Combatting extreme weather and power outages, a growing need for AI

On Monday, October 28, the news in San Francisco was that Tuesday’s winds would trigger another round of power shutdowns. More than 1 million PGE customers in northern California have been affected by planned power outages, a proactive measure taken to protect against igniting or exacerbating on-going wildfires. All over the state, residents and businesses have been impacted by fires and the power shutdowns over the past few weeks. Although I live in Boston, this part of the United States is perhaps my favorite, and hearing about the destruction and impact of the fires from my friends who live there, has deeply saddened me.

In the other regions of the country, October saw Boston battle a bomb cyclone while much of the East Coast experienced unplanned power outages and flooding due to  Nor’easters while monster tornadoes struck Dallas. It has been a terrible month for many of us.

Severe weather and natural disasters have been an issue companies and government officials have been dealing with on the power grid for a few decades but shutting down power as a proactive strike against natural disaster is something new. The changing climate and new norms in weather conditions likely means we’ll continue to see more power outages, both planned and unplanned, as well as weather events that wreak havoc on the critical infrastructure. As these disruptions become increasingly prevalent, what does that mean for cybersecurity and corporate accountability, and is this a problem that AI can ultimately solve?

A security team impacted by Mother Nature

Severe weather can impact our security systems in a number of ways:

• Power could be out in one location of the business, but not the business overall. Data and critical IT could be live but, the ability to securely monitor the network might be partially or completely disabled, leading to more vulnerable data and systems.
• An organization can be fully operational, but the company’s cloud-based security software or managed security provider(s) are unavailable because of an outage, despite claims of fully redundant systems with failover capabilities.
• Everything is up and running, but the security operations center is inaccessible or evacuated because of a weather-related condition (hurricane, flooding, downed trees, wildfires); despite the remote access capabilities, security teams may have limited ability to do their work because they don’t have full functionality off-site.

These are weather-related situations that we have no control over. More and more often we can expect to have a blue-sky day in one state, only to have networks and data impacted by a weather incident happening on the other side of the country or world. Companies may not even realize the temporary loss of its ability to monitor for security threats.

Shutting down the power grid to prevent fires is a relatively new phenomena – one that we may see happening more frequently, and it may happen without significant advance warning. This means organizations have to be ready at a moment’s notice and to take immediate action for how security is applied during planned outage situations.

In addition to planning for power shutdowns to prevent wildfires, companies need to be prepared to expect other types of pre-emptive outages. Will a Verizon, BT or AT&T ever need to take a portion of their network offline to prevent or thwart a cyberattack? That might be an extreme case, but it’s time to start thinking about how we secure our systems when conditions are erratic and further out of our control than perhaps ever before.

AI for extreme weatherproofing

AI-based solutions are already being introduced into organizations to help meet staffing shortages. In the case of an extreme weather event, organizations can expect to have few, if any, people on hand. AI can provide the necessary backup for employees, when you can’t have physical staff on hand. Because AI is also largely based in the cloud, it can continue to help monitor a weather-impacted company’s data and network. In a perfect world, the combination of AI and a remote human element working together can provide a solid security response during a storm or outage.

But we don’t live in a perfect world. And in the case of a perfect storm – it would be a hacker’s dream to have an event that would prevent security workers from getting on site, with some or all of the security defenses down, but with the data still up and running on the network. Granted, this is the absolute worst-case, doomsday scenario, but this is what we, as an industry, must increasingly be prepared for.

To meet such a scenario, we need to think of the next level of intelligence, providing a backup instance that can automatically take action. There has to be enough redundancy, enough artificial intelligence so that if one data center or SOC goes down, the automatic failover is able to seamlessly defend without missing a step, and with the same level of accuracy.

Weather-proofing your security requires building resiliency into your enterprise. We want to believe that everything is built to be resilient, but few things truly are, and we need to be prepared to handle the extreme weather situations and power outages we are now experiencing. As climate change continues to impact our infrastructure in unexpected ways and often without warning, we need to do more to ensure our security systems are resilient and are up to handling the disturbing new norms we are now facing.