Victoria Ross spent 22 years in the British Army’s Royal Signals, rotating through satellite communications, tactical networks, service management, and cyber roles on two-year cycles. 

Today she leads a team of around 30 security professionals as Head of Cyber Operations at Smart DCC, the Ofgem-regulated, licensed monopoly that operates the secure communications infrastructure behind every smart metre in Great Britain. 

Her team runs a traditional SOC, a cyber-security engineering function, and a specialist unit called SMIKI (Smart Metre and Key Infrastructure), which manages the cryptographic key infrastructure and registration-authority functions for the smart-metre public key infrastructure (PKI).

It is, in effect, a national-scale PKI operation inside a 650-person enterprise, mandated by licence to deliver 99.50% uptime. 

Fundamentals first, AI later

Ross has a measured approach to AI at Smart DCC, one you’d expect from a veteran running national critical infrastructure.

Her goal is to get Smart DCC’s basic data integrity in line first before adding AI. Visibility, correct telemetry and deterministic processes that work with her team, versus against them, come first. Ross said it’s critical to make sure the “data you’re using, or if you’re employing AI for instance, actually adds value rather than creating more chaos, rather than accelerating the noise that exists.”

Smart DCC is critical national infrastructure. Ross says skipping any of these fundamentals adds unacceptable fragility to a high-risk environment. “Trying to incorporate AI before we have a foundation and a baseline to build on, for me, is not the right way to go,” Ross said. She is blunt about what premature adoption looks like: “I want to make sure that when we do bring it to the table that it is adding value and not just accelerating chaos, and not giving us faster alerts, faster dashboards, and ultimately faster exhaustion.”

Ross’s concern isn’t that AI lacks capability but that, layered onto immature processes and inconsistent data, it generates more work at higher velocity. For a 25-person team defending national infrastructure, that is an existential operational risk.

She said leaders can underestimate the resource burden of AI governance and implementation to a small team: “Everyone wants AI, they probably don't understand what that means in terms of security [and] what actually it means in terms of operational context.”

From 15-minute intervals to sub-second visibility

The tooling at the centre of Ross’s maturity programme is Elastic, deployed for both security and observability. 

When she arrived at Smart DCC, all security and operational data flowed into a single undifferentiated repository. 

Her first structural move was to bifurcate it into two telemetry streams: enterprise IT and the wider energy ecosystem, i.e., the supplier logs that Smart DCC ingests as the hub operator but does not directly action. “All our data was coming into one place,” Ross said. “Now we’re separating that out, what’s going on in the enterprise, what’s going on in the energy ecosystem, so we’re able to interrogate each side.”

With Elastic, Smart DCC was able to compress data-refresh intervals in the observability layer from every 15 minutes to seconds. 

“Whereas once the data updates were every 15 minutes, we’ve now got it down to near real time, not quite, but to seconds,” she said. “Having that data near real-time is really important from an operations perspective, especially when it comes to resiliency.” 

For a network mandated at 99.5% availability, the gap between a 15-minute detection lag and a sub-second one can determine whether an anomaly is caught during triage or escalates into a regulatory incident.

Elastic’s evolving query architecture has also given Ross a lever on cost. Smart DCC is not-for-profit; overspend lands on consumer energy bills. Newer capabilities let her team interrogate stored data without pulling full indices into memory. 

"Elastic has been working with us about how we store data,” Ross said, “We don't have to pull the full index back just to find a small piece of data so we can interrogate it differently which helps reduce the cost for us.” Those cost savings are passed on to the end consumer, Ross said. 

Version risk in a federated stack

Smart DCC does not merely monitor its own estate. As the hub of the energy digital ecosystem it ingests log data from external suppliers via cross-cluster Elasticsearch-to-Elasticsearch connections. 

Ross said one of the biggest challenges is managing suppliers running different Elastic Stack versions. “When we’re building Elk-to-Elk connections and we’ve got different data-ingest pipelines, it’s making sure we set them up the right way,” Ross said. “If we’re using a supplier that has Elastic and we’ve set up an L2L, what’s the contingency if they’re not planning to update to the next version?”

The “L2L” reference, logstash-to-logstash, or more broadly cluster-to-cluster replication, points to a dependency that internal engineering alone cannot resolve. If a supplier refuses to move to a compatible release, the pipeline can degrade or break, leaving a blind spot in the correlated threat picture. 

The UK’s Cyber Security and Resilience Bill, introduced to Parliament in November 2025, may soon sharpen this dynamic: it explicitly extends statutory cybersecurity obligations to critical suppliers of essential-service operators, potentially mandating version currency and incident reporting across Smart DCC’s partner ecosystem.

Automation is the goal

Ross’s next move is Elastic’s workflow engine, the automation layer she views as the prerequisite before AI can deliver genuine value. “We’re not for profit, so we need to make the most of what we’ve got,” she said. “Elastic enables us to do that, and this is why we’re looking at workflows to give us automation, orchestration.”

For enterprise IT leaders weighing their own AI timelines, Ross offers a refreshingly blunt take: “I know a lot of companies are AI first and they'll AI and then suffer the consequences.”

“Within our position and what's at stake for the end user, for the consumers, we need to make sure that we do these things in the right way.” At Smart DCC that means steady progress on its data maturity journey, and implementing AI once the foundations are in place.

Delivered in partnership with Elastic.

The link has been copied!