Evaluating Cyber Threats to Water and Electric Utilities

The State of Critical Infrastructure Resilience

Cyber threats pose a growing risk to utility operators—and public safety.

The technology and systems that deliver critical services like power grids and drinking water underpin every facet of our health and safety. … We need to harden our systems and extract criminal elements — now.

Chris Inglis Former US National Cyber Director & Semperis Strategic Advisor

Cyberattacks on water and power put the public at risk

How prepared are providers of water and electricity to detect, respond to, and recover from cyber threats? Attacks are on the rise, and even short disruptions of these critical services can cause widespread social and economic harm.

The State of Critical Infrastructure Resilience reveals crucial lessons for publicly and privately operated utilities.

Get the report
62%
of responding utilities were targeted by threat actors in the past 12 months
59%
of victims confirmed that the attackers were sponsored by a nation state
57%
of attacks disrupted operations
82%
of attacks definitely or possibly compromised Tier 0 identity systems

Ransomware criminals have a propensity to go after locally and municipally operated critical infrastructure, including water treatment facilities and electricity grids. Frankly, with low IT and security budgets staring at operators, threat actors have the upper hand.

Ciaran Martin, CB Managing Director, Paladin Capital Group & founding Chief Executive, UK National Cyber Security Centre

Utility systems are under threat

Whether they aim to extort money, conduct espionage, or gain political leverage, nation-state threats see infrastructure attacks as a golden opportunity. Experts agree that attackers’ motivations might spur a demand for ransom—or an attempt to remain undetected and instead plant backdoors or exfiltrate data.

“Many public utilities likely don’t realize that China has infiltrated their infrastructure,” notes Chris Inglis, former US National Cyber Director and Semperis Strategic Advisor.

See the data
Mickey Bresman, Semperis CEO

From post-attack engagements in breached environments, we know that 90 percent of the time, identity systems are targeted and successfully compromised. Unfortunately, many organizations lack the tools needed to gain visibility into those compromises, preventing them from restoring trust in their identity systems.

Mickey Bresman Semperis CEO

Critical infrastructure demands operational resilience

Operators of critical infrastructure services should make operational resilience a top priority. Today’s complex cyber threat landscape demands a proactive approach to resilience—one that assumes breach and readies the organization to respond to and recover from any threat that might interrupt its mission. For nearly every organization, this means securing the resilience of the identity infrastructure.

The critical role of identity systems—such as Active Directory (AD), Entra ID, and Okta—in authentication and authorization have made them a top attack target. Attackers use identity compromise to move laterally and escalate their privileges in the breached environment or take down Active Directory to cripple the organization; without a functional AD, users cannot log in and resources cannot be accessed.

Get the report

Embracing an assume-breach mindset is crucial for rapid recovery from cyberattacks. At the same time, implementing identity forensics and incident response (IFIR) capabilities enhances operational resilience, ensuring that identity systems remain secure against evolving threats.

Simon Hodgkinson Former bp CISO & Semperis Strategic Advisor

More resources

Learn more about how to prevent, detect, and respond to identity-based attacks.