Carnegie Mellon University
Carnegie Mellon Institute for Strategy & Technology

CMU's Home for Political Science and International Relations

CMIST logo

Securing the Race for AI, Powering the Race for the Future

How Modern Energy Technologies Can Deliver Abundance While Protecting our Infrastructure—and our AI Progress—from Attack

 By Harry Krejsa

Executive Summary

Artificial intelligence's explosive growth is driving a historic transformation of America's energy infrastructure. A proliferation of data centers—including training-focused megaprojects and more dispersed inference centers—is creating unprecedented electricity demand, spurring a level of recapitalization and modernization of our power grid that no other critical infrastructure sector enjoys.

Yet this AI-driven buildout is also arriving at a moment of profound vulnerability. Our aging grid—a hodgepodge of digital tools sitting atop an analog foundation that was never designed for modern levels of connectivity—has already been infiltrated by cyber operatives from the People’s Republic of China (PRC), who are actively embedding disruptive capabilities to sow chaos during a potential conflict.i With only 10-20% of our electricity system under federal cybersecurity oversight, a rapidly-diversifying industry ecosystem, and an outdated governance apparatus too fragmented to address systemic vulnerabilities, the status quo is dangerously untenable for both the AI race and our critical services.ii

This crisis presents a golden opportunity to pour a stronger foundation for both our public safety and energy ambitions alike. The energy technologies overwhelmingly powering our recent grid expansion are far more digitallynative than what has come before, from smart inverters and battery storage to virtual power plants and on-site co-generation. These modern systems were designed from the ground up with software at their core, enabling modern cybersecurity features and the ability to update and evolve in response to emerging threats. These technologies are also shepherding a smarter, more distributed grid architecture—one that is not only more defensible, but also resilient and self-healing, capable of quarantining disruptions and preventing cascading blackouts.

Many of these modern technologies also promise a new frontier in energy security. Nuclear power, geothermal wells, inverter-based resources, and battery storage—the preferred energy sources for most tech giants, and the source of most new electricity being added to the grid—either require no or infrequent refueling, and in some cases even approach near-zero-marginal-cost electricity generation.iii Being liberated from the vicissitudes of commodity fuel prices would not only be a significant benefit for American energy consumers, but also another valuable defense against a US-PRC contingency in the Indo-Pacific. Our allies and partners in the region, upon whose grids our own forward-deployed forces rely, are heavily dependent on maritime fuel shipments for their electricity. Modern and digitally-native energy technologies promise to be not only more defensible against the kinds of cyberattacks we know Beijing is planning against our allies, but also more resilient against blockades and other naval risks that fragile fuel tankers will likely face in any such conflict.

But as the AI boom brings more opportunities to harden our grid against attack, it may also increase the interest of potential attackers. Compute power is directly and increasingly tied to electricity availability, making our grid the strategic chokepoint in the race for artificial intelligence advantage. As Beijing recognizes the strategic implications—especially after tools like DeepSeek, Qwen, and Manus demonstrated China's formidable AI capabilities—it will likely paint an even bigger target on our energy infrastructure and increase their and others’ risk tolerance for more aggressive cyber operations. The shift from training-intensive to inference-intensive AI compounds this challenge, as compute requirements diffuse from remote mega-centers to more distributed, latency-sensitive facilities closer to users—and potentially growing our compute infrastructure’s attack surface in the process.

While the United States has a narrow lead in the AI race for now, China has secured an advantage in the swift, cheap deployment of electricity that will power the race into the future. Beijing has used its early capture of smartphone and electronics manufacturing to dominate what some are calling the "electrotech stack"—the foundational components that underpin modern energy systems, AI infrastructure, robotics, and many other technologies that will likely be key to future innovation and growth.iv Beijing controls the majority of global battery production, precision magnets, power electronics, and other critical components that were refined and miniaturized during the smartphone revolution and now define the digitally-native energy future. These cascading advantages mean that even as the United States races to deploy modern energy technologies to power our AI ambitions, we remain dangerously dependent on the very actor from whom we need to defend our grid. While federal investments retained in the One Big Beautiful Bill Act continue to support the standup of domestic battery manufacturing, advanced nuclear, and enhanced geothermal development, we are still playing catch-up in a game where China already has secured a considerable lead.

The convergence of energy and compute infrastructure around this shared electrotech heritage means that securing our AI future will require not just building more data centers or power plants, but fundamentally reconceptualizing, securing, and—where risk prioritization requires it—reshoring the component technologies that make both possible. Our policy and governance frameworks are dangerously unprepared for this convergence of opportunities and challenges accompanying the AI-driven grid transformation. Traditional infrastructure protection bodies have been slow to incorporate modern energy stakeholders, new market entrants are too often naive about security risks and supply chain dependencies, and no unified approach exists for the convergence of digital and legacy technologies that are reshaping our grid.

