KROLL-保障低碳人工智能（英）

Securing Low-Carbon AISecuring Low-Carbon AIAuthor: Steve RumboldSummaryAI demand and net-zero ambitions combine to fuel increased interest in new nuclear and other forms of low-carbon electricity generation. Big tech companies are investing in small modular reactors (SMRs) and even exploring recommissioning old nuclear power stations with high generating capacity. Large new nuclear power stations continue to be constructed, and global investment in renewables and interconnectors is increasing.At the same time, energy networks are being targeted by state actors as part of hybrid warfare and sub-threshold1 disruption campaigns. Data centers supporting AI are normally highly resilient, designed to operate for extended periods without power from the grid. However, targeted physical and cyber-physical attacks on energy infrastructure could challenge this resilience. Assessment of the most serious national-level risks offers interesting context but is limited as a reference point for private sector operators. Systemic risks are not fully understood. Innovation that produces efficiencies may also offer attractive new targets for adversaries. Resilience regulation has evolved to acknowledge not just the physical aspects of cybersecurity but also direct sabotage, requiring operators to better understand physical risks to their assets and develop mitigation plans. Whatever national or regional rules apply, private sector organizations need a coherent approach.How should we think about high-impact, low-probability risks from targeted threats affecting critical infrastructure services? How can we better understand systemic risk across cyber and physical domains? How do we convert postulated strategic risk into prioritized actions?Interpretation and compliance with regulations like the EU’s Network and Information Systems Directive (NIS2) and Critical Entities Resilience Directive (due to come into effect for designated critical entities, including the energy and digital infrastructure sectors, in July 2026) is a start, but operators need to plan beyond mere compliance. Because impacts go beyond individual enterprises, public and private sectors must enhance their coordination to coherently knit together national-level strategic risks and operational-level risks. Over the last 20 years, security cooperation between asset operators and national technical authorities and regulators has evolved—this must now include co-operation between subject matter experts and the military, as the UK’s recent Strategic Defence Review (SDR) highlights. We can use high-level risk registers as a starting point, then drill down to plausible scenarios applicable to operators, to flush out actionable decisions that address risk. We can use modern data science to elucidate complex systemic risks at scale. At an operational level, we can use cyber risk quantification and physical risk quantification to measure risk, including financial impacts, with more confidence, enabling bette