting in:

Discovering unmanaged or unknown edge devices
Detecting unusual behavior from endpoints in the field
Monitoring remote access activity for suspicious patterns

These are the kinds of risks that often go unnoticed until something goes wrong.

You Can’t Secure What You Don’t Understand

AI can be expensive, but it doesn’t have to be. The key is to focus on actual needs, not the shiniest technology.

Again, this starts with clearly defining requirements, starting with a specific use case, and then scaling based on results. Utilities can benefit from lower cost or open-source AI tools that deliver meaningful outcomes.

This is especially true for asset discovery. AI can help map the environment to identify hidden or unmanaged devices and highlight how data flows across the system. You can’t defend what you can’t see, and AI brings visibility to blind spots, from the data center to edge devices in service trucks.

Remember: In cybersecurity, you don’t win by being perfect, you win by being prepared. And with the right AI tools, even resource-strapped critical infrastructure providers can start making smarter, faster and more proactive decisions.

This article is part of StateTech’s CITizen blog series.