Success will require urgent action and national leadership across three lines of effort:

  • Unifying strategic priorities for the security, availability, and swift deployability of modern energy technologies;
  • Organizing disparate modern energy and national security stakeholders across the public and private sectors; and
  • Maintaining vigilance over fast-moving developments in both AI architectures and energy systems that could rapidly shift our security posture.

Taking these steps will ensure the public and private sectors are prepared to collaboratively secure the energy foundation for America's future while denying our adversaries the leverage to disrupt it.

securing-the-race-to-ai-8x11.png

Click to access downloadable pdf

  • The AI boom is creating unprecedented demand for electricity, driving a massive and digitally-native expansion of the US power grid. This transformation could either bring vital security and resilience advantages with it, or merely paper over our grid’s vulnerability to attack, particularly from China, whose hackers have already infiltrated our aging infrastructure.

  • Defending our energy ecosystem—and the AI race it is powering—will require a whole-of-nation strategy that integrates new, modern energy stakeholders with traditional national security leaders. Only by leveraging both perspectives can the United States simultaneously capitalize on the abundance and security potential of modern energy technologies, mitigate their sources of technical risk, and retake industrial leadership from China’s early advantage in the field.

  • Speed and adaptability must define our response. The convergence of AI and advanced energy infrastructure is evolving faster than our governance structures can keep up. Success will require:

  • Rethinking existing industry convening and coordination structures;
  • Adopting more dynamic risk and reward assessments to identify critical "linchpin technologies” (like batteries, smart inverters, or virtual power plants);
  • Combining public-sector threat intelligence with private-sector purchasing power to drive secure-by-design practices and streamline secure deployment; and
  • Accelerating R&D priorities on “leap ahead” technologies that can break our dependence on Chinese-controlled supply chains, like next-generation batteries, enhanced geothermal, advanced nuclear, or fusion energy.

The United States needs unified, strategic priorities for the security, availability, and swift deployment of modern energy technologies

Beijing clearly views its early lead in modern energy manufacturing, and its ability to rapidly deliver resilient and abundant electricity, as a strategic asset worth protecting. Chinese President Xi Jinping has repeatedly emphasized the need to coordinate "new energy" development alongside broader national security considerations, fusing its national security and economic impacts.v As global investment in these digitally-native technologies approaches $2 trillion annually, China has positioned itself at the center of one of history's largest capital opportunities—insulating itself from economic isolation while maintaining leverage over critical supply chains.vi The United States must signal an equally serious political, financial, and security commitment to leadership in these technologies.

While Washington shouldn't reactively mirror Beijing's every move, it must recognize when our competitors are right: Modern, digitally-native energy technologies are not just trendy nice-to-haves, but strategic imperatives for maintaining competitiveness in both the AI race and the broader contest for technological leadership.

RECOMMENDATION

The US government should adopt a whole-of-nation strategy to guarantee the security, availability, and vendor trustworthiness of the modern energy technologies that will be key to powering the AI race and subsequent engines of innovation.

  • This strategy should focus in the near term on the cybersecurity of key modern energy technologies (especially those with high dependence on PRC supply chains) and scalable solutions to promote the faster deployment of secure and resilient electricity.
  • For the medium term, it should adapt lessons learned from US and allied semiconductor supply chain diversification efforts, including maintaining both leading-edge innovative engines to maintain advantage as well as trailing-edge production capacities to hedge against supply disruption.
  • This strategy should prioritize maintaining US and allied leadership in international energy technology financing. This should ensure that cyber-secure and trusted technology is accessible to emerging markets, that those markets’ demand can contribute to scaling US and allied manufacturing capacity, and in so doing, balance PRC influence over the future of those markets’ energy security so we avoid another Huawei-and-5G-style setback.vii

National leadership is required to organize disparate modern energy and national security stakeholders across the public and private sectors

The development, security, and deployment of modern energy technologies is increasingly intertwined with US-China competition, but the communities driving each remain dangerously siloed. Traditional energy and security stakeholders possess decades of experience mitigating national security threats, but are poorly integrated with the entrepreneurs and innovators deploying digitally-native technologies that now comprise the large majority of new electricity generation. Meanwhile, modern energy developers—often smaller, more numerous, and less security-sophisticated than their traditional counterparts—are racing to deploy sophisticated software-defined systems without adequate access to threat intelligence or security frameworks. This disconnect extends throughout our governance structures: public-private critical infrastructure protection bodies have not updated their frameworks to address the fundamentally distinct way modern energy technologies interact with digital connectivity, while energy policy processes deploy grid-transforming technologies with minimal integration of national security expertise.

