Copyright © 2025 Telesto Strategy, LLC
All rights reserved
Cyber threats to energy infrastructure are no longer an abstract risk. They are direct threats to business continuity, revenue, and customer trust. With ransomware and state-sponsored attacks accelerating in 2025, decentralized grids and digital infrastructure have created a growing web of vulnerabilities. In the U.S. alone, the number of susceptible points to cyber-energy attacks increases by roughly 60 per day. If left unchecked, these disruptions can halt operations, trigger regulatory scrutiny, and draw investor attention.
Key takeaways
- Cyber-energy risks are existential, not theoretical. Large multinationals are only as resilient as their energy systems and must comply with federal reporting of material cyber incidents.
- Decentralization increases complexity. As grids digitize and diversify, points of failure multiply and expose operations to systemic risk.
- Weak spots are multiplying. In 2023, grid vulnerabilities grew to 23,000–24,000 (from 21,000–22,000 the year before).
- Business impact is real. About 3% of cyber-energy attacks caused operational outages and disruptions, raising regulatory and investor scrutiny.
What are cyber-energy attacks?
Cyber-energy attacks target both companies and the broader energy system – grids, pipelines, and critical infrastructure. Motivations range from financial extortion to espionage and geopolitical disruption. Ransomware aimed at industrial organizations surged through 2024 and 2025, while state-backed actors are embedding themselves in U.S. critical infrastructure to enable future disruption.
How is the electricity grid vulnerable?
- Three interconnected grids. The U.S. system comprises three major transmission networks (West, Texas, and East/Midwest), linked to parts of Canada and Mexico.
- Distribution systems at risk. Increasing remote access and IT/OT connectivity leave distribution networks more exposed.
- Geopolitical targeting. State actors, particularly from China and Russia, are increasing attacks, with threats intensified by conflicts such as Ukraine and Gaza.
Federal response measures
The U.S. has rolled out stronger cybersecurity protections for the grid, but risk remains high, especially in distribution systems. Recent steps include:
- Mandatory Reliability Standards (NERC CIP). The new FERC rule – CIP-015-1, July 2025 – requires utilities to monitor internal control networks.
- Supply chain risk controls. Stricter rules require utilities to vet vendors and equipment providers under NERC CIP rules.
- National Security Memorandum-22. The NSM-22 establishes CISA as the national coordinator for critical infrastructure security.
- DOE emergency authority. Under the FAST Act, DOE can issue emergency orders to protect the grid during major cyber incidents.
Business and project impact
Cyber-energy threats are hitting high-investment projects and everyday business operations:
- Colonial Pipeline. This ransomware attack forced a 5,500-mile refined products pipeline offline for six days, which triggered fuel shortages across the U.S. Southeast and emergency regulatory measures. Colonial paid a $4.4M ransom; the Department of Justice (DOJ) recovered $2.3M of the ransom
- Canada retail fuels. Suncor Energy experienced a cyberattack that disrupted Petro-Canada’s payment and loyalty systems, which left stations temporarily cash-only and affected supplier payments
- Norwegian hydropower dam. Pro-Russian hackers remotely opened a valve for ~4 hours (500 liters/second), which altered flows. Police and security services publicly attributed the attack
- ENGlobal Corporation. Experienced a ransomware attack in November 2024 that disrupted its systems for ~6 weeks and limited its operations to essential functions. As it provides services to the energy industry and U.S. government, hackers may have been interested in disrupting infrastructure, infiltrating U.S. government systems and infrastructure
- PPL Electric Utilities. In a February 2025 disclosure, PPL Electric Utilities confirmed that basic customer data was exposed in a data breach involving a third-party vendor that was originally affected in June 2023. The data was eventually published online by a Russian ransomware group in December 2024; critical infrastructure, however, was not affected
Actions management teams should take
- Quantify business exposure. Calculate direct and indirect financial risks tied to energy-grid cyber incidents.
- Own the expertise. Ensure CIO, CSO, and CFO responsibilities explicitly cover cyber-energy risk. Bring in specialized advisors where needed.
- Define escalation protocols. Establish when incidents must be raised to the executive team.
- Harden operations. Test backup power, generator contracts, and islanding procedures at data centers, plants, and other critical facilities.
- Design redundancies. Build backup energy supply strategies and time-to-recovery metrics for IT and OT systems.
- Demand supplier assurance. Hold energy providers and critical vendors to the same cybersecurity standards.
Executive questions to address
- What is our quantified exposure to cyber-energy disruptions, and what are the cascading impacts?
- Which of our energy-dependent operations are mission-critical, and how well are they protected?
- How are we integrating DOE, DHS/CISA, FERC, and NERC threat assessments into our risk planning?
- Do we have real-time visibility into intrusions at critical sites and across our suppliers?
- How are we ensuring compliance with evolving U.S. and EU regulations?
- Who on the executive team owns this risk and how is accountability linked across IT, finance, operations, and strategy?
Additional Telesto resources
- Management briefing: Litigation risks are rising and management is increasingly in the spotlight
- Atlas equips your organization’s corporate directors and leaders with the insights and knowledge necessary to stay up to date, mitigate risks, and seize business opportunities associated with sustainability, climate, and ESG
- Odyssey is a fully customizable, AI- and Machine Learning-driven platform which allows your organization to generate operating cost savings and improve capex planning in your sustainability journey.
- Recently released by Telesto Strategy’s CEO & Founder, Alex Kruzel, The Courage to Continue: Stay the Course on Sustainability to Secure our Future, explores the connection between corporate priorities and President Trump’s national security agenda
Partner with Telesto to assess your company’s exposure, harden your most critical operations, and build resilience into the systems your business cannot afford to lose.
