United States: Cyber attacks on energy infrastructure on the rise

Cyberattacks on US energy infrastructure rose sharply in 2024. New studies reveal an upsurge in ransomware and data breaches, highlighting the growing vulnerability of these critical systems.
Power grid control center in Pennsylvania

Partagez:

U.S. energy infrastructures face intensifying cyber threats in 2024, marked by a series of targeted attacks.
According to Thales’ “Data Threat” 2024 report, 42% of critical infrastructure companies, including those in the energy sector, suffered data breaches this year.
These attacks, often orchestrated by state actors or organized criminal groups, highlight the increased vulnerability of systems using increasingly interconnected technologies and obsolete equipment.

Growing threats to critical infrastructures

The data shows a sharp rise in ransomware attacks against energy infrastructure, with a quarter of organizations reporting this type of attack in the last 12 months.
The motivation behind these attacks is clear: malicious actors know that companies in the energy sector are more likely to pay ransoms to avoid costly disruptions to their operations.
Furthermore, the complexity and diversity of the technologies used in this sector create a wide range of risks, from human error to the exploitation of known vulnerabilities, to the lack of multi-factor authentication.
The Thales report also highlights the growing threat of insider threats, with 30% of companies reporting incidents linked to employees or contractors.
This highlights the need to improve access management and strengthen security awareness programs within organizations.

Coordinated attacks and vulnerabilities in industrial control systems

Between November 2023 and April 2024, 29 cyberattacks specifically targeting the industrial control systems of US energy infrastructures were reported.
These attacks, including ransomware and intrusions, were aimed at compromising critical security systems.
Rapid digitization and the growing integration of new technologies into energy infrastructures are increasing the number of potential entry points for cyber attacks, exposing more systems to the risk of intrusion.
Experts stress that securing industrial control systems, often built on old, interconnected technologies, has become a priority.
The challenge is made all the more complex by the fact that the sector struggles to find and retain qualified cybersecurity professionals, which weakens its ability to respond.

New guidelines and greater resilience

In response to these growing threats, the U.S. Department of Energy (DOE) issued new cybersecurity guidelines for electric distribution systems and distributed energy resources (DER) in 2024.
These guidelines, developed in collaboration with the National Association of Regulatory Utility Commissioners (NARUC), aim to provide a common framework for reducing risk and improving the cyber resilience of critical infrastructure.
The aim is to encourage the voluntary adoption of uniform cybersecurity practices, and to strengthen defense against sophisticated threats from state actors or criminal groups.
Industry players are called upon to strengthen their cybersecurity strategy by focusing on improving cyber resilience, reducing human error, and effectively managing internal threats.
By adopting a more proactive and coordinated approach, the energy sector can hope to mitigate the risk of future attacks, while protecting America’s critical infrastructure from potentially devastating disruptions.

Pedro Azagra leaves his role as CEO of Avangrid to become CEO of Iberdrola, while Jose Antonio Miranda and Kimberly Harriman succeed him as CEO and Deputy CEO respectively of the American subsidiary.
The US investment fund Ares Management enters Plenitude's capital by acquiring a 20% stake from Eni, valuing the Italian company at 10 billion euros and reinforcing its integrated energy strategy.
ENGIE secures a contract to reduce Airbus' industrial emissions in France, Germany, and Spain, targeting an 85% decrease by 2030 through various local energy infrastructures.
Alain Rhéaume, Chairman of Boralex’s Board of Directors for eight years, will leave his position by December, following the appointment of his successor by the governance committee of the Canadian energy group.
Norwegian group Statkraft plans an annual cost reduction of NOK2.9bn ($292 million) by 2027, citing possible job cuts amid rising financial burdens and volatility in the European energy market.
EDF merges EDF Renouvelables and its International Division into EDF power solutions, led by Béatrice Buffon, to optimise its global 31 GW low-carbon energy portfolio and strengthen its international positioning.
TotalEnergies announces a strategic partnership with Mistral AI to establish a dedicated innovation laboratory integrating artificial intelligence tools aimed at enhancing industrial efficiency, research, and customer relations.
The Energy Transitions Commission warns of economic risks tied to growing protectionism around clean technologies, while calling for global consensus on carbon pricing.
Baker Hughes has reached an agreement to sell its precision sensor product line to Crane Company for $1.15bn, thereby refocusing its operations on core competencies in industrial and energy technologies.
American conglomerate American Electric Power sold 19.9% of two transmission subsidiaries to KKR and PSP Investments, raising $2.82bn to support its five-year $54bn investment plan.
The new mapping by Startup Nation Central identifies 165 active companies in Israel’s energy technologies, amid strong private funding and growing global market interest.
The new CEO of EDF, Bernard Fontana, aims to achieve €1 billion in operational cost savings for the French energy giant by 2030, prioritizing industrial contracts and the national nuclear sector.
CMS Energy Corporation has announced a cash tender offer for debt securities totalling $125 million, issued by Consumers Energy. The offer expires on July 3, 2025, with priority given to bonds submitted before June 17, 2025.
Vermilion Energy is exiting the U.S. market permanently by selling its assets for C$120mn ($87.88mn), refocusing its operations on Canada and Europe while reducing its debt and investment budget.
In 2024, Italian energy giant Eni paid approximately €8.4 billion to various global governments. These payments, primarily concentrated in Africa and Asia, reflect its commitments in the international energy sector.
The International Energy Agency projects a record-high global energy investment in 2025, driven by electricity and low-carbon technologies despite geopolitical and economic uncertainty.
The Czech regulatory authority launches an investigation into suspected collusion involving several major actors in the awarding of a thermal power plant, putting transparency of a strategic transaction for the energy sector at stake.
The Democratic Republic of Congo is set to replace its temporary ban on cobalt hydroxide exports with quotas, aiming to balance global demand, secure revenue, and stabilize market fluctuations.
European Energy secured EUR 145mn in financing from SEB and Swedbank to support wind, solar, and storage assets in Lithuania, reinforcing its regional expansion strategy.
Greenvolt Group finalised the sale of 28 solar and wind projects to Transiziona, valued at €195mn, bringing total asset sales to €530mn in 2025 as part of its pan-European strategy.