Siemens-Poneman Study: Cyber attacks on power utilities are growing in numbers, complexity

The cybersecurity risks against critical power infrastructure seems to be worsening, as a new study indicates that 56 percent of respondents reported their companies suffered one or more shutdowns or loss of operational data per year.

The joint report by Siemens and the Poneman Institute assesses the growing threats as utility business models connect operational power generation and transmission and distribution assets to information technology (IT) systems. More than 1,700 utility professionals responsible for cybersecurity within their companies participated in the worldwide study.

Perhaps even more alarming than the statistic in the opening of this story, the study found that a quarter of respondents reported being impacted by mega attacks. These targeted operations are often aided with expertise from nation-state actors, like what Russian agents did to the Ukraine power grid attack of 2015.


“The utility industry has woken up to the industrial cyber threat and is taking important steps to shore up defenses,” said Leo Simonovich, Siemens VP & Global Head, Industrial Cyber & Digital Security. “We hope this report help utilities benchmark their readiness and leverage best practices to stay ahead of attackers.”
These attacks could cause millions, possibly billions of dollars in damage, as well as environmental and infrastructure damage, the report added. Nearly two-thirds of respondents say that sophisticated attacks are a top challenge, and more than half expect an attack in the next 12 months.

Results of the report, “Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?,” were revealed at a forum hosted by the Atlantic Council in Washington, D.C. It is the third collaboration by Siemens and the Poneman Institute.

“Increasing electrification across a range of sectors is a crucial piece in the decarbonization puzzle, but, as the Siemens and Ponemon Institute report documents, an increase in grid-connected infrastructure creates additional vulnerabilities to cyberattacks,” Randy Bell, director of the Atlantic Council Global Energy Center, said. “A devastating attack would not only harm the economy, but it could also slow down the rate of electrification. This report provides recommendations to help utilities better address these risks. Getting this right is not only important for the security of our electricity system, but also for achieving our climate goals.”

This remains a major challenge for many organizations across the industry, according to the report. Only 42 percent rated their cyber readiness as high, and only 31 percent rated readiness to respond to or contain a breach as high.

— — — — —

The Digital Transformation of the Power Plant and cybersecurity issues will be front and center in content sessions at POWERGEN International happening Nov. 19-21 in New Orleans. POWERGEN will feature numerous sessions on power plant cyber defense, including experts from Emerson, Rockwell Automation, Louisiana utility Cleco Corp., Mitsubishi Hitachi Power Systems and Taekion, among others.

Registration is open and power generator discounts are available.


  • Rod Walton is content director for Power Engineering, POWERGEN International and the online POWERGEN+ series. He is a 13-year veteran of covering the energy industry both as a newspaper journalist and trade publication editor. He can be reached at 918-831-9177 and

No posts to display