The number of cyber intrusions and attacks targeting the electric sector is increasing from Activity Groups ( AG ), or threat groups , and from ransomware operations . In 2020 , Dragos identified three new AGs targeting the electric sector : TALONITE , KAMACITE , and STIBNITE .
Additionally , supply chain risks and ransomware attacks continue to enable intrusions and disruptive impacts on electric utility operations . Of the AGs that Dragos is actively tracking , two-thirds of the groups performing Industrial Control Systems ( ICS ) -specific targeting activities are focused on the electric sector .
Historically , adversaries have demonstrated the capabilities to significantly disrupt electric operations in large-scale cyber events through misuse of control systems , leveraging specialised malware and deep knowledge of targets ’ operations environments . ICStargeting adversaries continue to exhibit the interest and ability to target electric utility networks with activities that could provide prerequisites for facilitating future attacks . However , similar disruptive attacks have not been publicly observed in the Electric Utility industry since 2016 .
A power disruption event from a cyberattack can occur at various points in electric system operations such as control centres , dispatch centres , or within the generation , transmission , or distribution environments throughout an organisation ’ s service territory . Attacks on the electric power system – like attacks on other critical infrastructure sectors – can further an adversary ’ s political , economic , and national security goals . As adversaries and their sponsors invest more effort and money into obtaining disruptive capabilities , the risk of a disruptive or destructive attack on the electric utility industry significantly increases .
In many parts of the world the electric sector leads other industrial sectors in security investments . p