Why are U.S. utilities so vulnerable to cyberattacks?

When the streets of Muleshoe, Texas, flooded with water in January, most people probably didn’t blame Russian hackers.

But that’s exactly who was at blame, according to a report published this week by Google-owned cybersecurity firm Mandiant, which said Russia was responsible for hacks of water utilities in Texas as well as in France and Poland.

The January attack was far from the first to hit U.S. utilities. In December, Fast Company reported on U.S. National Security Council concerns that critical infrastructure providers could pose easy targets for hackers. 

But why are they so vulnerable to cyberattacks in the first place?

“They have proven to be a little vulnerable because they are private companies and hence the profit motive prevails,” says Alan Woodward, professor of cybersecurity at the University of Surrey. “Security is seen as a cost center.” That’s borne out by data compiled by the International Energy Agency (IEA) on the power sector, which found that there were more than 1,100 targeted attacks launched across the world in 2022.

The utilities sector seems uniquely understaffed, according to the IEA’s analysis: While the finance and insurance sector accounted for nearly 1% of all cybersecurity job postings in September 2022, and public administration 0.57%, power utilities languished behind at 0.49%. The average wage offered by the utility sector also pales into comparison to competing industries, which could mean it’s losing out on quality candidates.

The U.S. government has also failed to pass a number of legislative attempts to force utilities to adopt minimal cybersecurity standards. As a result, U.S. utilities are comparatively underprotected in comparison to their peers. “Compare that to the U.K. where we have a specialist government agency that focuses on such service providers and assesses them regularly,” Woodward says.

But the utilities sector also bears much of the blame here. “Utilities also have a lot of older equipment as they have lots of embedded systems and these tend to be updated less frequently simply because of scale,” Woodward says. That results in a Frankenstein’s monster of infrastructure that is built on top of shaky systems and is difficult to chart and understand—even for those tasked with doing just that. “People still haven’t got the message that they may be a way into a network,” says Woodward—meaning that some of the vulnerabilities may remain unspotted until they’re exploited by bad actors.

It all adds up to a worry for critical parts of our national infrastructure—and the latest attacks suggest little has changed. Though there is one silver lining: The IEA data shows that utilities boost spending on cybersecurity and hiring in the immediate aftermath of an attack… but then return back to a baseline shortly after.

https://www.fastcompany.com/91109661/why-are-u-s-utilities-so-vulnerable-to-cyberattacks?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Created 11mo | Apr 19, 2024, 6:30:05 PM


Login to add comment

Other posts in this group

Anthropic is adding web search to its Claude chatbot in a very smart way

Anthropic announced Thursday that it has added web search capability to its Claude chatbot. It’s not a new feature to the AI world—but the company’s approach stands as one of the most thoughtful t

Mar 21, 2025, 11:20:06 PM | Fast company - tech
In this horror game, the monster can see you through your webcam

If the thought of being hunted by something that can see your every move makes your skin crawl, you might want to steer clear of Eyes Never Wake.

This viral horror game takes im

Mar 21, 2025, 9:10:03 PM | Fast company - tech
Fewer than 500 people are responsible for $3.2 trillion of artificial crypto trading

Market manipulation in the cryptocurrency world is rampant—and fewer than 500 people are responsible for as much as $250 million a year in profits and over $3.2 trillion in artificial trading, acc

Mar 21, 2025, 6:40:04 PM | Fast company - tech
Larry Page on the improbable dream that became Waymo

One more reminder about our upcoming online event: On Thursday, March 27, at 1 p.m. ET, my colleague Max Ufberg and I will host “The AI Tools We Love Right Now—and What’s Next,” exclusively for

Mar 21, 2025, 2:10:03 PM | Fast company - tech
What the Rippling vs. Deel lawsuit reveals about corporate espionage in tech

It’s a story that sounds almost too outrageous to be true. Deel, a $12 billion company in the HR tech space, is facing serious allegations of corporate espionage, according to a lawsuit filed by i

Mar 21, 2025, 11:40:10 AM | Fast company - tech
Tesla Takedown organizers plan 500 protests worldwide in campaign against Musk

Organizers behind the “Tesla Takedown” protests are planning their &#822

Mar 21, 2025, 11:40:08 AM | Fast company - tech