Cybersecurity Guide

Protecting the power grid: Cybersecurity in the energy sector

Written by Steven BowcutLast updated:
In this guide

In 2025, the intersection of cybersecurity and environmental services in the United States will become increasingly critical.

As environmental agencies and utilities modernize their infrastructure and adopt digital technologies, they face heightened risks from cyber threats.

This article explores the latest developments, challenges, and strategic responses within the environmental sector’s cybersecurity landscape.

Energy industry overview

The U.S. energy industry is experiencing major shifts due to growing electricity demand, advancements in renewable energy, and evolving policies.

With rising industrial activity, the electrification of transportation and heating, and the growing energy needs of AI-driven data centers, electricity consumption is expected to increase significantly. At the same time, the energy sector is witnessing a historic shift, as wind and solar together have overtaken coal in electricity generation—a trend set to strengthen further with major solar capacity expansions and the vital role of battery storage in supporting renewables.

While natural gas remains the dominant generation source, its share faces pressure from rising prices and the growing competitiveness of renewables, while the decline of coal-fired power continues. Nuclear and hydropower are projected to maintain stable contributions.

As industrial activity ramps up, transportation and heating become increasingly electrified, and AI-driven data centers require more power, electricity consumption is projected to rise considerably.

In parallel, the energy sector is undergoing a historic change, with wind and solar generation combined now exceeding that of coal, a trend that is expected to gain momentum thanks to large-scale solar capacity additions and the essential role of battery storage in supporting renewable energy sources.

Cybersecurity within the energy industry

Recognizing the increasing threats to the nation’s energy infrastructure, the US Department of Energy (DOE) established the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) in 2018.

According to its Blueprint, CESER’s primary goal is to fulfill the DOE’s energy security obligations and protect critical energy assets from the evolving landscape of cyber and physical threats.

The DOE acknowledges that this is not a task it can undertake in isolation, emphasizing the need for collaborative partnerships across government levels, the private sector, and academic institutions.

The Cybersecurity & Infrastructure Security Agency (CISA) is tasked with strengthening the security of the cyber ecosystem to protect critical services and the American way of life. This agency’s National Risk Management Center (NRMC) works closely with the critical infrastructure community to identify and analyze risks to our nation and strategically manage security efforts.

Energy companies face cyber risk from vulnerabilities related to their IT systems, OT infrastructure, and supply chain partners. IT systems include software, hardware, and technologies used to gather and process data needed to run the business side of the enterprise. OT infrastructure comprises software, hardware, and technologies required to control physical devices such as pumps, motors, valves, and switches. 

Examining attacks and breaches that have occurred in the energy industry illustrates the importance of securing the energy industry’s vast supply chain ecosystem.

Energy companies acquire information, hardware, software, and all kinds of services from third-party vendors worldwide. Threat actors can introduce compromised components into a system or network at any point in the system’s life cycle. 

Supply chain sabotage is sometimes done unintentionally in the form of elements that do not meet current security standards or intentionally as part of a covert effort to facilitate a future attack.

Attacks can come through software updates or “patches,” which are downloaded by the energy company, or through firmware that bad actors can manipulate to include malicious code for exploitation at a later date.

Here are some notable 2025 cybersecurity incidents in the energy sector:

  • ENGlobal Corporation Ransomware Attack – A major energy industry contractor was hit by a ransomware attack that locked them out of financial systems for six weeks and compromised sensitive personal information.

In addition to securing their IT networks and OT infrastructure, energy companies must also understand their supply chain’s cyber maturity and security processes.

Energy companies should conduct vendor risk assessments and gather ongoing intelligence themselves or through specialized cybersecurity firms and consultants.

Case study: Municipal Water Authority Cyberattack

In November 2023, the Municipal Water Authority of Aliquippa, Pennsylvania, fell victim to a cyberattack in which pro-Iranian hackers took control of a booster station’s industrial control system (ICS), responsible for regulating water pressure.