The convergence of AI compute and rapidly-digitizing energy infrastructure demands a more integrated "China risk/energy risk" community of practice that can transform sources of potential technical vulnerability instead into strategic advantage, but will require leadership from the White House and industry executives to succeed.

RECOMMENDATION

The US government should intentionally integrate relevant national security and modern energy policymaking processes and frameworks.

  • Given the rapidly growing importance of modern, digitally-native technologies to our grid, the National Energy Council—and other relevant energy-focused policymaking bodies and processes—should include CISA and the National Security Agency in its membership.
  • The next National Infrastructure Risk Management Plan, a White House-directed policy update coordinated by CISA and due later in 2025, should explicitly incorporate the novel considerations introduced by modern energy technologies.

RECOMMENDATION

Industry coordination and intelligence distribution bodies, like Information Sharing and Analysis Organizations and Centers (ISAOs/ISACs), should ensure their membership and processes are designed to incorporate and engage with the modern energy ecosystem and its structural novelties.

  • ISAOs/ISACs should review a) their membership to ensure they reflect the modern, digitally-native energy influence in their marketplaces, and b) restructure their coordination mechanisms to better integrate with smaller, more numerous, and less risk-sophisticated modern energy stakeholders.
  • ISAOs/ISACs and sector-specific coordinating councils should adapt security and resilience resources for modern energy stakeholders’ unique considerations, including those on secure-by-design principles, technical standards implementation, and open-source software security.

RECOMMENDATION

Electricity sector stakeholders, from utilities to the tech industry, should drive coordinated cybersecurity practices that are tailored to and scalable among the broader modern energy marketplace.

  • The country’s energy utilities should coordinate on shared guidance for “what right looks like” for the unique cybersecurity considerations of integrating digitally-native energy technologies into their grids. This will make it easier for more modern energy vendors to scale their contributions to security and resilience across different regional regulatory jurisdictions and integrate into different regional grids more quickly, all while helping mitigate broad regulatory gaps in electricity infrastructure cybersecurity.
  • Cloud computing hyperscalers, whose next-generation AI training and inference data centers are helping to propel historic increases in electricity demand, should use their purchasing power to inform and drive new modern energy cybersecurity practices. As some of the few actors in the US economy possessing deep expertise in both energy economics and PRC exploitation of flawed software, today’s AI-driven hyperscalers should use their influence over the next generation of energy deployment to inform and drive the development of modern energy-specific security practices.

Maintaining vigilance over fast-moving developments in both AI architectures and energy systems that could rapidly shift our security posture

The convergence of AI and modern energy infrastructure is evolving at unprecedented speed, demanding frameworks that can adapt as quickly as the technologies they govern. Just years ago, batteries were peripheral to grid planning—today they keep entire states’ grids operational during peak demand.viii The shift from training-intensive to inference-intensive AI is similarly upending assumptions about data center geography, latency requirements, and co-located generation needs. Our prioritization frameworks must be equally dynamic, capable of rapidly reassessing which technologies pose the greatest systemic influence—and bring the most digital risk—as the landscape shifts. Virtual power plants, for example, are entirely software-defined with massive systemic impact, yet their digital nature may make them easier to secure through established software validation practices—if we act quickly. Batteries present a more complex challenge: digitally sophisticated enough to pose risk, systemically critical to grid stability, yet often dependent on Chinese supply chains that challenge traditional security controls. Meanwhile, breakthroughs in solid-state batteries, enhanced geothermal, or fusion reactors could suddenly offer leap-ahead opportunities to break supply chain dependencies—but only if policymakers are watching for them.

As specific technologies and threats evolve, certain principles must endure: prioritizing the security of our most systemically critical infrastructure, maintaining vendor trust and supply chain awareness, and ensuring that every new deployment enhances rather than undermines our grid's defensibility against adversary attack. But in this current environment, our greatest risk may be fighting yesterday's war with outdated assumptions about where threats and opportunities lie. To operationalize this balance between enduring priorities and adaptive flexibility, we need assessment frameworks that are rigorous enough to guide billion-dollar infrastructure investments yet nimble enough to evolve with the rapidly shifting AI-energy landscape. These frameworks must evaluate both relative risk—assessing digital exposure and systemic influence across technologies—and difficulty of remediation—identifying which vulnerabilities can be addressed through scalable interventions, versus those requiring bespoke solutions.

The convergence of AI and modern energy infrastructure is evolving at unprecedented speed, demanding frameworks that can adapt as quickly as the technologies they govern. Batteries evolved from grid afterthoughts to essential stability anchors in just a few years; the shift from training-intensive to inference-intensive AI is similarly rewriting assumptions about where compute must be located and how it must be powered. This velocity of change creates a dangerous gap: Our security structures and supply chain strategies are calibrated to a landscape that no longer exists. Technology policymakers until recently barely tracked—like virtual power plants, demand response, energy storage, and distributed microgrids—now hold systemic influence over our grid's resilience, yet many remain deeply dependent on PRC-controlled supply chains or operate outside traditional security oversight.

