Cyberattacks on US utilities have surged by 70% in 2023, revealing grave vulnerabilities in America’s key infrastructure.
At a Glance
- Enterprise spending on OT cybersecurity is projected to grow almost 70% from 2023 to $21.6 billion globally by 2028.
- More than half of OT cybersecurity spending will be allocated to network security and segmentation.
- The Environmental Protection Agency (EPA) issued an enforcement alert urging immediate action to protect drinking water.
- Geopolitical rivals like China, Russia, and Iran are actively seeking to disable U.S. critical infrastructure.
US Utilities Face Rising Cybersecurity Threats
According to data from Check Point, cyberattacks targeting US utilities have skyrocketed by 70% in 2023. This significant increase in cyber threats underscores the urgent need to bolster cybersecurity measures across critical infrastructure systems like electricity, gas, and water. The current state of affairs necessitates that utility providers and regulatory bodies quickly adopt and enforce more robust cybersecurity frameworks to prevent severe disruptions.
Enterprise spending on operational technology (OT) cybersecurity is projected to grow nearly 70% by 2028, reaching $21.6 billion globally. The OT cybersecurity sector generated $12.75 billion in 2023 alone. More than half of this expenditure will focus on network security and segmentation, essential components for maintaining cybersecurity and operational continuity. Segmentation, in particular, will account for approximately 27% of the overall spending through this five-year period. Escalating cyber threats are driving this trend, especially against internet-exposed devices at industrial sites.
High utility bills reported in Apex after cyberattack: 'Working on a resolution' https://t.co/LUNxGMINnR
— ABC11 EyewitnessNews (@ABC11_WTVD) September 10, 2024
Increasing Focus on Water Utilities
The increase in cyberattacks also heavily targets water utilities. The Environmental Protection Agency (EPA) has issued an enforcement alert, calling for immediate action to protect drinking water systems. Disturbingly, 70% of inspected utilities violated existing standards designed to prevent breaches. Small water systems, in particular, have been identified as vulnerable and in need of improved security measures.
McCabe named China, Russia, and Iran as the countries that are “actively seeking the capability to disable U.S. critical infrastructure, including water and wastewater.”
Water utilities are experiencing increased frequency and severity of cyberattacks, leading to critical service disruptions. Common security failures include not changing default passwords and not cutting off access for former employees. These vulnerabilities allow attackers to disrupt water treatment processes, damage infrastructure, or alter chemical levels, posing serious risks to public health and safety.
https://twitter.com/cisagov%3Flang%3Den
Power Grid Vulnerabilities
The U.S. energy grid is similarly at risk. The grid, divided into three interconnections—Eastern, Western, and Texas—relies heavily on aging infrastructure. For instance, 70% of transmission lines and 60% of circuit breakers are over 30 years old. The White House’s “Building a Better Grid” initiative aims to transition the nation to clean electricity by 2035, supported by over $20 billion in federal funding. This transition also stresses improving cybersecurity measures to protect the evolving grid from attacks.
“Attacks and regulation are driving spending,” Michael Amiri, senior analyst at ABI Research, said via email.
Historically, OT environments have had weaker cybersecurity defenses, making them easier targets for cyber attackers. Rising cyber risks and increased connectivity requirements suggest that OT and IoT cybersecurity spending could soon exceed traditional IT spending. Such investments will be critical for sectors like mining, quarrying, oil and gas extraction, utilities, and manufacturing, which are identified as top spenders in OT cybersecurity.