Why cybersecurity is lagging in utilities – and what to do about it
Attivo Networks Blogs

Why cybersecurity is lagging in utilities – and what to do about it

smart energy international logo

The energy space is a highly attractive target for cyberattacks, with potentially major repercussions. It is also an industry that is notoriously slow to adopt new advanced cybersecurity measures. The slowness of the industry in adopting new security solutions is evidenced by global utilities lagging behind aligning themselves with cybersecurity standards.

Recently, US utility Duke Energy was fined $10 million by NERC for egregious security lapses dating back to 2015. And Duke was presumed to be ahead of its peers, so where do other utility firms stand?

Clearly, there is a need for investing in increasing utility cybersecurity awareness, optimising the operations of emerging grid security technology start-ups and in research and development of new security features and capabilities.

Smart Energy International spoke with Carolyn Crandall, chief deception officer at Attivo Networks, a cybersecurity firm, to understand what can be done to ensure increased adoption of security technologies and measures.

Asked about the impacts of cyber attacks, Crandall said energy sector leaders are acutely aware that they are a highly attractive target for cyber attacks and must be prepared for the most sophisticated cyber criminals. Although the attack is done online, cyber attacks pose the same kind of infrastructure risk and repercussions as natural disasters or physical attacks. Cyber attackdriven outages can also have a significant impact on economic and government stability if taken to extremes.

With the emergence of smart grids, smart devices, and the massive growth of IoT connected devices, rapid digitisation of the energy industry has increased the potential attack surfaces and the need for enhanced visibility and detection of in-network cybersecurity threats. Given the sophistication and gravity of these attacks, the sector has enhanced its security programs to include investment in not only prevention but also in lateral movement detection so that attackers cannot successfully establish a foothold or advance their attacks.

Beyond costly outages, attacks could potentially result in infrastructure shutdown, triggering economic and financial disruptions or even loss of life and massive environmental damage.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published. Required fields are marked *

fifteen − 11 =

Ready to find out what’s lurking in your network?

Scroll to Top