The attackers exploited well-known vulnerabilities in a Unitronics programmable logic controller (PLC), including the use of a default password, effectively disabling the system.

Although the water supply remained unaffected, the incident underscored the susceptibility of essential services to cyber threats, reinforcing the need for robust security measures, timely patching, and stronger protections against potential nation-state cyber activities targeting critical infrastructure.

The attack sparked investigations and discussions about strengthening cybersecurity within the water sector.

What makes cybersecurity challenging within the energy industry?

Three primary characteristics make the energy sector especially vulnerable to cyber threats. Energy companies are a rich target for both nation-state adversaries and for-profit cybercriminals.

Utilities have an ever-increasing attack surface arising from their difficult-to-harden dispersed geographic locations (hydroelectric dams and coal-fired generation plants are two good examples) and complex third-party supply chain relationships.

And, lastly, electric-power and gas companies have unique interdependencies between physical and cyber infrastructure that make OT infrastructure and IT networks highly vulnerable to attack.

Because our energy infrastructure is a key target for nation-states, the U.S. has seen an increase in the frequency and sophistication of cyber threats leveraged against this sector.

Unlike kinetic warfare, where an attack by an adversary against a U.S. interest is sure to bring a swift and decisive reprisal, nation-state adversaries today hide behind the near impossibility of 100 percent accurate attribution. They know that without certain attribution, the U.S. is unlikely to retaliate in any significant way. 

A multi-threat environment that includes geographically dispersed targets is difficult to protect. Add to that the complexities of an industry with a mix of private and public ownership and third-party vendor relationships that extend beyond any geographical boundaries.

It becomes clear why partnerships between the entities involved in this industry are crucial. No single government or private organization could protect all of the various enterprises that make up the energy industry. It requires voluntary and active participation across the board. 

The last layer of complex cybersecurity challenges for the engineering sector lies in the interdependent nature of many of the components that make up the industry.

For example, a power outage in one region can impact the availability of electricity in another part of the country as smart grids work to provide adequate power to all users. Or, an incapacitated oil pipeline can cause not only shortages in one region but also a spike in gas prices nationwide. 

The global deficiency in skilled cybersecurity workers exacerbates the difficulties in meeting today’s energy industry challenges.

Learn more about cybersecurity careers

America needs well-trained cybersecurity professionals. These professionals are required by both private industry and the government for the protection of critical infrastructure assets.

CISA and DOE have firmly stated their commitment to strengthening the nation’s cybersecurity workforce through normalizing roles and working to ensure we have well-trained workers.

Cybersecurity solutions for the energy industry

The critical nature of the networks, systems, and equipment necessary to make our modern energy industry work, along with the unique security challenges this sector faces, means that well-developed strategies must guide the use of exceptional cybersecurity solutions.

There is always a balance between security and convenience. For energy-related critical infrastructure, the scales consistently tip toward security, even if at the expense of convenience. 

  • Virtual Dispersive Networking (VDN) – VDN technology divides a network message into multiple parts and encrypts each component separately. VDN routes these message components over many servers, computers, and even mobile phones. Dispersing the data over numerous different paths in this manner eliminates the possibility of a Man-in-the-Middle attack since hackers can only obtain a small chunk of the original data on any given pathway. This protection strategy renders any data obtained meaningless to anyone other than the intended recipient and nearly impossible to decrypt.
  • Hardware authentication – Hardware authentication is an approach to user authentication that is especially useful for geographically dispersed OT networks. This protection strategy relies on a dedicated physical device (such as a token) held by an authorized user, in addition to a primary password, to grant access to computer resources. While not as convenient as other authentication methods, the critical nature of energy industry equipment far outweighs the need for easy user login. 
  • User-behavior analytics (UBA) – In the same way that sophisticated analytics are used to determine packet content in a firewall or anti-virus software analyzes a file system, UBA examines what a user is doing. By carefully studying how users typically interact with a given system, UBA can recognize abhorrent or suspicious behavior. Although it is much more sophisticated than this, a good example is an analysis of how quickly a user navigates the prompts of a system and the path the user takes to access sensitive information. UBA is ever-increasing its accuracy as it employs machine learning techniques to understand the intent behind user behavior. 

