Without the U.S. energy grid, life as we know it simply grinds to a halt. Businesses can’t serve customers. Homes don’t have power. Traffic lights no longer work. We depend on the grid operating reliably each and every day for business and personal tasks. That makes it even more crucial to defend our energy grid from modern threats.

Physical threats to the energy grid

Since day one, the grid has been vulnerable from a physical perspective. Storms knocking the grid offline is common news. But Forbes reported that solar storms — when explosions occur on the sun’s surface and create solar flares from particles — pose an even bigger threat. There have been more than 100 solar storms in the past 150 years. While weather prediction technology continues to develop, the grid likely will always be vulnerable to some degree from these types of threats.

While physical threats from humans have always posed a risk to the grid, attacks have increased in recent years. According to the Department of Energy, 2022 saw an increase of 77% in physical attacks on the grid. Numerous credible threats and potential attacks have happened in recent years, including the shooting of substations in Moore County, North Carolina, which shut down power for residents.

Cybersecurity threats are an increasing concern

According to the Threat Intelligence Index report, the energy sector made up 10.7% of all cyberattacks X-Force responded to during 2022, making energy the fourth most attacked industry. In North America, energy companies suffered 20% of attacks, making energy the most attacked industry.

However, the type of attacks varied. Most attacks (40%) were started by cyber criminals exploiting a public-facing application. Both spear phishing links and external remote services made up 20% of energy sector attacks. Other types of attacks included data theft (23%), extortion (23%), ransomware (15%), BEC (15%), credential harvesting (15%) and botnet infections (19%).

The unrest resulting from Russia’s invasion of Ukraine also increased concern over cyberattacks on the energy grid, especially from the Killnet group. In early 2023, Killnet stole the personal information of over 10,000 U.S. federal agents after breaching the FBI’s database. However, energy sectors fit Killnet’s attack profile for distributed denial of service (DDoS) threats. Experts recommend partnering with a third-party DDoS mitigation provider.

Reducing vulnerabilities of the energy grid

The energy grid’s aging infrastructure and legacy technology significantly increases the risk of attacks. Forbes reported that components at the end of their life cycle increase the risk of cascading failures. By focusing on upgrading technology and equipment to modern, cloud-based technology, companies can reduce their vulnerabilities.

More from Energy & Utility

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today