Cyberattacks on US utilities have surged nearly 70% this year

(Reuters) — U.S. utilities have faced a near 70% jump in cyberattacks this year over the same period in 2023, according to data from Check Point Research, underlining the escalating threat to a critical infrastructure.

The utilities and power infrastructure across the U.S. are becoming increasingly vulnerable as the grid expands rapidly to meet surging demand for power and assets are digitalized.

Utilities are low-hanging fruit for cyberattacks because many of them use outdated software, said Douglas McKee of cyber security company SonicWall.

To date, the attacks have not crippled any U.S. utility, but industry experts warn a coordinated attempt could be devastating, impacting essential services and causing substantial financial losses.

There were 1,162 cyberattacks through August this year, compared with 689 in 2023, Check Point data showed.

In May 2021, fuel pipeline operator Colonial Pipeline was forced to shut down its entire network due to one of the biggest cyberattack incidents on the energy industry.

More recently, U.S. oilfield services company Halliburton disclosed that an unauthorized third party had accessed and removed data from its systems.

The utilities industry depends on IoT and ICS (Internet of Things and Incident Command System) technology, which are not as advanced in their cyber defenses as the software used by Apple or Microsoft, Mr. McKee said.

Compliance with regulations such as the North American Electric Reliability Corp’s (NERC) Critical Infrastructure Protection, which safeguards bulk power systems from cyber threats, only provide a minimum standard or protection, experts said.

The expansion of the grid, including incremental interconnections to new customers like Gen-AI data centers, is creating more potential points of attack.

Earlier this year, NERC said the number of susceptible points on the U.S. electrical networks has been increasing by about 60 per day.