Cyberattacks on U.S. utilities are up 70% this year, Check Point says

US utilities faced a nearly 70% increase in cyber attacks this year over the same period in 2023, according to data from Check Point Research, underscoring the growing threat to critical infrastructure.

U.S. utilities and power infrastructure are becoming increasingly vulnerable as the grid rapidly expands to meet increasing energy demand and assets are digitized.

Utilities are low-hanging fruit for cyberattacks because many of them use outdated software, said Douglas McKee of cybersecurity firm SonicWall.

So far, the attacks have not crippled any U.S. utilities, but industry experts warn that a coordinated attempt could be devastating, impacting essential services and causing substantial financial losses.

There were 1,162 cyber attacks on average through August this year, compared to 689 in 2023, Check Point data showed.

The energy sector is considered to be more vulnerable to such attacks. In May 2021, fuel pipeline operator Colonial Pipeline was forced to shut down its entire network due to one of the largest cyber attack incidents in the energy industry.

More recently, US oilfield services firm Halliburton disclosed that an unauthorized third party had accessed and removed data from its systems.

The utility industry depends on IoT and ICS (Internet of Things and Incident Command System) technology, which are not as advanced in their cyber defenses as the software used by Apple or Microsoft, McKee said.

Compliance with regulations such as the North American Electric Reliability Corp’s (NERC) Critical Infrastructure Protection, which protects bulk power systems against cyber threats, provides only a minimum standard or protection, experts said.

Network expansion, including incremental interconnections to new customers such as Gen-AI data centers, creates more potential points of attack.

Earlier this year, NERC said the number of susceptible points on U.S. power grids was increasing by about 60 per day.

Several major US companies have suffered ransomware attacks in recent years, including UnitedHealth Group’s Change Healthcare unit in February.

“If there was an equivalent attack that was on the scale of Change Healthcare … the impact could be completely devastating,” said Kevin Kirkwood, chief information security officer at Foster City-based cybersecurity provider Exabeam. California.

Even breaches that don’t directly compromise critical infrastructure could result in significant financial losses, said Wayne Tung, managing director at Sendero Consulting.

The average cost of a data breach in the energy sector reached a global high of $4.72 million, IBM reported in 2022.

Historically, election years have also fueled malicious cyber activity.

“With the upcoming US election, we can expect an increase in cyber attacks on critical infrastructure, including utilities, power grids and communications networks,” said Nataliia Zdrok, senior threat intelligence analyst at Binary Defense.

(Reporting by Seher Dareen and Vallari Srivastava in Bengaluru; Writing by Mrinalika Roy; Editing by Sriraj Kalluvila)