HomeEnergy and Utilities

Mind the utilities cybersecurity gap

Move from pieced together to peace of mind

Download the full reportDownload the infographic

As Industrial Internet of Things (IIoT) technologies enable increasingly intelligent automated equipment and processes, utilities run an increased risk of cyberattacks. Whether initiated by terrorists, cyber hackers or nation state actors, successful attacks can result in devastating consequences. Breaches of nuclear-based power plants and energy grids can affect the provision of energy, while cyberattacks on water facilities can lead to contamination or denial of drinking water. The risks to citizen safety, critical infrastructure and the environment are alarming. Fundamental IIoT cyber hygiene, augmented with automation and artificial intelligence (AI), is critical to continuity of operations and service delivery for utilities.

Today, utilities leverage IIoT technologies in collecting data to monitor assets, gain operational insights, and improve efficiency and safety. Yet, as IIoT expands, attempts to exploit and gain access to industrial control systems (ICS) networks will continue. The attack surface in an IIoT-enabled environment can range from high-value assets or services to critical workloads in the cloud. It also can include process control systems in cyber-physical systems and critical business, operational and consumer data. For example, the U.S. Department of Homeland Security (DHS) recently reported that the Dragonfly espionage group accessed Human Machine Interfaces (HMI) that control processes at several North American power generation utilities. While inside the system, the group copied configuration information and gained the potential to sabotage or take control of the facilities.

To better understand the state of IIoT security, the IBM Institute for Business Value (IBV) partnered with Oxford Economics to survey 700 executives from industrial and energy organizations in 18 countries, including 120 from utilities. At the time of the survey, all 700 organizations were implementing IIoT in their operations.

The research confirmed that utilities are early and extensive adopters of IIoT technologies. Respondents say their organizations primarily apply them for alarms, meter reading and real-time equipment monitoring, generating huge volumes of data that move across supervision and control networks.

However, utility executives are apprehensive about the security of their IIoT endpoints. Devices and sensors are cited by 24 percent of respondents as the most vulnerable parts of their IIoT deployments. Utility executives are also concerned that data on these devices and sensors, as well as on gateways, is not adequately protected. Twelve percent of utilities are concerned with the vulnerability of data in the cloud.

Bookmark this report  

Additional content

Meet the authors

Steven Dougherty

Connect with author:

, Energy, Environment and Utilities Business Development Executive, IBM Security

Lisa-Giane Fisher

Connect with author:

, Benchmarking Leader, Middle East and Africa, IBM Institute for Business Value

Mark Holt

Connect with author:

, Security Business Development Leader, IBM Global Energy, Environment and Utilities

Cristene Gonzalez-Wertz, Electronics Leader, IBM Institute for Business Value

You might also like

With systems stressing a power grid unprepared for new energy patterns, blockchain offers relief by making it more distributed.


A global energy transition is afoot, driving structural shifts in the industry, challenging leaders to adopt new strategic and operational imperatives.


Insights derived from data collected from connected devices are being used across industries to enhance productivity. But there are also risks.