This dynamism demands a more nimble approach to risk assessment and technology development—one that can identify which emerging technologies pose the greatest security exposure while simultaneously spotting opportunities to break free from geopolitically risky dependencies. We need frameworks agile enough to continuously reassess the threat landscape as new technologies achieve critical mass, yet rigorous enough to guide major infrastructure investments. Equally important, we must actively cultivate breakthrough alternatives—like in solid-state batteries, enhanced geothermal, or advanced nuclear and fusion—that could provide leap-ahead substitutes for the PRC-dominated components that define our energy supply chains. The US government should work with industry to establish assessment mechanisms to track this evolving landscape, and R&D priorities to shape it in America's favor.

RECOMMENDATION

The Office of the National Cyber Director, Department of Energy, CISA, and the National Security Agency should develop a joint risk and remediation framework for modern energy technologies.

  • The assessment should recognize “linchpin technologies” key to our AI-driven grid buildout according to digital exposure, systemic impact, and relevant threat intelligence. It should identify areas of scalable interventions for swifter and more secure deployment—such as with broader adoption of certain secure software development practices—and areas where bespoke interventions may be required.
  • The assessment should consider near-term cybersecurity considerations as well as longer-term supply chain dependencies that may impede greater certainty in relevant technologies’ security and resilience.

RECOMMENDATION

The Office of Science & Technology Policy, the Department of Energy, and the Department of Commerce should establish an R&D strategy for modern energy technologies that not only are game-changing generation and storage tools, but also provide “leap-ahead” substitution opportunities for US and allied manufacturers currently dependent on PRC supply chains and electrotech advantages.

  • This R&D strategy should identify and accelerate emerging technologies that could help break U.S. and allied dependence on vulnerable or insecure supply chains.
  • This strategy should adjudicate for which technologies the United States is willing to tolerate relative PRC dominance—perhaps including, for example, relatively “dumb” and commodity energy components—and those that are more systemically impactful and over which the United States should seek to retain influence, such as in battery storage or other more digitally-native platforms.

Endnotes

i “Statement of Admiral John C. Aquilino, US Indo-Pacific Command, on US Indo-Pacific Command Posture, to the US House Armed Services Committee,” Congress.gov, 20 March 2024, https://www.congress.gov/118/meeting/house/116960/witnesses/HHRG-118-AS00-Wstate-AquilinoJ-20240320.pdf.

ii “Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid,” Government Accountability Office, August 2019, GAO-19-332, https://www.gao.gov/products/gao-19-332.

iii Dan McCarthy, “Chart: 96 percent of new US power capacity was carbon-free in 2024,” Canary Media, January 2025, https://www.canarymedia.com/articles/clean-energy/chart-96-percent-of-new-us-power-capacity-was-carbon-free-in-2024.

iv Daan Walter, Sam Butler-Sloss, and Kingsmill Bond, “Rewiring the Energy Debate,” The Electrotech Revolution, May 2025, https://electrotechrevolution.substack.com/p/rewiring-the-energy-debate.

v “Xi Jinping Emphasizes Vigorously Promoting High-Quality Development of New Energy in China to Make Greater Contributions to Building a Clean and Beautiful World during the 12th Collective Study Session of the CCP Central Politburo,” CSIS Interpret: China policy document translation, published by Xinhua News Agency, 29 February 2024, https://interpret.csis.org/translations/xi-jinping-emphasizes-vigorously-promoting-high-quality-development-ofnew- energy-in-china-to-make-greater-contributions-to-building-a-clean-and-beautiful-world-during-the-12th-collective-study-sessio/.

vi Executive Summary of the World Energy Outlook 2024, International Energy Agency, October 2024, https://www.iea.org/reports/world-energy-outlook- 2024/executive-summary.

vii Brian Deese, “The Case for a Clean Energy Marshall Plan: How the Fight Against Climate Change Can Renew American Leadership,” Foreign Affairs, 20 August 2024, https://www.foreignaffairs.com/united-states/case-clean-energy-marshallplan-deese.

viii Robert Walton, “Batteries are making the grid more reliable: NERC,” Utility Dive, June 2025, https://www.utilitydive.com/news/batteries-grid-state-ofreliability- nerc/750649/; Garrett Golding, “Solar, battery capacity saved the Texas grid last summer; an uncertain future awaits,” Federal Reserve Bank of Dallas, January 2025, https://www.dallasfed.org/research/economics/2025/0114.