The Magazine of American Municipal Power, Inc. and its Member Communities

Of Member Concern

The Importance of Cybersecurity

Jolene Thompson


The Importance of Cybersecurity

3 min read



October 2022

It’s no secret that our industry is changing. Shifts in customer engagement and expectations and the introduction of new technologies and new players are reshaping the grid.

What once was an insular, simple grid where energy was produced and delivered by the utility to the customer, is evolving quickly. Electric vehicles, smart city applications, connected devices and energy storage are just a few of the technological advances that are pushing our industry to evolve.

In many ways, these changes are making our industry more important than it has ever been. However, they have also made utilities a bigger target.

On Feb. 12, the Cybersecurity & Infrastructure Security Agency (CISA) issued an alert in response to the potential threat of Russian state actors. The alert warned that electric utilities would be at an increased risk of cyberattacks that could cause the disruption of essential services and potentially affect public wellness and safety.

While this alert may have been unsettling, it was not surprising. State-backed attacks like these have become more commonplace in recent years as electric service has become increasingly vital to modern life.

One such attack occurred in 2015 when Russian state actors were responsible for an attack on the electric grid in Ukraine. That cyberattack took a large transmission substation out of operation, cutting power to a section of Kyiv.

Following this attack, the U.S. government warned that American electric utilities may be targets of similar attacks should relations with Russia or a similar nation sour. As a result, many utilities began to search their systems for malware code that was associated with the attack. The Burlington Electric Department, a public power utility in Vermont, was among a number of utilities to discover the malicious code in their systems.

State-backed cyberattacks are not the only problem facing public power utilities. In February, CISA reported that ransomware attacks against electric utilities and municipal governments were on the rise. These attacks are usually financially motivated, rather than being state backed, and take advantage of the value that individuals and businesses place on maintaining electric service by interrupting them until a ransom is paid.

Not long after the CISA report, the Reading Municipal Light Department, a public power utility in Massachusetts, issued a news release announcing that it had been the target of a ransomware attack. The utility was forced to hire an outside IT consultant to purge the malicious software from their systems. The costs of this attack are not publicly available, but by looking at past examples, we can make an educated guess.

In September 2020, the Jersey City Municipal Utilities Authority (JCMUA), a public power utility in New Jersey, experienced a similar attack. Struck by malicious software that blocked access to vital water and sewage information, the JCMUA was forced to spend almost $500,000 to resolve the issue and improve security.

Burlington’s discovery of malicious code and the ransomware attacks on Reading and Jersey City serve as an example for why public power utilities must take cybersecurity seriously. Whether state-sponsored or financially motivated, cybercriminals see utilities of all shapes and sizes as prime targets. Utilities with a lower meter count are not spared.

The first step that any utility should take in increasing their cybersecurity is to push awareness among all employees. This includes educational sessions or webinars, as well as training opportunities to ensure that each employee follows proper protocol and can better identify threats. It only takes one person opening a malicious email to set an attack in motion, so it is important to implement these measures at all levels of the utility. Such efforts are priorities for AMP’s internal compliance efforts and part of our monthly cybersecurity updates to the AMP Board of Trustees.

In addition to training and awareness, it’s important to perform a comprehensive assessment of your current cybersecurity measures. What are your strengths and weaknesses, where do your security gaps lie and how can you improve?

For many utilities, a thorough assessment is the most difficult step, as you may not know where to begin or what to look for. That is why AMP has created a Cybersecurity Program.

AMP’s Cybersecurity Program offers an assessment that searches member systems for potential vulnerabilities and provides a list of possible actions that a utility can take to become more cybersecure. The assessment serves as a snapshot of the utility’s security posture and is a great starting point in preparing for the new threat landscape. The assessment uses several public power and industry tools to provide a thorough, consistent analysis that results in a roadmap for next steps and budget implications.

I’ve heard very positive feedback from the AMP members who have utilized this service offering to date.

If you have questions about how to improve your cybersecurity or train employees, or if you have interest in AMP’s Cybersecurity Program, please reach out to Branndon Kelley, AMP senior vice president of technology and chief information officer, at [email protected], or Jared Price, AMP vice president of information technology and chief technology officer, at [email protected].

The electric utility industry is changing, and good cybersecurity is more vital than it has ever been. We encourage all AMP members to assess their cybersecurity risk and consider measures to reduce the chances of a successful cyberattack.