United States: Cyber attacks on energy infrastructure on the rise

Cyberattacks on US energy infrastructure rose sharply in 2024. New studies reveal an upsurge in ransomware and data breaches, highlighting the growing vulnerability of these critical systems.

Share:

Power grid control center in Pennsylvania

Gain full professional access to energynews.pro from 4.90$/month.
Designed for decision-makers, with no long-term commitment.

Over 30,000 articles published since 2021.
150 new market analyses every week to decode global energy trends.

Monthly Digital PRO PASS

Immediate Access
4.90$/month*

No commitment – cancel anytime, activation in 2 minutes.

*Special launch offer: 1st month at the indicated price, then 14.90 $/month, no long-term commitment.

Annual Digital PRO Pass

Full Annual Access
99$/year*

To access all of energynews.pro without any limits

*Introductory annual price for year one, automatically renewed at 149.00 $/year from the second year.

U.S. energy infrastructures face intensifying cyber threats in 2024, marked by a series of targeted attacks.
According to Thales’ “Data Threat” 2024 report, 42% of critical infrastructure companies, including those in the energy sector, suffered data breaches this year.
These attacks, often orchestrated by state actors or organized criminal groups, highlight the increased vulnerability of systems using increasingly interconnected technologies and obsolete equipment.

Growing threats to critical infrastructures

The data shows a sharp rise in ransomware attacks against energy infrastructure, with a quarter of organizations reporting this type of attack in the last 12 months.
The motivation behind these attacks is clear: malicious actors know that companies in the energy sector are more likely to pay ransoms to avoid costly disruptions to their operations.
Furthermore, the complexity and diversity of the technologies used in this sector create a wide range of risks, from human error to the exploitation of known vulnerabilities, to the lack of multi-factor authentication.
The Thales report also highlights the growing threat of insider threats, with 30% of companies reporting incidents linked to employees or contractors.
This highlights the need to improve access management and strengthen security awareness programs within organizations.

Coordinated attacks and vulnerabilities in industrial control systems

Between November 2023 and April 2024, 29 cyberattacks specifically targeting the industrial control systems of US energy infrastructures were reported.
These attacks, including ransomware and intrusions, were aimed at compromising critical security systems.
Rapid digitization and the growing integration of new technologies into energy infrastructures are increasing the number of potential entry points for cyber attacks, exposing more systems to the risk of intrusion.
Experts stress that securing industrial control systems, often built on old, interconnected technologies, has become a priority.
The challenge is made all the more complex by the fact that the sector struggles to find and retain qualified cybersecurity professionals, which weakens its ability to respond.

New guidelines and greater resilience

In response to these growing threats, the U.S. Department of Energy (DOE) issued new cybersecurity guidelines for electric distribution systems and distributed energy resources (DER) in 2024.
These guidelines, developed in collaboration with the National Association of Regulatory Utility Commissioners (NARUC), aim to provide a common framework for reducing risk and improving the cyber resilience of critical infrastructure.
The aim is to encourage the voluntary adoption of uniform cybersecurity practices, and to strengthen defense against sophisticated threats from state actors or criminal groups.
Industry players are called upon to strengthen their cybersecurity strategy by focusing on improving cyber resilience, reducing human error, and effectively managing internal threats.
By adopting a more proactive and coordinated approach, the energy sector can hope to mitigate the risk of future attacks, while protecting America’s critical infrastructure from potentially devastating disruptions.

Veolia and TotalEnergies formalise a strategic partnership focused on water management, methane emission reduction and industrial waste recovery, without direct financial transaction.
North Atlantic and ExxonMobil have signed an agreement for the sale of ExxonMobil’s stake in Esso S.A.F., a transaction subject to regulatory approvals and financing agreements to be finalised by the end of 2025.
The Canadian pension fund takes a strategic minority stake in AlphaGen, a 11 GW U.S. power portfolio, to address rising electricity demand from data centres and artificial intelligence.
Minnesota’s public regulator has approved the $6.2bn acquisition of energy group Allete by BlackRock and the Canada Pension Plan, following adjustments aimed at addressing rate concerns.
Statkraft continues its strategic shift by selling its district heating unit to Patrizia SE and Nordic Infrastructure AG for NOK3.6bn ($331mn). The deal will free up capital for hydropower, wind, solar and battery investments.
Petronas Gas restructures its operations by transferring regulated and non-regulated segments into separate subsidiaries, following government approval to improve transparency and optimise the group’s investment management.
Marubeni Corporation has formed a power trading unit in joint venture with UK-based SmartestEnergy, targeting expansion in Japan’s fast-changing deregulated market.
Phoenix Energy raised $54.08mn through a preferred stock offering now listed as PHXE.P on NYSE American, with an initial dividend scheduled for mid-October.
TotalEnergies plans to increase its energy production by 4% annually until 2030, while reducing global investments by $7.5bn amid what it describes as an uncertain economic environment.
Occidental Petroleum is considering selling its chemical subsidiary OxyChem for $10bn, a transaction that forms part of its deleveraging strategy launched after several major acquisitions.
ABO Energy is assessing a shift to independent power production by operating its own renewable parks, signalling a major strategic move in a market that has become more favourable.
Fortescue accelerates the decarbonisation of its operations by leveraging an international network of technology and industrial partners, targeting net zero at its mining sites by 2030.
Mexican state-owned company Pemex confirmed the partial acceptance of bond securities under its debt repurchase offer, with a total allocation of $9.9bn, following strong oversubscription.
Swiss energy company MET strengthens its footprint in Central and Southeast Europe with the full acquisition of MET Slovakia and the launch of a new operational subsidiary in Albania.
UK-based Gresham House will acquire Swiss investment manager SUSI Partners, strengthening its international footprint in energy transition infrastructure.
Spruce Power launches an internal reorganisation aimed at reducing annual operating costs by $20mn, with the closure of its Denver office and a refocus on key initiatives to strengthen profitability.
TotalEnergies’ Board of Directors is adjusting its shareholder return strategy while consolidating its multi-energy growth and employee shareholding plan amid an uncertain energy and geopolitical landscape.
Fermi America has signed two letters of intent with Siemens Energy to supply an additional 1.1 GW of gas turbines and collaborate on nuclear steam turbines as part of its 11 GW private energy campus dedicated to artificial intelligence.
Aker becomes one of Nscale’s largest shareholders following a $1.1bn funding round, reinforcing its exposure to large-scale artificial intelligence infrastructure.
TenneT Holding has reached an agreement with APG, GIC and NBIM to finance the expansion of the German high-voltage grid, securing its capital needs for the coming years.