In an era of rapidly evolving cyber threats, Slovenia’s energy sector is taking bold steps forward. We spoke with Venčeslav Perko MSc, a member of the management board at ELES – Slovenia’s national transmission and distribution system operator, which has been ensuring safe, reliable, and uninterrupted electricity transmission at home and across borders for over 100 years. On behalf of ELES, Perko also acts as the coordinator of the EU-funded ALiEnS-SOC project. Our conversation focused on how artificial intelligence is reshaping the country’s approach to protecting critical infrastructure and building a resilient digital power grid.
Q: How would you describe the current state of the energy sector and its cybersecurity challenges?
A: The energy sector is rapidly transitioning from an analogue to a digital environment. New methods of electricity generation are decentralized, and managing the transmission and distribution of energy now requires a completely different approach – one that would be impossible without digitalization. As digital services become more deeply embedded in energy operations, the risks from cyber threats also increase. In addition to traditional risks associated with critical infrastructure, a wide range of threats from the cyber domain has now emerged.
Q: Where do you see the greatest vulnerabilities in the power system?
A: Well, the reality is that production, transmission, and distribution systems are now tightly woven into our IT infrastructure. That interconnection brings a lot of efficiency, but also opens the door to cyber threats. And we’re not talking about minor issues here, cyberattacks can lead to serious financial damage, widespread power outages, and even put people’s safety at risk.
Electricity is something most of us take for granted until it’s suddenly gone. But in our sector, even a short outage isn’t just an inconvenience, it’s simply not acceptable. The power system is recognized as a provider of essential services, and society depends on it functioning smoothly every single day. That’s why we need strong, real-time cybersecurity measures that don’t just detect threats, but can also respond quickly and effectively before any real harm is done.
Q: What is the structure of the Slovenian energy sector and how does it influence cybersecurity?
A: The Slovenian energy sector is quite diverse. We have the transmission and distribution networks, along with the companies that manage the overall power system. On top of that, there are the big producers – thermal, hydro, and of course, the nuclear power plant – but in recent years, we’ve also seen a rise in small renewable producers, especially solar and small hydro.
This growing ecosystem is great for energy transition, but it also brings new challenges. The more stakeholders we have, and the more interconnected they become through digital networks, the harder it gets to maintain oversight. The risk landscape expands, and so does the complexity of monitoring and managing it all. It’s no longer enough to rely on old systems – we need smarter, more integrated solutions to stay ahead.
Q: Are individual cybersecurity approaches still effective in such an interconnected environment?
A: No, individual approaches are no longer sufficient. We need to consolidate cyber defense capabilities, which is being realized through the integration of security operations centres (SOCs) across the transmission and distribution sectors. These SOCs are now merging into a single, more capable organization that will cover the entire cyber environment of Slovenia’s electric power system. Future phases may also include producers and other critical infrastructure operators in the sector.
Q: How does the ALiEnS-SOC project address these needs?
A: The ALiEnS-SOC project, short for Artificial Intelligence in the Slovenian Electro Energy Sector – Security Operation Centre, is all about bringing artificial intelligence into the heart of our sector’s cybersecurity operations. The idea is to create a smart, responsive system that can detect threats in real time and react automatically, without waiting for manual intervention.
What we’re building is a platform that connects all the existing tools we already use – like firewalls, identity management systems, and advanced technologies such as SIEM, which collects and analyses security data, and SOAR, which helps automate responses to cyber incident. It’s designed not just for local use, but to share insights and threat intelligence with stakeholders both in Slovenia and across the broader cybersecurity community.
Q: How does the AI system work within this project?
A: The solution, powered by AI, learns every detail of its environment to build an evolving understanding of “normal.” It continuously asks: Is this behaviour normal? By analysing raw data and patterns, it identifies subtle deviations that may indicate vulnerabilities or threats. It detects both known and unknown cyber threats from internal and external sources, automatically recognizing infections, abuse, anomalies, network scanning, and traffic floods – even without relying on static rules or signatures.
Q: What are the main components of the system?
A: At the core of the system, there are really two main components: detection and automated response.
Detection is powered by a constantly learning AI that understands the environment it’s working in. This means it can immediately spot anything unusual – whether it’s a known threat or something entirely new. Then comes the automated response, which is just as critical. It allows the system to react instantly, even to fast-moving attacks like ransomware, without waiting for human intervention.
One of the key advantages is that the system doesn’t just look at isolated events, it connects the dots. It analyses what’s happening across the network and builds a bigger picture of what’s really going on, often before a human analyst would even notice something’s wrong. That means less time spent on triage and more clarity for security teams when it really matters.
Q: What sets this AI solution apart from traditional cybersecurity tools?
A: Like I mentioned earlier, the system learns every detail about its environment, which allows it to react within seconds – even to threats it hasn’t seen before. It also pulls from licensed threat intelligence sources, so it’s constantly learning from a wider cybersecurity landscape. It operates fully autonomously, 24/7, and when a threat appears, it doesn’t hesitate, it acts immediately to neutralize it across the digital environment. What’s more, it uses deep learning to understand what’s happening, puts events into context, adapts to new attack techniques, and presents everything in a clear, readable way that helps security teams respond faster and smarter.
Q: How is the project being implemented and who is involved?
A: Several Slovenian companies and public institutions are involved. We submitted the proposal in the spring of last year, received approval in the second half, and began implementation by the end of the year. The project is funded 50:50 by the EU and local stakeholders. This allows us to analyse risks, develop the AI models, and build the technological platform. The project is set to conclude by the end of 2027, with the solution fully operational under the centralized Security Operations Centre for Slovenia’s power sector. This won’t just strengthen our defences, it will set a new benchmark for how critical infrastructure can be protected with the power of AI.
As electricity becomes more than just a utility – but the lifeblood of everything digital – we need smarter, faster, and more autonomous ways to protect it. ALiEnS-SOC is answering that call with a pioneering AI-driven approach to cybersecurity in the energy sector.
Follow the ALiEnS-SOC project on LinkedIn to stay informed about how we’re shaping the future of secure, resilient energy infrastructure.
