Utilities Attacks Are Becoming More Disruptive: What Operators Can Do

The energy and utilities industries stand as a prime target for cyber threats. From energy grids to water treatment plants, these vital systems form the backbone of our society. That’s why they make perfect targets for malicious actors seeking to cause chaos and disruption that lead to nearly guaranteed payouts.  

Geopolitical tensions and recent critical infrastructure attacks have brought the vulnerability of critical infrastructure into sharper focus, prompting both public and private organizations around the world to ramp up investments in cybersecurity.  

In this blog post, learn how utilities attacks are changing and the five strategies operators can use to mitigate today’s threats, based on my recent discussion with the Security Insights podcast.

Utilities attacks are using disruptive tactics

In the past, cyberattacks on utilities have traditionally focused on stealing sensitive records for illicit purposes. Threat actors know that critical infrastructure organizations often store customers’ sensitive data, putting that data at risk for exfiltration and sale on the dark web.  

However, in recent years, there has been a notable shift: Attackers are increasingly using disruptive tactics, rather than stealing data, to extort as much money as possible from targeted organizations. This change in strategy reflects a realization among attackers that disrupting operations can yield more consistent returns than attempting to sell stolen records on the black market.  

Disruptive attacks are also becoming easier for threat actors as a result of:

• The proliferation of AI which has empowered attackers to meticulously plan their breaches, identifying vulnerable entry points and critical assets within organizations with alarming precision and speed. AI is also helping attackers generate malware and ransomware more quickly than before.
• Legacy infrastructure used by many utilities is often outdated and lacks adequate separation or control mechanisms, making them fertile ground for exploitation. The lack of visibility and control over communication pathways further exacerbates the challenge. This makes it difficult for organizations to predict and mitigate potential threats effectively.

Case study: Denmark’s largest-ever energy attack

A sobering example of the devastating impact of cyberattacks on critical infrastructure is the recent energy attack in Denmark.  

In this instance, attackers targeted vital systems, causing widespread disruption. Faced with no other option, affected companies were forced to pay the attackers to halt the attack, only to incur significant costs for recovery and remediation efforts afterward.  

This case and others, like the Colonial Pipeline attack, underscore the urgent need for critical infrastructure operators to bolster their cyber resilience and prepare for the inevitability of cyber threats.

5 strategies utilities operators can use to build cyber resilience

In light of these escalating risks, critical infrastructure operators must adopt a proactive approach to cybersecurity.  

Here are key strategies organizations can use:

1. Move from breach prevention to cyber resilience

‍t’s impossible to prevent every breach. Instead of solely focusing on breach prevention, utilities must shift their focus towards cyber resilience – the ability to withstand and recover from cyberattacks quickly. Recognizing that breaches are inevitable, they must prioritize strategies that enable them to survive and rebound from attacks with resilience.

2. Focus on the basics

Cyber hygiene is an essential, foundational step for enhancing cyber resilience, including understanding risks, implementing robust, layered security measures, and gaining granular visibility into communication pathways. Organizations must prioritize these fundamentals to build a solid defense against evolving threats.  

3. Implement proactive security measures

‍Rather than waiting for an attack to occur, organizations should take proactive measures to identify and mitigate potential vulnerabilities. This proactive approach can help minimize the impact of breaches and reduce the likelihood of successful attacks.

4. Embrace regulatory mandates and best practice guidelines

‍Utilities have many governing and regulatory bodies that can guide their cybersecurity initiatives.  

• The UK’s National Cyber Security Centre (NCSC) provides comprehensive frameworks such as the Cyber Assessment Framework (CAF) to help organizations assess and enhance their cybersecurity posture.  
• Similarly, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) offers the Zero Trust Maturity Model (ZTMM) to provide a roadmap that public and private organizations can reference as they build a best practice Zero Trust architecture.  
• For utilities that are part of the EU, the European Union's Network and Information Systems Directive (NIS2) mandates stringent cybersecurity requirements for operators of essential services, emphasizing the importance of promoting attack survival over mere prevention.

5. Empower security teams to make strategic choices

‍In the face of evolving cyber threats, utilities security teams must be empowered to take a more strategic view of cybersecurity. Rather than constantly chasing the latest security solutions, these teams should focus on implementing proactive measures aimed at enhancing cyber resilience. By diverting their focus from reactive solutions to proactive strategies, security teams can better prepare their organizations for the challenges ahead.

Building resilient utility organizations

The threat landscape facing utilities organizations is more complex and dangerous than ever before. By embracing the principles of cyber resilience, prioritizing proactive security measures, and adhering to best practice guidelines like Zero Trust, operators can better fortify themselves against the relentless onslaught of cyber threats and emerge stronger in the face of adversity. It’s important that stakeholders across the public and private sectors address this pressing issue and safeguard the utilities that underpin our way of life.

Get in touch today to learn more about how Illumio can support your utilities organization’s cyber resilience.