Protecting America’s energy industry from cyberattacks and other risks is a top priority for the Department of Energy. The DOE published a Multi-Year Plan for Energy Sector Cybersecurity in 2018.

This guiding document was developed to better coordinate critical cyber operations across the Department of Energy and other key critical infrastructure cybersecurity stewards.

It outlines an integrated strategy to reduce cyber risks in the energy industry by pursuing high-priority activities coordinated with other DOE offices and the federal government’s strategy, plans, and activities. 

Acknowledging that a strategy of trying to anticipate and then react to the latest cyber threats is inefficient, ineffective, and unsustainable, the DOE has embarked on a two-fold approach.

  • Strengthen today’s energy delivery systems by promoting continuous improvement.
  • Develop game-changing solutions that create inherently secure, resilient, and self-defending energy systems.

The DOE’s cybersecurity strategy meets the objectives of Executive Order 13800, which directs all federal agencies to use their authority and capabilities to support the cyber risk management of critical infrastructure owners and operators.

Conclusion

To effectively combat the growing cybersecurity challenges facing the US environmental sector in 2025, a unified effort is essential. These challenges stem from evolving policies, the sector’s unique vulnerabilities, and the rapid development of technology.

This unified approach should involve leveraging cutting-edge technologies like artificial intelligence, implementing robust security frameworks such as zero-trust architectures, and fostering continuous communication among government, industry, and technology experts.

By adopting these proactive measures, the environmental sector can strengthen its defenses against cyberattacks, protecting its critical infrastructure and the vital services it provides to the public.

Further reading

Frequently asked questions

Why is cybersecurity vital for the energy sector?

Cybersecurity is essential for the energy sector because it ensures the uninterrupted supply of power and protects critical infrastructure. A cyberattack could disrupt energy services, affecting national security, the economy, and daily life.

What types of cyber threats does the energy sector face?

The energy sector is vulnerable to ransomware attacks, Distributed Denial of Service (DDoS) attacks, phishing campaigns, insider threats, and attacks targeting Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

How does the integration of smart grids impact cybersecurity?

While smart grids enhance energy efficiency and distribution, they also introduce new cyber vulnerabilities due to their interconnected nature. Ensuring these grids are secure is paramount to prevent potential disruptions.

Are there specific cybersecurity regulations for the energy sector?

Yes, many regions have regulations and standards, such as the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards, which set cybersecurity requirements for the energy industry.

How do cyberattacks impact the reliability of the energy supply?

Cyberattacks can disrupt energy production, transmission, and distribution, leading to blackouts, economic losses, and potential safety hazards.

Why are energy infrastructure attacks particularly concerning?

Attacks on energy infrastructure can have cascading effects, impacting transportation, healthcare, communication, and other sectors that rely on a stable energy supply.

How can energy consumers ensure their smart devices are secure?

Consumers can regularly update device firmware, use strong, unique passwords, enable multi-factor authentication, and stay informed about potential vulnerabilities or threats related to their devices.

Sources

  • Municipal Water Authority Cyberattack | Sourced from CNN in Apr 2025
  • Cybersecurity oversight of SAWS | From San Antonio Express-News in Apr 2025
  • CESER Blueprint | Sourced from the US Dept of Energy in Apr 2025
  • Multi-Year Plan for Energy Sector Cybersecurity | From the US Dept of Energy in Apr 2025
  • Executive Order 13800 Information | Sourced from CISA in Apr 2025
  • Cybersecurity Best Practices | Sourced from CISA in Apr 2025
  • Recent Cyber Attacks, Data Breaches, Ransomware Attacks | From Cyber Management Alliance in Apr 2025