New Semperis Study Highlights Cybersecurity Threats to Water and Electric Utilities in the U.S. and U.K.

Alarming Cybersecurity Threats to Essential Utilities

In a groundbreaking study released by Semperis, a leading company in AI-driven identity security, the alarming rise of cyberattacks targeting water and electric utilities across the United States and the United Kingdom has been highlighted. With 62% of utility operators reporting they were attacked over the past year, the data paints a concerning picture of the vulnerabilities inherent in critical infrastructure. Notably, 80% of those targeted faced multiple attacks, with 54% suffering complete data corruption or loss.

Recent incidents, such as a significant breach in a public utility in Littleton, MA, linked to a Chinese state-sponsored group, exemplify the ongoing threats faced by these essential services. Additionally, American Water Works – the largest utility company within the U.S. – found unauthorized activities within its network that affected customer services and billing processes.

Misconceptions About Cyberattacks

Interestingly, a substantial portion of utility operators, 38%, expressed confidence that they had not been targeted by cyberattacks. Experts in cybersecurity regard this misconception as alarmingly high, indicating many organizations may remain unaware of breaches already in place. Chris Inglis, the inaugural U.S. National Cyber Director and a Semperis advisor, emphasized the sophistication of Chinese cyber tactics, which often involve subtle infiltration methods that can remain undetected for extended periods.

The Semperis study, titled The State of Critical Infrastructure Resilience, offers crucial insights into the nature and origins of these attacks. Over 59% were attributed to nation-state actors, with identity systems being compromised in 81% of the attacks, revealing a critical area of vulnerability.

The Perils of Disruption

The implications of losing access to electricity or clean water, even temporarily, can have serious repercussions for public safety and health. Fortunately, the data suggests that utility customers in the U.S. and U.K. have thus far avoided significant crises, but the increasing number of attacks raises concerns about the future.

Mickey Bresman, CEO of Semperis, highlighted the pressing need for utilities to strengthen resilience against attacks. He suggested adopting proactive measures, including tabletop exercises that simulate attack scenarios to enhance preparedness. The nature of utility operations, which directly affects public well-being, makes their resilience a top priority.

The Path to Recovery

To bolster resilience against future cybersecurity threats, the study outlines several critical practices for utility operators:
1. Identify Essential Infrastructure: Recognize and prioritize Tier 0 components necessary for recovery following an attack.
2. Actionable Response Plans: Create and rehearse incident response and recovery processes comprehensively, engaging stakeholders beyond the IT department.
3. Focus on Secure Recovery: Given that attackers often target backups to ensure their persistent access, utilities must implement robust recovery solutions that ensure both speed and security during crisis scenarios.

The full report includes a detailed breakdown of survey responses provided by IT and security professionals from 350 utility companies, along with international comparisons. Interested parties can access the full study at Semperis.com.

About Semperis

Semperis specializes in safeguarding vital enterprise identity services against cyber threats, supporting operations in hybrid and multi-cloud environments. The company's innovative solutions protect over 100 million identities from various cyber threats, reflecting a commitment to enhancing global cyber resilience. As a privately-owned firm headquartered in Hoboken, New Jersey, Semperis serves a diverse clientele across more than 40 countries.

For further insights and community support resources, including the award-winning Hybrid Identity Protection Conference and other educational tools, visit the Semperis website at Semperis.com.