We’ve detailed how utilities can struggle when it comes to pushing the envelope with innovative technologies or ideas, but those challenges aren’t just about costs or a reticence to change. New tools and ways of doing things can create security risks, and with a relatively recent report saying that nearly 3 in 10 utilities have ‘weak’ cybersecurity, it’s clear that many decide that real risks outweigh the potential rewards.
That’s one of the reasons that cybersecurity is such a major focus at DTECH, with presentations and programming that outline how these risks can be approached not just as a challenge to be solved, but an opportunity to be created. It’s something that Seshadri Nadendla, Utilities Transformation Manager at Deloitte, has helped bring into the program as a member of the Cybersecurity Planning Committee. With over two decades of consulting experience, Nadendla specializes in utility projects that have a focus on grid modernization and advanced metering infrastructure (AMI).
We connected with him to better understand and explore the balance utilities need to strike when it comes to both adopting new technologies and managing the security risks that come with them.
The Evolution of Cybersecurity in Utilities
According to Nadendla, the utility sector is undergoing a profound shift. Historically, utilities have been hardware-driven, with systems and devices that were largely isolated. Today, that’s no longer the case.
“The technology paradigm is changing towards software, firmware, and back office,” Nadendla said. “With the rise of edge devices, AI capabilities, and autonomous controls, everything is becoming connected—from IT and operational technology (OT) to cloud environments and field assets. It’s why cyber is going to be your partner all the way.”
While this increased connectivity has enabled greater efficiency and innovation, it has also introduced new vulnerabilities. That’s why cybersecurity solutions shouldn’t be seen as a challenge to be dealt with but as an opportunity to strengthen existing operations. It’s an approach that requires cybersecurity to be a foundational element of every project, rather than an afterthought. It’s a crucial consideration because those risks and opportunities aren’t just about what’s next, but must equally consider what’s right now.
The Challenge of Integration and Standards
One of the biggest challenges for utilities when integrating new technologies is aligning them with existing legacy systems. Many utilities end up being locked into proprietary, single-vendor solutions that lack flexibility and future-proofing. This can lead to a walled garden ecosystem that hinders a utility’s ability to adapt to a rapidly changing technological landscape.
“Utilities are increasingly trying to move away from the proprietary and the vendor lock-in solutions towards interoperable and open standards, but it’s an ongoing challenge as the open-standards spectrum is still maturing,” Nadendla told Factor This. “NIST and ISO frameworks provide the guidelines, but a tailored approach for each utility is needed, as every organization is unique in its operations, size, and regulatory environment.”
Those are the sorts of specifics that Nadendla is focused on as a member of the DTECH planning committee, where he played a key role in selecting the sessions for the cybersecurity track. He described the difficult task of sifting through dozens of submissions, looking for presentations that offer tangible, real-world insights rather than just theoretical concepts.
“We were focused on the value of presentations that could outline demonstrable outcomes,” he said.
Looking ahead, Nadendla mentioned that he’s excited about topics like the application of AI in the utility sector, particularly in addressing security challenges. He’s also focused on better understanding how utilities are adopting cloud infrastructure and the corresponding security measures. For him, the key is to move from a reactive to a proactive stance on security, using threat intelligence and continuous monitoring to stay ahead of evolving threats, all of which is connected to his advice for utilities as they consider what’s next.
“Prioritize security right from the onset,” he said. “Early investment in secure design, privacy design, and ongoing vigilance will save time, cost, and reputation in the long run.”
