America’s Infrastructure is Only as Strong as Its AI Governance
America’s infrastructure is at a pivotal moment. While the rise of artificial intelligence has introduced new challenges, it also brings powerful tools and fresh opportunities to strengthen our systems.
Recent surges in cyberattacks have highlighted vulnerabilities but have also galvanized leaders to innovate and adapt, ensuring our infrastructure remains robust and secure. AI-enabled attacks have made absolute protection impossible, meaning internal digital policies and governance are all the more critical to minimize system vulnerabilities.
Challenges Faced by American Utilities
American utility owners have long recognized the challenges of maintaining and modernizing the nation’s civil infrastructure systems. The highly exposed nature of electrical grids, water treatment facilities, and gas lines makes them prime targets for attacks. Over the last decade, there have been hundreds of reported incidents of cybercriminals and foreign actors hacking into some of America’s most vital infrastructure systems.
Through August of 2024, cyberattacks on U.S. utilities surged by nearly 70% year over year. The advent of widespread, commercially available AI has created an entirely new headache for utility operators by dramatically lowering the technical savvy required to mount an attack.
On one hand, hackers don’t need in-depth knowledge anymore—just a ChatGPT subscription and a Wi-Fi connection. On the other hand, utility operators now have access to advanced technologies that can both detect and defend against threats more effectively than ever before.
Updating Legacy Systems
Even the best protections and most advanced security systems can no longer defend against the scale of attack that AI enables. Deepfakes have proven capable of bypassing the knowledge-based authentication systems that banks and government agencies rely on, with the global financial sector reporting a 393% increase in deepfake-enabled phishing attacks in one year.
This shift means security teams must move from trying to eliminate every spark to ensuring that, if something does ignite, its impact is contained, and recovery is swift. Part of that is done through using properly installed firewalls and fail-safe systems.
Identifying a breach is where AI can actually help companies defend themselves. AI trained on the right usage data can leverage pattern recognition skills to detect anomalies and early warning signs of an attack. Odd or unusual user behavior can alert IT teams or automatically isolate the affected area until security teams can assess the threat.
The Role of AI Governance
Improved governance and more diligent digital policies can limit the risk an organization faces. Limiting exposure means creating internal firewalls and emergency shut-offs, as well as training and upskilling their workforce on data hygiene and AI use.
Having a workforce that understands what AI is (and what it isn’t) is vital to using AI correctly and safely. Adopting frameworks like the NIST AI Risk Management Framework and conducting regular audits supports compliance and builds a culture of trust.
One of the most prominent threats organizations face due to AI isn’t a traditional attack per se, but rather an accidental data breach caused by lax policies and employee awareness. An analysis by the House Committee on Homeland Security estimated that 1 in 10 intrusions the U.S. faced in 2023 were due to improper access to credentials.
Integrating Advanced Technologies
Organizations need to focus on reducing damage and recovering more quickly when attacks occur. Figuring out how to integrate technologies such as voice recognition, deepfake detection, and biometric recognition will be essential for creating safer infrastructure systems.
Incorporating robust testing, continuous monitoring, and clear guidelines for responsible use will aid these technologies in enhancing security rather than introducing new vulnerabilities.
The Path Forward
It’s not that AI shouldn’t be used in civil infrastructure. Understanding the risks to data privacy and the new vulnerabilities any new technology systems create is critical. Minimizing the impact of human error when interacting with AI is equally vital.
The path forward is clear: When we embrace innovation, invest in people, and foster a culture of proactive governance, America’s infrastructure can not only withstand today’s threats but thrive in tomorrow’s opportunities.
