Cyber Attacks on Utilities: Why Municipal Utilities Are at High Risk
It’s no secret cyber attacks are becoming more advanced and more frequent, affecting a variety of high-profile targets. Financial institutions, healthcare facilities, universities, and government agencies are feeling the effects. Still, most people are surprised to hear municipal utility companies have become a major target for nation-state actors. The idea seems ridiculous at first, but threat actors can anticipate the effects of such an attack and why these agencies are such a suitable target. That’s why it’s crucial to have cybersecurity for utilities.
When you consider how dependent we are on the electrical grid, it’s not impossible to consider the disastrous effects of a major long-term attack. Utility companies provide essential services like electricity, heat, water, and gas. Any attack that damages the critical infrastructure or disrupts these services needs remediation immediately. Unfortunately, even as these attacks multiply across the country, many people in the industry remain unconvinced of the potential for an attack on virtually any facility.
We’ve established that as technology evolves, cyber attackers take advantage of opportunities to exploit vulnerabilities. However, the worldwide attacks on municipal utilities in the past year have virtually doubled. Additionally, the attackers have exponentially increased the bandwidth and speed of the attacks, making them much more effective. Unfortunately, utility companies are largely unprepared for these attacks. Proper security becomes even more difficult as attacks change in nature to do more than access sensitive data. Recent cyberattacks on utility companies focus on attacking operational systems and disrupting essential services.
Municipal utilities provide vital services and represent critical infrastructure. This means they provide cyber attackers with a variety of ways to extort money or cause confusion and destruction. Nation-state actors who have previously targeted government agencies are facing tougher cybersecurity systems and could be changing direction to municipal utilities in an attempt to exploit an unprepared target. The following reasons explain why cyber attackers aim for such a seemingly small target.
5 Reasons Municipal Utilities are at Risk
Easy Access
As primary targets like banks, large companies, government agencies, and the military are tightening security to avoid the risks of mass cyberattacks, hackers are seeking easier prey. Municipal utility companies are generally under strict budgets and largely unaware of the likelihood of an attack. With minimal security tools in place and a growing number of access points, threat actors likely view these companies as an easy target with a lot to lose.
Employees within utility companies often have little or no training about cybersecurity practices and ways to prevent an attack. This means routine cyber hygiene practices like creating strong passwords, using email encryption, and creating comprehensive cybersecurity for utilities.
A Wealth of Opportunity
Municipal utility companies provide critical services to thousands of people in any area. These companies are also responsible for handling large amounts of sensitive data. Unfortunately, this combination provides cyberattackers with the opportunity to launch attacks on both IT and OT (operational technology) systems. Attacks on municipal utilities can cause:
- Large-scale power outages
- Contaminated water systems
- Wide information breaches that affect thousands of customers and employees
- Damage to critical infrastructure and essential networks that could take months to repair
- Billions of dollars lost each year to ransom demands and critical repairs
IoT Growth
As utility companies adopt modern technology to streamline processes, vulnerabilities are exposed. The internet of things (IoT) (sometimes called the industrial internet of things: IIoT in the utility sector) assists companies in the collection of data, providing insights, and improving efficiency and safety. Unfortunately, it also provides a large attack surface for threat actors to exploit. A large attack surface combined with limited resources to protect a multitude of endpoints put municipal utility companies in a vulnerable position. Additionally, since this operational technology is still evolving, many of the dangers haven’t been addressed yet.






























