By Rob Denaburg, cybersecurity program senior manager, American Public Power Association
One of public power utilities’ greatest structural advantages is their close connection with the communities they serve. The local ownership and input on utility decisions lead to a dedication to local service and investment in the community’s quality of life. While public power utilities are by nature locally focused, that does not make them immune to global forces, including geopolitical tensions and foreign conflicts.
In addition to the critical role public power utilities play in the economy, public health, and safety, utilities can play an important role in the security of the nation by being resilient to cyberattack.
Foreign nation-states, state-sponsored actors, hacktivists, cyber criminals, and other bad actors have targeted U.S. critical infrastructure, including public power utilities. These attackers pose a host of risks to domestic systems, and their capabilities and motivations can vary significantly. For example, profit-seeking attackers often attempt to extort victims or steal and sell valuable information. Other attackers might try to gain access to sensitive networks to conduct espionage or steal intellectual property used to advance corporate or national interests.
While these kinds of attacks may increase amid global conflicts, they tend to be relatively consistent and are generally not tied to geopolitical events.
Some attacks, though, are motivated by global events and might ramp up amid international tensions. This can put utilities of all types and sizes in the U.S. at higher risk. When conflicts flare up overseas, ideologically driven attackers might deface websites, leak sensitive information, or cause disruptions they see as conducive to their political aims. These types of attacks may threaten utilities’ business functions but are less likely to disrupt the flow of power to customers.
However, cybersecurity firms have identified threat actors inspired by conflicts, such as the Russian invasion of Ukraine, who have aims to carry out more sophisticated attacks, including attempts to disrupt critical infrastructure by manipulating industrial control systems. These events indicate that future activity by well-resourced attackers may pose more than just a nuisance-level risk to public power utilities.
Attackers who are part of or affiliated with foreign governments are also improving their capabilities to carry out sophisticated attacks on U.S. systems. While these attackers may choose to refrain from more disruptive breaches during peacetime to avoid provoking a significant U.S. response, government threat assessments indicate that U.S. adversaries are trying to gain a covert foothold in utility systems and use that access to prepare for more disruptive attacks on U.S. critical infrastructure.
These more serious attacks could be deployed amid, or in the lead-up to, future conflicts. For example, in 2024, the Cybersecurity and Infrastructure Security Agency released an advisory cautioning that state-sponsored cyber actors in China “are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.”
While attacks against U.S. critical infrastructure in future conflicts may purposefully target systems with high strategic value, that doesn’t limit the targets to utilities serving large populations. For example, foreign attackers could target infrastructure that supports the U.S. military, including communities adjacent to bases or other facilities. While many facilities that support national security will have backup power, this power may only sustain some services and functions, not act as a long-term replacement for normal grid service. Even if they don’t directly affect military facilities, attacks that disrupt power to communities are an attempt to bring the cost of American participation in the conflict home for U.S. citizens. The aim with these attacks is to create public pressure from within the U.S. on the government to avoid intervening or limiting its participation in a conflict. Alternatively, attackers may be less pointed and more focused on disrupting whatever systems they can access — and they might see smaller systems as easier targets.
In the face of these threats, public power utilities are an important line of defense against U.S. adversaries. For this reason, the American Public Power Association and its members are leveraging industry and government support to secure public power systems and keep their communities safe from intentional power disruption. This includes an increased focus on sharing the knowledge and best practices necessary to mitigate major and emerging threats and reduce the consequences associated with being targeted. Members can sign up to participate in the Cybersecurity Defense Community at PublicPower.org/Participate-Cyber-Defense-Community.