Empowering Critical Infrastructure Resilience

Reliable access to fresh water and adequate electricity is a critical component of daily life in the United States (US) and United Kingdom (UK). As recent outages — driven by environmental catastrophes, human error, or cyberattacks — have shown, even short disruptions to these services have the potential for social and economic harm.

Ransomware groups and nation-states such as China, Russia, Iran, and North Korea — all known to be advanced persistent threat actors — are well aware of this fact. The question is not whether critical utility infrastructure in the US and UK poses a cyberattack target. The question is: How prepared are utility operators to detect, respond to, and recover from cyberattacks?

To gauge the answer, Semperis conducted a survey of information technology (IT) and security professionals at 350 water, water treatment, and electricity operators in the US and UK. This report reveals crucial lessons for any publicly or privately operated utility supporting critical national infrastructure.