Enterprise Consulting + Adversarial AI Testing
Securing AI on the Edge of an Energy Provider's OT Network
AI security uplift for an electricity provider adopting machine-learning analytics across IT and operational technology, under the SOCI Act.
Client profile
An Australian electricity distributor introducing machine-learning analytics for demand forecasting and predictive maintenance across its corporate IT and operational technology (OT) environments.
The challenge
As a regulated critical-infrastructure operator under the Security of Critical Infrastructure (SOCI) Act, the provider needed to adopt AI analytics without creating new paths between corporate IT and the OT network that keeps the lights on. Leadership needed assurance the models and their data flows couldn't become a bridge for an attacker.
What we did
- Mapped every data flow between OT, corporate IT, and the new ML pipelines.
- Tested the analytics platform and its model interfaces for evasion and data poisoning.
- Assessed the IT/OT boundary against the provider's SOCI risk-management obligations.
- Built a prioritised AI adoption and security uplift roadmap for the board.
What we found
- A model-retraining pipeline could pull data across the IT/OT boundary without segmentation.
- Analytics service accounts held broader OT read access than the use case required.
- Poisoned input data could degrade predictive-maintenance outputs undetected.
The outcome
The provider adopted its AI analytics with segmented data flows, least-privilege service accounts, and input-integrity monitoring, demonstrably reducing risk to the OT environment and producing evidence aligned to its SOCI obligations.
They let us adopt AI without compromising the network that matters most. The board got evidence, not hand-waving.
Related case studies
Book a Free 60-Minute Briefing
A scoping discussion and threat-landscape overview with our ANZ specialists. No sales pressure.
Book a Briefing