Cyberattacks on water and power utilities threaten public safety

62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times, according to Semperis. 54% suffered permanent corruption or destruction of data and systems.

(Source: Semperis)

Utilities face rising cyber threats

Recent high-profile cyberattacks by nation-state groups on water and electricity utilities underscore the vulnerability of critical infrastructure. A public utility in Littleton, MA, was recently compromised by a group linked to Volt Typhoon, the Chinese state-sponsored threat group. American Water Works — the largest U.S. water and wastewater utility — also detected unauthorized activity in its computer network that disrupted customer service and billing.

In response to escalating threats such as these, the EPA issued an advisory urging water utilities to improve their ability to detect, respond to, and recover from cyberattacks.

Surprisingly, 38% of utility operators believed they had not been targeted by cyberattacks. Cybersecurity experts view this figure as high, suggesting that many of these organizations may have been breached without realizing it.

When identity systems fall, utilities and the public pay the price

Researchers found that nearly 60% of attacks were carried out by nation-state groups. In addition, in 81% of cyberattacks, attackers compromised identity systems such as Active Directory, Entra ID, and Okta.

The potential public impacts of being without electricity, heat, or clean water for even a short period can be significant. Utility customers in the U.S. and U.K. have been relatively fortunate so far.

What sets utility operators apart from many other sectors is the essential nature of their work. A successful attack on a power or water provider doesn’t just disrupt service — it can endanger public health and national security. Experts emphasize that building resilience against cyberattacks that threaten operational continuity must be the top priority for every critical infrastructure organization.

Better resilience

To improve operational resilience against cyberattacks, utilities should:

• Identify Tier 0 infrastructure components that are essential for recovery from a cyberattack.
• Prioritize incident response and recovery for these systems, followed by mission-critical (Tier 1) functions, business-critical (Tier 2) functions, and then all other (Tier 3) functions.
• Document response and recovery processes and practice them using real-world scenarios that involve people and processes beyond the IT department.
• Focus not just on fast recovery but on secure recovery. Attackers often attempt to compromise backups to maintain persistence in the environment, even after recovery attempts. Implement solutions that support speed, security, and visibility in crisis situations.

Read more:

• Why global tensions are a cybersecurity problem for every business
• Moving beyond checkbox security for true resilience
• Mastering the cybersecurity tightrope of protection, detection, and response