United States: Cyber attacks on energy infrastructure on the rise

Cyberattacks on US energy infrastructure rose sharply in 2024. New studies reveal an upsurge in ransomware and data breaches, highlighting the growing vulnerability of these critical systems.

Share:

Power grid control center in Pennsylvania

Subscribe for unlimited access to all energy sector news.

Over 150 multisector articles and analyses every week.

Your 1st year at 99 €*

then 199 €/year

*renews at 199€/year, cancel anytime before renewal.

U.S. energy infrastructures face intensifying cyber threats in 2024, marked by a series of targeted attacks.
According to Thales’ “Data Threat” 2024 report, 42% of critical infrastructure companies, including those in the energy sector, suffered data breaches this year.
These attacks, often orchestrated by state actors or organized criminal groups, highlight the increased vulnerability of systems using increasingly interconnected technologies and obsolete equipment.

Growing threats to critical infrastructures

The data shows a sharp rise in ransomware attacks against energy infrastructure, with a quarter of organizations reporting this type of attack in the last 12 months.
The motivation behind these attacks is clear: malicious actors know that companies in the energy sector are more likely to pay ransoms to avoid costly disruptions to their operations.
Furthermore, the complexity and diversity of the technologies used in this sector create a wide range of risks, from human error to the exploitation of known vulnerabilities, to the lack of multi-factor authentication.
The Thales report also highlights the growing threat of insider threats, with 30% of companies reporting incidents linked to employees or contractors.
This highlights the need to improve access management and strengthen security awareness programs within organizations.

Coordinated attacks and vulnerabilities in industrial control systems

Between November 2023 and April 2024, 29 cyberattacks specifically targeting the industrial control systems of US energy infrastructures were reported.
These attacks, including ransomware and intrusions, were aimed at compromising critical security systems.
Rapid digitization and the growing integration of new technologies into energy infrastructures are increasing the number of potential entry points for cyber attacks, exposing more systems to the risk of intrusion.
Experts stress that securing industrial control systems, often built on old, interconnected technologies, has become a priority.
The challenge is made all the more complex by the fact that the sector struggles to find and retain qualified cybersecurity professionals, which weakens its ability to respond.

New guidelines and greater resilience

In response to these growing threats, the U.S. Department of Energy (DOE) issued new cybersecurity guidelines for electric distribution systems and distributed energy resources (DER) in 2024.
These guidelines, developed in collaboration with the National Association of Regulatory Utility Commissioners (NARUC), aim to provide a common framework for reducing risk and improving the cyber resilience of critical infrastructure.
The aim is to encourage the voluntary adoption of uniform cybersecurity practices, and to strengthen defense against sophisticated threats from state actors or criminal groups.
Industry players are called upon to strengthen their cybersecurity strategy by focusing on improving cyber resilience, reducing human error, and effectively managing internal threats.
By adopting a more proactive and coordinated approach, the energy sector can hope to mitigate the risk of future attacks, while protecting America’s critical infrastructure from potentially devastating disruptions.

Eneco’s Supervisory Board has appointed Martijn Hagens as the next Chief Executive Officer. He will succeed interim CEO Kees Jan Rameau, effective from 1 March 2026.
With $28 billion in planned investments, hyperscaler expansion in Japan reshapes grid planning amid rising tensions between digital growth and infrastructure capacity.
The suspension of the Revolution Wind farm triggers a sharp decline in Ørsted’s stock, now trading at around 26 USD, increasing the financial stakes for the group amid a capital increase.
Hydro-Québec reports net income of C$2.3 billion in the first half of 2025, up more than 20%, driven by a harsh winter and an effective arbitrage strategy on external markets.
French group Air Liquide strengthens its presence in Asia with the acquisition of South Korean DIG Airgas, a key player in industrial gases, in a strategic €2.85 billion deal.
The Ministry of Economy has asked EDF to reconsider the majority sale agreement of its technology subsidiary Exaion to the American group Mara, amid concerns related to technological sovereignty.
IBM and NASA unveil an open-source model trained on high-resolution solar data to improve forecasting of solar phenomena that disrupt terrestrial and space-based technological infrastructures.
The Louisiana regulatory commission authorizes Entergy to launch major energy projects tied to Meta’s upcoming data center, with anticipated impacts across the regional power grid.
Westbridge Renewable Energy will implement a share consolidation on August 22, reducing the number of outstanding shares by four to optimize its financial market strategy.
T1 Energy secures a wafer supply contract, signs 437 MW in sales, and advances G2_Austin industrial deployment while maintaining EBITDA guidance despite second-quarter losses.
Masdar has allocated the entirety of its 2023–2024 green bond issuances to solar, wind, and storage energy projects, while expanding its financial framework to include green hydrogen and batteries.
Energiekontor launches a €15 million corporate bond at 5.5% over eight years, intended to finance wind and solar projects in Germany, the United Kingdom, France, and Portugal.
The 2025 EY study on 40 groups shows capex driven by mega-deals, oil reserves at 34.7 billion bbl, gas at 182 Tcf, and pre-tax profits declining amid moderate prices.
Australian fuel distributor Ampol reports a 23% drop in net profit, impacted by weak refining margins and operational disruptions, while surpassing market forecasts.
Puerto Rico customers experienced an average of 73 hours of power outages in 2024, a figure strongly influenced by hurricanes, according to the U.S. Energy Information Administration.
CITGO returns to profitability in Q2 2025, supported by maximum utilization of its refining assets and adjusted capital expenditure management.
MARA strengthens its presence in digital infrastructure by acquiring a majority stake in Exaion, a French provider of secure high-performance cloud services backed by EDF Pulse Ventures.
ACEN strengthens its international strategy with over 2,100 MWdc of attributable renewable capacity in India, marking a major step in its expansion beyond the Philippines.
German group RWE maintains its annual targets after achieving half its earnings-per-share forecast, despite declining revenues in offshore wind and trading.
A Dragos report reveals the scale of cyber vulnerabilities in global energy infrastructures. Potential losses reach historic highs.

Log in to read this article

You'll also have access to a selection of our best content.

or

Go unlimited with our annual offer: €99 for the 1styear year, then € 199/year.