Cyberattacks on water and electric utilities under attack

Water and electricity suppliers are at risk of potentially crippling cyberattacks, according to a new report.

Sixty-two percent of water and electricity operators across the US and UK have been targeted by cyberattacks in the past year and of those, and most (80 percent) have been targeted multiple times, says research from cybersecurity firm Semperis.

Recent cyberattacks by nation-state groups on water and electricity utilities underscore the vulnerability of critical infrastructure. In the UK, Southern Water suffered a data breach initiated by hacker group Black Basta, who gained access to the company’s server infrastructure and compromised a significant amount of personal data.

Cybersecurity industry experts believe the fact that more than one-third (38 percent) of utilities didn’t think that they had been targeted in cyberattacks is troubling. According to the experts, it’s likely that a good portion of these operators simply don’t have the technology or the expertise to detect malicious activity.

“Utilities are a prime target for nation-states, probably more than criminal gangs. It’s also not surprising they were attacked multiple times, given that nation states are well resourced and time is not a constraint,” said Simon Hodgkinson former CISO, bp strategic advisor, Semperis.

According to Hodgkinson, nation-state threats see infrastructure attacks as opportunities to gain international leverage or support their economies. Cybercrime also tends to increase in line with trade sanctions.

“Embracing an assume-breach mindset is crucial for rapid recovery from cyberattacks. At the same time, implementing identity forensics and incident response (IFIR) capabilities enhances operational resilience, ensuring that identity systems remain secure against evolving threats. In an environment where regulations like DORA, GDPR, and NIST mandate robust identity protection and swift breach response, IFIR provides a proactive, structured framework that helps minimize business disruptions and safeguard critical infrastructure from compromise.”

The report, The State of Critical Infrastructure Resilience, Evaluating Cyber Threats to Water and Electric Utilities, found that nearly 60 percent of attacks were carried out by nation-state groups. In addition, 54 percent of utilities suffered permanent corruption or destruction of data and systems in the attack. In 67 percent of cyberattacks, attackers compromised identity systems, such as Active Directory, Entra ID and Okta. Another 15 percent of companies were unsure whether those systems were affected.

Measures to improve operational resilience

To improve their operational resilience against cyberattacks, Semperis said utilities should:

• Identify Tier 0 infrastructure components that are essential for recovery from a cyberattack;
• Prioritise incident response and recovery for these systems, followed by mission-critical (Tier 1) functions, business-critical (Tier 2) functions, and then all other (Tier 3) functions;
• Document response and recovery processes and practice them using real-world scenarios that involve people and processes beyond the IT department;
• Focus not just on fast recovery but on secure recovery. Attackers often attempt to compromise backups to maintain persistence in the environment, even after recovery attempts. Implement solutions that support speed, security and visibility in crisis situations.