Cyberattacks on Utilities Endanger Safety & Economy

Semperis, a leader in AI-powered identity security and cyber resilience, released a new study analyzing cyberattacks targeting water and electricity operators across the U.S. and U.K. 62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times. More than half (54%) suffered permanent corruption or destruction of data and systems.

Cyber Technology Insights: Clearwater Releases Cyber Risk Report on Healthcare

Recent high-profile cyberattacks by nation-state groups on water and electricity utilities underscore the vulnerability of critical infrastructure. A public utility in Littleton, MA, was recently compromised by a group linked to Volt Typhoon, the Chinese state-sponsored threat group. American Water Works —the largest U.S. water and wastewater utility—also detected unauthorized activity in its computer network that disrupted customer service and billing. In response to escalating threats such as these, the EPA issued an advisory urging water utilities to improve their ability to detect, respond to, and recover from cyberattacks.

Surprisingly, more than one-third (38%) of utility operators believed they had not been targeted by cyberattacks. Cybersecurity experts view this figure as alarmingly high, suggesting that many of these organizations may have been breached without realizing it.

“Many public utilities likely don’t realize that China has infiltrated their infrastructure,” said Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor. “Chinese-sponsored threat actors like Volt Typhoon are known to prefer Living off the Land attacks, which are difficult to detect and can remain dormant, planting backdoors, gathering information, or waiting to strike for months or even years.”

The report, The State of Critical Infrastructure Resilience: Evaluating Cyber Threats to Water and Electric Utilities, found that nearly 60% of attacks were carried out by nation-state groups. In addition, in 81% of cyberattacks, attackers compromised identity systems such as Active Directory, Entra ID, and Okta.

The potential public impacts of being without electricity, heat, or clean water for even a short period can be significant. Our study indicates that utility customers in the U.S. and U.K. have been relatively fortunate—so far.

The Age of Resilience
“If you don’t improve resilience, attackers keep coming. Utilities have an opportunity to address this challenge. They need to assume breaches will happen and, through tabletop exercises, they can practice attack scenarios that could be a reality in the future,” said Mickey Bresman, CEO, Semperis.

What sets utility operators apart from many other industries is the critical nature of their work. If an electricity or water operator is compromised, the potential risks to public health and safety can put an entire nation at risk. Our experts note that resilience to cyberattacks that threaten operations should be the top priority for every organization involved in critical infrastructure.

“The systems that supply our power grids and our clean drinking water are the underpinning of everything we do,” added Inglis. “And yet we go about our business, confident that somebody else is going to handle it. Somebody else isn’t going to handle it. We need to harden our systems and extract criminal elements—now.”

To improve operational resilience against cyberattacks, utilities should:

Identify Tier 0 infrastructure components that are essential for recovery from a cyberattack.
Prioritize incident response and recovery for these systems, followed by mission-critical (Tier 1) functions, business-critical (Tier 2) functions, and then all other (Tier 3) functions.
Document response and recovery processes and practice them using real-world scenarios that involve people and processes beyond the IT department.
Focus not just on fast recovery but on secure recovery. Attackers often attempt to compromise backups to maintain persistence in the environment, even after recovery attempts. Implement solutions that support speed, security, and visibility in crisis situations.

Cyber Technology Insights: Hornetsecurity Group to acquire French email firm Altospam

To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com

Source – Prnewswire

Tags: AI in cybersecurity, cloud security, cyber threats, Cybersecurity, Cybersecurity technology, Cybertech news, Semperis

CyberTech Media Room

Share With

Daily CyberTech Highlights: Essential News and Analysis

Checkmarx to Showcase Autonomous AppSec at Upcoming Agentic AI Summit

Corrata Report: New Privacy Protocol Could Blind Security Tools to Internet Traffic

Radware and MAIRE Team Up to Deliver Managed Security Services

Arctic Wolf 2025 Trends Report Reveals AI is Now the Leading Cybersecurity Concern

Contact Us

Quick Links

Insights

Get in touch

Follow Us

Our Other Brands