The energy sector remains a major target for cybercriminals. Beyond disrupting daily routines, a power outage can undermine economic stability and public safety. Rising demand for electricity, fueled by technology and digital growth, only adds to the sector’s vulnerability. A major driver of that demand is artificial intelligence: Goldman Sachs predicts that data center power consumption could rise by 160% by 2030, as AI’s enormous energy appetite strains already fragile grids.
### From blackouts to breaches
The recent blackout on the Iberian Peninsula showed just how disruptive a power outage can be. Tens of millions of people in Spain and Portugal were left without electricity. Transport and banking systems were affected, communication networks went down, and hospitals switched to backup generators. While this blackout wasn’t caused by a cyberattack, it serves as a wake-up call.
Energy grids and systems face cyber risks from state-linked groups, ransomware gangs, and insiders who intentionally cause damage. That’s why these organizations need to manage their infrastructure assuming they’re always a target.
In late 2022, Russia-backed ATP group Sandworm carried out a cyberattack that disrupted parts of the Ukrainian power grid. The war in Ukraine has revealed which targets would likely be hit in any conflict, and how vulnerable key infrastructure and systems can be in times of crisis.
According to SixMap, numerous major U.S. energy companies are exposed to vulnerabilities that can be exploited, and Trustwave reported an 80% year-over-year increase in ransomware attacks targeting the energy and utilities sector. Among the high-profile targets that were hit was Schneider Electric, where attackers claimed to have stolen 40GB of compressed data.
The FBI issued a warning that cyber actors are targeting the energy sector to disrupt power generation, steal intellectual property, or ransom critical information.
### Solar infrastructure under attack
Recent findings have raised concerns about solar infrastructure. Some Chinese-made solar inverters were found to have built-in communication equipment that isn’t fully explained. In theory, these devices could be triggered remotely to shut down inverters, potentially causing widespread power disruptions.
The discovery has raised fears that covert malware may have been installed in critical energy infrastructure across the U.S. and Europe, which could enable remote attacks during conflicts.
On top of that, many solar devices are still running outdated firmware with known exploits that are active in the wild.
“With the digitalization of the energy sector, there are various cybersecurity issues that have a direct impact on the resilience and reliability of the entire energy infrastructure,” warned Anjos Nijk, Managing Director of the European Network for Cyber Security (ENCS).
### Aging infrastructure and legacy systems
One of the biggest challenges in energy and utilities is old infrastructure and legacy systems. Many OT systems were built decades ago and weren’t designed with cyber threats in mind. They often lack updates, patches, and support, and older software and hardware don’t always work with new security solutions. Upgrading them without disrupting operations is a complex task.
OT systems used to be kept separate from the Internet to prevent remote attacks. Now, the push for real-time data, remote monitoring, and automation has connected these systems to IT networks. That makes operations more efficient, but it also gives cybercriminals new ways to exploit weaknesses that were once isolated.
Energy companies are cautious about overhauling old systems because it’s expensive and can interrupt service. But keeping legacy systems in play creates security gaps, especially when connected to networks or IoT devices. Protecting these systems while moving to newer, more secure tech takes planning, investment, and IT-OT collaboration.
While pursuing digitalization, organizations have been stacking up modern technologies on top of old systems, extending the attack surface. This leaves critical systems vulnerable, and devices open to exploitation, serving as gateways to larger network infrastructures.
### Supply chain blind spots and the cost of downtime
Energy companies rely on third-party vendors for software, hardware, and operational support. But that reliance comes at a cost. SecurityScorecard found that 45% of U.S. energy-sector breaches started with a third-party vendor, with two-thirds tied to software or IT providers. To address this, the U.S. Department of Energy has stepped up efforts to make supply chains more resilient.
When those risks turn into breaches, the most immediate impact is downtime. If operational systems go offline, power generation and distribution can be disrupted. Even short interruptions can result in significant revenue losses and cascading effects across critical services.
That’s why the energy and utilities sector is subject to strict cybersecurity regulations meant to protect national and economic security. Rules like NERC CIP in the US and NIS2 in the EU set mandatory cybersecurity requirements for operators of critical infrastructure.
“Energy providers should explore advanced technologies and automation opportunities that shorten the time between detection and response, including AI-powered tools that can monitor networks in real time, detect anomalies, and even predict potential threats. At the same time, organizations need to maintain strong human oversight of automated and AI-driven systems,” said Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea.
The energy sector remains a major target for cybercriminals.
The FBI issued a warning that cyber actors are targeting the energy sector to disrupt power generation, steal intellectual property, or ransom critical information.
The discovery has raised fears that covert malware may have been installed in critical energy infrastructure across the U.S. and Europe, which could enable remote attacks during conflicts.
