Keeping the Lights On: Security Trends in the Energy and Utilities Industry

Reliable. Secure. Constant. These qualities should define the energy and utilities industry, and they usually do. Electric, gas and water utilities are built on a highly regulated framework run by professionals and backed by decades of operating experience and billions of dollars of infrastructure investment.

Even so — and even with strong regulatory compliance — a cyberattack is still in the cards. The industry views that prospect with grave concern. An attack against a company supplying fuel, electricity or drinking water to a city or nation would impact far more than just economics. The health and welfare of a whole region, or even an entire nation, could be at risk.

Spotlight Shines on Energy and Utilities Industry

Recent media attention has focused mostly on incidents affecting the retail, finance and health care sectors, but now the spotlight is also shining on the energy and utilities industry. Attacks on electrical grids and utility providers have increased steadily over the past decade —most notably the coordinated cyberattack on a Ukrainian power grid in December 2015 that resulted in tens of thousands of people losing electricity. More recently, researchers discovered sophisticated malware designed to perform reconnaissance on an energy grid’s system.

**UPDATE** Read the complete Report: Energy and Utility Companies — Targeted on all sides

Bad actors are actively seeking ways to attack the energy and utilities industry, and there is obvious and immediate cause for concern. The consequences could be significant across multiple industries. The U.S. Department of Homeland Security (DHS) described the energy sector as “uniquely critical because it provides an ‘enabling function’ across all critical infrastructure sectors.” In other words, an attack on an energy company could have a domino effect, impacting all the industries that depend on it.

Recognize Risks

The energy and utilities industry must be prepared for cyberattacks. It’s important to recognize the areas of risk in your environment, understand potential attackers’ motivations and know what types of attack you’re likely to face.

For more information, read the updated 2017 IBM report, “Energy and Utility Companies — Targeted on All Sides.” It provides insights regarding the types of cyberattacks targeting the energy and utilities sector as well as recommendations on how it can address these security challenges.

Share this Article:
Michelle Alvarez

Manager, IBM X-Force IRIS

Michelle Alvarez is the manager of the Threat Intelligence Production Team with IBM X-Force Incident Response and Intelligence Services (IRIS). She brings more than 15 years of industry experience to her role, specializing in threat research and communication. In her current role, she focuses communications efforts around strategic threat and impact assessments for X-Force IRIS clients. Michelle's previous roles include threat analyst, writer and manager with IBM Managed Security Services (MSS).