Power and cooling for data centers handling the huge upsurge of demand from AI adoption are being targeted – and the world’s energy grids are in danger.
There have been some eventful times for the world’s energy grids recently, let’s look at some of the key developments.
In the US, the House Committee on Energy and Commerce heard from former Google CEO Eric Schmidt about the impact and reliance of AI on the energy grid. Schmidt told Congress “Many people project demand for our industry will go from 3% to 9% of total generation, an additional 29 gigawatts by 2027 and 67 more gigawatts by 2030, this is at a scale I have never seen in my life in terms of energy planning.”
“If China comes to superintelligence first, it changes the dynamic of power globally, in ways that we have no way of understanding or predicting.”
AI’s dependence on the energy grid is clear. The energy requirements of data centers are predicted to skyrocket, especially with more advanced and power-hungry systems on the way. Energy grids are being stretched beyond limits and AI could push up energy prices and create shortages. Energy is essential to powering the boom in AI and this makes it a prime target for threat actors seeking to destabilize AI leadership or dependent critical systems.
In April 2025, we also saw massive blackouts across Spain, Portugal and parts of France that halted public transportation, banking cashpoints and internet connectivity, in one of Europe’s biggest ever power system collapses. Spain, Europe’s fourth-largest economy had no electricity. Whatever the cause, it is an admonitory tale of the importance of a resilient energy grid.
Although some have ruled out cyber-attacks as the cause of the recent blackouts, attacks in the sector are growing. Energy systems are increasingly dependent on IT at every stage of supply chain-generation, transmission, and distribution- all of which must be protected.
AI’s demand for electricity
The world’s data centers are using ever more electricity, the International Energy Agency (IEA) estimates that global electricity usage by data centers will double in just four years, increasing from 460 terawatt hours of electricity in 2022 to 1,000 terawatt hours annually by 2026.
This demand is roughly equivalent to the total electricity consumption of Japan. With governments around the world announcing multi-billion-dollar investments in AI, data center electricity consumption is expected to grow at a rapid pace as AI applications begin to penetrate the market.
Goldman Sachs Research estimates that data center power demand will grow by 160% by 2030. Currently, data centers globally consume 1-2% of overall power, but this percentage will likely double to 3-4% by the end of the decade. The overall increase in data center power consumption from AI is expected to be roughly 200TWh/year between 2023 and 2028, with AI representing about 19% of total data center power demand.
This heightens the dependence as well as the risk profile of the energy systems that support AI data centers and applications, making them targets for cyberattack.
It is also worth highlighting the additional dependency on water consumption. Data centers use fresh mains water, rather than surface water, so that the pipes, pumps, and heat exchangers used to cool racks of servers do not get clogged up with contaminants.
Microsoft’s global water use soared by 34% while it was developing its initial AI tools, and a data center cluster in Iowa used 6% of the district’s water supply in one month during the training of OpenAI’s GPT-4. Therefore, cyber-attacks impacting water supply to the data center operations may also be of concern.
The energy sector is a major target for cyber-attacks
In some parts of the world, energy grids face persistent threats from cybercriminals and hostile states, exploiting ransomware, AI and advanced intrusion tools. State-linked cyber groups increasingly target industrial control systems pivotal to energy infrastructure.
There are major areas of concern in the energy supply chain, where vulnerabilities exist in interconnected systems, for example GNSS and GPS for timing, and the targeting of subsea cables.
For example, in 2021 the Colonial Pipeline ransomware attack disabled its IT computer systems resulting in fuel shortages and panic buying in affected states. In 2022 a Russian attack on satellites knocked out communications and control of thousands of wind turbines in Ukraine. In 2023, the China-linked group, RedEcho, attacked India’s power sector during border tension.
In addition to the IT-focused attacks which have downstream impacts on industrial control systems (ICS), there has also been an increase in ICS-targeting malware intentionally designed for adverse effects on operational technology (OT) environments.
Legislation and proactive cybersecurity testing
Cyber-attacks are why regulators like the US Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) are updating their cybersecurity control requirements for grid and power providers, to ensure power companies are preparing for the latest threats.
With cyber-attacks in the energy sector on the rise, it is crucial to implement proactive security measures to safeguard infrastructure and mitigate potential risks. It is important to validate new devices, networks, application workloads and traffic mixes.
But the good news is that security testing solutions can replicate an environment and support a wide range of protocols and applications with real-world test scenarios.
They can help validate and refine energy infrastructure security postures, improving resilience to cyberattacks and ensuring adherence to cyber security requirements with awareness and training, configuration management, incident response, risk assessment, security assessment, access control, identification, and authentication, as well as system and communications protection.
