Securing the Energy Grid from Cyber Threats

On the 30th episode of Enterprise AI Defenders, hosts Mike Britton and Evan Reiser talk with Martin Strasburger, Chief Security Officer at Duke Energy. Duke Energy powers 11 million customers in the Southeast and is a vital infrastructure player balancing legacy systems with modern threats.

Martin brings nearly three decades of cybersecurity leadership to Duke, starting in SOCs and consulting at Deloitte, to CISO at Pacific Gas & Electric, and now overseeing cybersecurity, physical security, and aviation at Duke Energy. Managing drones, helicopters, and data makes more sense than it sounds, because "so much safety and security goes into operating our aircrafts," he explains.

His core philosophy is rooted in intelligence-driven defense, a methodology he honed in the SOC with focus on Lockheed Martin’s cyber kill chain. At Duke, this capability blends cyber analytics, physical intrusion detection, and radar-enabled monitoring to thwart threats. One example: after a 2022 ballistic attack knocked out two substations and left 45,000 people in the dark, Duke deployed cameras, radar, and intrusion sensors, now augmented with piloting generative AI to detect pre-operational surveillance across days or weeks.

Martin’s lens on emerging technologies is both pragmatic and forward-looking. He acknowledges the operational complexities: many field systems are built to last 20 years, making modernization a balance between legacy protection and new capability adoption. Yet, he sees high demand from internal business groups for AI. From grid resilience modeling and predictive failure analysis to post-hurricane aerial damage assessments using edge AI on camera-equipped aircraft. In every case, his team ensures these systems are secure from design to deployment.

Threat intelligence remains at the heart of Duke’s defensive walls. Strasburger prioritizes threat assessments from open source, federal partners like FBI, DHS, DOE, and vendors like Palo Alto Networks. This ecosystem gives visibility into attacker tactics, techniques, and procedures critical for tailoring Duke’s risk profile and defensive posture. "Otherwise, how are you gonna defend yourself when the bad actors use it against you?"

AI brings both new defensive tools and sharper threats. Martin is particularly concerned about AI-enhanced social engineering: “Deepfakes are just terrifying.” Because he cannot control personal devices, his greatest defense remains skilled, trained personnel aware of social engineering risks. Though quantum threats loom, he considers those still speculative, yet judges move to quantum-resistant encryption not far off.

On defense’s use of AI, Strasburger imagines “AI-enabled co-pilots” augmenting human analysts, especially through advanced SIEMs or Splunk-infused capabilities, surfacing previously hidden threats. While fully automated defense remains futuristic, he anticipates substantial AI innovation in security products over the next 12–24 months.

The struggle between hype and substance is real. "We don’t have the answer to how much to invest, where to start." Without broad ROI benchmarks, Duke is pursuing a two-column strategy: small-scale internal pilot use-cases, plus collaborating with vendors on AI features ready to deploy. He urges customers to participate in vendor beta programs. He finds that responsiveness and feedback drive better tools and more relevant solutions.

What’s at stake is nothing short of society’s resilience. The most severe risk on Duke’s register is a cyber attack causing grid-wide blackouts, potentially damaging physical equipment and impeding recovery. Russia’s attacks on the Ukrainian grid and the fragility exposed in the 2003 Northeast blackout underscore the impact. Martin notes that long, widespread outages could spawn traffic chaos, hospital failures, and deaths. These consequences are a sobering reminder of cyber’s real-world impacts of compromises to the power grid.

In his lightning‑round closing, Martin offers wisdom for newcomers and the next gen of security leaders. For a first-time CISO: “Stay calm, surround yourself with good people… take care of your health.” For future cybersecurity professionals: “Learn everything you can about AI.” And his book recommendation? The Phoenix Project. This is a go-to read for every tech professional. Asked what peers will dismiss as science fiction, Martin says this: "You're not going to have your AI fighting my AI with no humans involved… still going to be a highly skilled army of cybersecurity professional humans."

Martin’s episode reminds us that in an industry where the future can be science fiction, security is rooted in human judgment, collaboration, and purpose.

Listen to the full episode here and read the transcript here.