According to data from Check Point Research, U.S. utilities have faced a nearly 70% increase in cyberattacks this year compared to the same period in 2023, underscoring the growing threat to critical infrastructure.

Utilities and energy infrastructure in the US are becoming increasingly vulnerable as the electric grid rapidly expands to meet growing energy demand and assets are digitized.

Utilities are easy targets for cyberattacks because they often use outdated software, says Douglas McKee of cybersecurity firm SonicWall.

So far, the attacks have not shut down a single utility in the US, but experts warn that a coordinated effort could have devastating consequences, impacting essential services and causing significant financial losses.

Check Point data shows that an average of 1,162 cyberattacks took place through August this year, compared to 689 in 2023.

The energy sector is considered more vulnerable to such attacks. In May 2021, fuel pipeline operator Colonial Pipeline was forced to shut down its entire network due to one of the largest cyberattack incidents in the energy sector.

Recently, US oilfield services company Halliburton announced that an unauthorized third party had gained access to its systems and deleted data from them.

The utilities the industry relies on IoT and ICS (Internet of Things and Incident Command System) technology, which are not as advanced in their cyber defenses as the software used by Apple or Microsoft, said McKee.

According to experts, compliance with regulations such as North American Electric Reliability Corp’s (NERC) Critical Infrastructure Protection, which protects large-scale energy systems from cyber threats, provides only a minimum standard of protection.

Network expansion, including incremental connections to new customers such as Gen-AI data centers, creates more potential attack points.

Earlier this year, NERC reported that the number of vulnerable points on U.S. power grids is increasing by about 60 per day.

Several major US companies have faced ransomware attacks in recent years, including UnitedHealth Group’s VNH.N Change of Health Department in February.

“If a similar attack were to occur on the scale of Change Healthcare… the impact could be completely devastating,” said Kevin Kirkwood, chief information security officer at Foster City, California-based cybersecurity provider Exabeam.

Even breaches that do not directly compromise critical infrastructure can result in significant financial losses, said Wayne Tung, managing director at Sendero Consulting.

According to IBM, the average cost of a data breach in the energy sector reached a global record of $4.72 million in 2022.

Historically, election years also see an increase in malicious cyber activity.

“With the upcoming US elections, we can expect an increase in cyberattacks against critical infrastructure, including utilities, energy grids, and communication networks,” said Nataliia Zdrok, Senior Threat Intelligence Analyst at Binary Defense.

Topics
US