Energy Leaders Call for Stronger IT-OT Integration to Secure Power Grid

Information and operational technology must be securely integrated to ensure the stability of America’s power grid, energy leaders said last week at the 2025 Billington Cybersecurity Conference in Washington, D.C.

“You really need to look at this as a bigger enterprise perspective. When it comes to OT typically, those are the jewels of the organization. That’s where you’re processing your chemicals, you’re running your water, you’re keeping the lights on,” said Juan Torres, associate laboratory director of Energy Security, Resilience and Integration at the National Renewable Energy Laboratory (NREL). “You have to make sure that both sides really understand what you’re doing at a high level.”

Emma Stewart, chief power grid scientist for National and Homeland Security at the Idaho National Laboratory, echoed the sentiment, adding that a lack of communication between OT and IT teams leads to teams finding workarounds to the other’s processes, which can compromise security.

“Some of the OT people can be pretty crafty. If they can’t make something work, they will work around the IT control to actually make the thing work or get the data they need to get. And those teams had to learn to talk, because the IT folks would just go yell at them,” Stewart told the audience.

Stewart noted that emerging technologies like AI are pushing energy leaders to view IT-OT integration as essential. The growth of data centers and AI training for new tools is accelerating enterprise-wide digitization and driving the need for stronger security controls. She said the speed of innovation will force companies to add AI and other emerging tech into their processes to better monitor infrastructure quickly.

“Streamlining comes when you’re forced to do something as well and trying to do it quicker or better,” Stewart said. “There’s some emerging technologies there that are definitely pushing the envelopes, but forcing people to really think about how they’re going to securely digitize everything at this point.”

Part of the challenge in securing infrastructure lies in balancing legacy and modern technologies. Torres noted that the gap between the two is widening, and adversaries are seeking to exploit vulnerabilities in both.

“You still have to secure the old stuff while you’re figuring out how to secure the new stuff. The threat is mostly focused on the new approaches, but that doesn’t mean they’re forgetting about ways to get into your old technology,” Torres said.