“With the digitalization of the energy sector, there are various cybersecurity issues that have a direct impact on the resilience and reliability of the entire energy infrastructure,” warned Anjos Nijk, Managing Director of the European Network for Cyber Security (ENCS).
That’s why the energy and utilities sector is subject to strict cybersecurity regulations meant to protect national and economic security.
The energy sector remains a major target for cybercriminals. Beyond disrupting daily routines, a power outage can undermine economic stability and public safety. Rising demand for electricity, fueled by technology and digital growth, only adds to the sector’s vulnerability. A major driver of that demand is artificial intelligence: Goldman Sachs predicts that data center power consumption could rise by 160% by 2030, as AI’s enormous energy appetite strains already fragile grids.
From blackouts to breaches
The recent blackout on the Iberian Peninsula showed just how disruptive a power outage can be. Tens of millions of people in Spain and Portugal were left without electricity. Transport and banking systems were affected, communication networks went down, and hospitals switched to backup generators. While this blackout wasn’t caused by a cyberattack, it serves as a wake-up call.
Energy grids and systems face cyber risks from state-linked groups, ransomware gangs, and insiders who intentionally cause damage. That’s why these organizations need to manage their infrastructure assuming they’re always a target.
In late 2022, Russia-backed ATP group Sandworm carried out a cyberattack that disrupted parts of the Ukrainian power grid. The war in Ukraine has revealed which targets would likely be hit in any conflict, and how vulnerable key infrastructure and systems can be in times of crisis.
According to SixMap, numerous major U.S. energy companies are exposed to vulnerabilities that can be exploited, and Trustwave reported an 80% year-over-year increase in ransomware attacks targeting the energy and utilities sector. Among the high-profile targets that were hit was Schneider Electric, where attackers claimed to have stolen 40GB of compressed data.
The FBI issued a warning that cyber actors are targeting the energy sector to disrupt power generation, steal intellectual property, or ransom critical information.
Solar infrastructure under attack
Recent findings have raised concerns about solar infrastructure. Some Chinese-made solar inverters were found to have built-in communication equipment that isn’t fully explained. In theory, these devices could be triggered remotely to shut down inverters, potentially causing widespread power disruptions.
The discovery has raised fears that covert malware may have been installed in critical energy infrastructure across the U.S. and Europe, which could enable remote attacks during conflicts.
On top of that, many solar devices are still running outdated firmware with known exploits that are active in the wild.
“With the digitalization of the energy sector, there are various cybersecurity issues that have a direct impact on the resilience and reliability of the entire energy infrastructure,” warned Anjos Nijk, Managing Director of the European Network for Cyber Security (ENCS).
Aging infrastructure and legacy systems
One of the biggest challenges in energy and utilities is old infrastructure and legacy systems. Many OT systems were built decades ago and weren’t designed with cyber threats in mind. They often lack updates, patches, and support, and older software and hardware don’t always work with new security solutions. Upgrading them without disrupting operations is a complex task.
OT systems used to be kept separate from the Internet to prevent remote attacks. Now, the push for real-time data, remote monitoring, and automation has connected these systems to IT networks. That makes operations more efficient, but it also gives cybercriminals new ways to exploit weaknesses that were once isolated.
Energy companies are cautious about overhauling old systems because it’s expensive and can interrupt service. But keeping legacy systems in play creates security gaps, especially when connected to networks or IoT devices. Protecting these systems while moving to newer, more secure tech takes planning, investment, and IT-OT collaboration.
While pursuing digitalization, organizations have been stacking up modern technologies on top of old systems, extending the attack surface. This leaves critical systems vulnerable, and devices open to exploitation, serving as gateways to larger network infrastructures.
Supply chain blind spots and the cost of downtime
Energy companies rely on third-party vendors for software, hardware, and operational support. But that reliance comes at a cost. SecurityScorecard found that 45% of U.S. energy-sector breaches started with a third-party vendor, with two-thirds tied to software or IT providers. To address this, the U.S. Department of Energy has stepped up efforts to make supply chains more resilient.
When those risks turn into breaches, the most immediate impact is downtime. If operational systems go offline, power generation and distribution can be disrupted. Even short interruptions can result in significant revenue losses and cascading effects across critical services.
That’s why the energy and utilities sector is subject to strict cybersecurity regulations meant to protect national and economic security. Rules like NERC CIP in the US and NIS2 in the EU set mandatory cybersecurity requirements for operators of critical infrastructure.
“Energy providers should explore advanced technologies and automation opportunities that shorten the time between detection and response, including AI-powered tools that can monitor networks in real time, detect anomalies, and even predict potential threats. At the same time, organizations need to maintain strong human oversight of automated and AI-driven systems,” said Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea.
