保障低碳人工智能

At the same time, energy networks are being targeted by state actors as part of hybrid warfare and sub-thresholddisruption campaigns. Data centers supporting AI are normally highly resilient, designed to operate for extended periodswithout power from the grid. However, targeted physical and cyber-physical attacks on energy infrastructure could challengethis resilience. Assessment of the most serious national-level risks offers interesting context but is limited as a reference pointfor private sector operators. Systemic risks are not fully understood. Innovation that produces efficiencies may also offerattractive new targets for adversaries. Resilience regulation has evolved to acknowledge not just the physical aspects ofcybersecurity but also direct sabotage, requiring operators to better understand physical risks to their assets and developmitigation plans. Whatever national or regional rules apply, private sector organizations need a coherent approach.How should we think about high-impact, low-probability risks from targeted threats affecting critical infrastructureservices? How can we better understand systemic risk across cyber and physical domains? How do we convertpostulated strategic risk into prioritized actions?Interpretation and compliance with regulations like the EU’s Network and Information Systems Directive (NIS2) andCritical Entities Resilience Directive (due to come into effect for designated critical entities, including the energy anddigital infrastructure sectors, in July 2026) is a start, but operators need to plan beyond mere compliance. Becauseimpacts go beyond individual enterprises, public and private sectors must enhance their coordination to coherently knittogether national-level strategic risks and operational-level risks. Over the last 20 years, security cooperation betweenasset operators and national technical authorities and regulators has evolved—this must now include co-operationbetween subject matter experts and the military, as the UK’s recent Strategic Defence Review (SDR) highlights. We canuse high-level risk registers as a starting point, then drill down to plausible scenarios applicable to operators, to flushout actionable decisions that address risk. We can use modern data science to elucidate complex systemic risks at scale.At an operational level, we can use cyber risk quantification and physical risk quantification to measure risk, includingfinancial impacts, with more confidence, enabling better mitigation options.1Below the threshold for an active state of war to exist, also known as “gray zone” activities.2 Securing Low-Carbon AIAuthor:Steve RumboldSummaryAI demand and net-zero ambitions combine to fuel increased interest in new nuclear andother forms of low-carbon electricity generation. Big tech companies are investing in smallmodular reactors (SMRs) and even exploring recommissioning old nuclear power stationswith high generating capacity. Large new nuclear power stations continue to be constructed,and global investment in renewables and interconnectors is increasing. 1 Concentrated Power NeedsThe UN’s International Energy Agency (IEA) stated in its 2024 World Energy Outlook2that “a substantial increase in electricityconsumption from data centers appears inevitable.” In the UK, around 500 data centers currently consume 2.5%3of allelectricity in the UK. In Ireland (about 120 data centers), the figure is 21%4. Those figures are projected to reach 6% and 30%respectively by 2030. In the U.S., the figures are estimated to grow from 4% in 2024 to between 4.6% and 9.1%.5High loadsare required for both cooling and computation (generative AI searches use 10 times more power than normal Google searches).Despite gains in efficiency over the last decade, these more active servers demand substantial cooling. And, of course, morepeople and technologies are using AI, so we need more data center capacity. The IEA reported the average increase in installedservers was 4% per year from 2010 to 2020, but since 2020 this could be up to around 15% per year. However, from a securityand resilience perspective, the concentration of data centers within national electricity grids poses a more relevant challenge.U.S. data centers are highly concentrated regionally (e.g., in Virginia); the same is true in the UK for (Greater London) and inIreland (Dublin). This concentration of electricity use is summarized by the IEA:Geographical concentration and high electricity demand may exacerbate business continuity risks in the face of intelligentthreat actors.Low-Carbon NeedsData centers are under pressure to reduce carbon footprints by using low-carbon sources. Every big tech company hasmade a commitment to net zero ambitions. In the UK, the generation mix will change by 2030, with offshore wind and otherrenewables dominating. Battery storage offers a means to store energy for peak demand and a response mechanism forsudden frequency drops. Nuclear continues to provide low-carbon “firm” load to