Why are U.S. utilities so vulnerable to cyberattacks?

When the streets of Muleshoe, Texas, flooded with water in January, most people probably didn’t blame Russian hackers.

But that’s exactly who was at blame, according to a report published this week by Google-owned cybersecurity firm Mandiant, which said Russia was responsible for hacks of water utilities in Texas as well as in France and Poland.

The January attack was far from the first to hit U.S. utilities. In December, Fast Company reported on U.S. National Security Council concerns that critical infrastructure providers could pose easy targets for hackers. 

But why are they so vulnerable to cyberattacks in the first place?

“They have proven to be a little vulnerable because they are private companies and hence the profit motive prevails,” says Alan Woodward, professor of cybersecurity at the University of Surrey. “Security is seen as a cost center.” That’s borne out by data compiled by the International Energy Agency (IEA) on the power sector, which found that there were more than 1,100 targeted attacks launched across the world in 2022.

The utilities sector seems uniquely understaffed, according to the IEA’s analysis: While the finance and insurance sector accounted for nearly 1% of all cybersecurity job postings in September 2022, and public administration 0.57%, power utilities languished behind at 0.49%. The average wage offered by the utility sector also pales into comparison to competing industries, which could mean it’s losing out on quality candidates.

The U.S. government has also failed to pass a number of legislative attempts to force utilities to adopt minimal cybersecurity standards. As a result, U.S. utilities are comparatively underprotected in comparison to their peers. “Compare that to the U.K. where we have a specialist government agency that focuses on such service providers and assesses them regularly,” Woodward says.

But the utilities sector also bears much of the blame here. “Utilities also have a lot of older equipment as they have lots of embedded systems and these tend to be updated less frequently simply because of scale,” Woodward says. That results in a Frankenstein’s monster of infrastructure that is built on top of shaky systems and is difficult to chart and understand—even for those tasked with doing just that. “People still haven’t got the message that they may be a way into a network,” says Woodward—meaning that some of the vulnerabilities may remain unspotted until they’re exploited by bad actors.

It all adds up to a worry for critical parts of our national infrastructure—and the latest attacks suggest little has changed. Though there is one silver lining: The IEA data shows that utilities boost spending on cybersecurity and hiring in the immediate aftermath of an attack… but then return back to a baseline shortly after.

https://www.fastcompany.com/91109661/why-are-u-s-utilities-so-vulnerable-to-cyberattacks?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Created 1y | Apr 19, 2024, 6:30:05 PM


Login to add comment

Other posts in this group

‘Who did this guy become?’ This creator quit his job and lost his TikTok audience

If you’ve built an audience around documenting your 9-to-5 online, what happens after you hand in your notice?

That’s the conundrum facing Connor Hubbard, aka “hubs.life,” a creator who

Jul 18, 2025, 8:50:06 PM | Fast company - tech
Meta-owned WhatsApp could be banned in Russia. Here’s why

WhatsApp should prepare to leave the Russian market, a lawmaker who regulates the IT sector

Jul 18, 2025, 4:20:03 PM | Fast company - tech
The simple pleasures of computing in 1995

This is an edition of Plugged In, a weekly newsletter by Fast Company global technology editor Harry McCracken. You can sign up to receive it each Friday and read all issues

Jul 18, 2025, 1:50:08 PM | Fast company - tech
The AOL hacking tool that invented phishing and inspired a generation

If you were a teenager on America Online back then, there’s a good chance you got the email. Unlike a lot of the files floating around the early

Jul 18, 2025, 1:50:06 PM | Fast company - tech
How AI brain mapping can improve disease detection

Traditional brain scans only show part of the picture. They can’t fully capture how different regions of the brain communicate—an essential factor in detecting neurological diseases early. Dr.

Jul 18, 2025, 11:40:04 AM | Fast company - tech
Internet regulation is entering its hall pass era

Big changes are coming to the web in the days ahead. On July 25, the U.K.’s Online Safe

Jul 18, 2025, 11:40:03 AM | Fast company - tech