Why Are U.S. Utilities So Vulnerable to Cyberattacks?
According to a report published by Google-owned cybersecurity firm Mandiant, the streets of Muleshoe, Texas that flooded with water earlier this year in January have Russian hackers to blame. This entity is also behind attacks in France and Poland in addition to Texas water utilities.
This attack wasn’t the first to plague United States utilities. Fast Company reported on U.S. National Security Council concerns that critical infrastructure providers could pose easy targets for hackers in December 2023.
“They have proven to be a little vulnerable because they are private companies and hence the profit motive prevails,” says Alan Woodward, professor of cybersecurity at the University of Surrey. “Security is seen as a cost center.” That’s borne out by data compiled by the International Energy Agency (IEA) on the power sector, which found that there were more than 1,100 targeted attacks launched across the world in 2022.
According to the Fast Company, The utilities sector seems uniquely understaffed, according to the IEA’s analysis: While the finance and insurance sector accounted for nearly 1% of all cybersecurity job postings in September 2022, and public administration 0.57%, power utilities languished behind at 0.49%. The average wage offered by the utility sector also pales into comparison to competing industries, which could mean it’s losing out on quality candidates.
The U.S. government has also failed to pass a number of legislative attempts to force utilities to adopt minimal cybersecurity standards. As a result, U.S. utilities are comparatively underprotected in comparison to their peers. “Compare that to the U.K. where we have a specialist government agency that focuses on such service providers and assesses them regularly,” Woodward says.