Cyberattacks increasingly target and succeed inside energy and utility companies’ IT networks, rather than their critical infrastructure, according to a new report from cybersecurity firm Vectra.

In the past, the energy and utility industry’s cyber efforts have focused on preventing disruption of power availability via industrial control networks.

But the Department of Homeland Security issued a technical alert in March warning the industry of a “multi-stage intrusion campaign” originating in Russia targeting IT networks in the U.S. energy sector.

“I don’t think [utilities] have watched enough for this,” Chris Morales, head of security analytics at Vectra, told Route Fifty. “They need to monitor actual IT networks a lot closer.”

While no major U.S. city has seen its energy grid taken down with malware, Russia successfully committed the first such attack on Ukraine in 2015.

That event coupled with the reports from DHS and the private sector indicating critical infrastructure is a target has seen utilities increase their cyber investments, said Branndon Kelly, chief information officer for American Municipal Power, Inc. The nonprofit utility serves cities across nine states that own their electric system and includes Vectra’s Cognito threat-detection platform in its security posture.

Read more