Illustrated art by Jeremiah Karpuchs via Canva
By Victor Atkins and Adam Spirit, presented by the Utility Broadband Alliance (UBBA)
Utilities in 2025 face an environment where sophisticated state-sponsored and criminal threat actors infiltrate the digital shadows. The increasingly global nature of cyber warfare and direct attacks on critical infrastructure reinforce the importance of making cybersecurity an imperative priority at the organizational level. However, for many utilities, cybersecurity remains a top priority within the IT and OT departments that manage these associated networks, an approach that fails to take into account the evolving complexity of the grid with potentially disastrous consequences.
As the risk landscape continues to evolve and change, utilities must evolve their organizational priorities to protect critical infrastructure in a volatile and highly uncertain environment.
A global threat landscape
The war in Ukraine offers a sobering reminder that modern warfare has been fought outside the battlefield as threat actors set their targets on critical network infrastructure. Hours before its renewed attack in 2022, Russia planned a series of cyberattacks to disrupt Ukraine’s satellite communications. Its effects spread across the wider region, disrupting satellite services in the European Union and affecting 5,800 wind turbines in Germany.
The global nature of cyber warfare has immediate implications for utility in North America. As high-ranking officials have signaled their intention to be ready to take Taiwan by 2027, military networks and civilian infrastructure could be prime targets in any conflict. Intelligence agencies have confirmed that Chinese state-sponsored actors have compromised critical areas of US infrastructure, and are in a position to launch devastating cyberattacks in the event of a major crisis or conflict involving the US.
These geopolitical tensions are complemented by an increasingly domestic threat landscape where malicious actors take aim at both public and private institutions, including utilities. Supply chain risks, for example, include hidden foreign-owned vendors becoming more involved in local contracts. Insider threats also exist as employees are recruited, or bribed, on dark web forums to sell access to the network.
The Northeast faces distinct challenges, including transportation power, aging infrastructure, renewable integration, grid modernization, and increasingly severe weather. DeTech Northeast will bring together leading stakeholders to address these issues, offering insights into innovative technologies and strategies to ensure reliability, sustainability and customer satisfaction. Join us in Boston, Massachusetts, November 17-19, 2025!
The potential impact of a cyberattack on utility infrastructure could be devastating for countless numbers of Americans. Hospitals may lose electricity mid-surgery. Water treatment plants may be closed. Even financial institutions and grocery stores can be paralyzed, creating a failure of skirmishes that spills far beyond the initial point of attack. Suddenly, scenarios many consider only the plots of Hollywood thrillers are becoming a real and pressing threat.
An organization-wide priority
To protect critical infrastructure, utilities must make cybersecurity an organization-wide and top-down priority. Limiting the responsibility for cyber protection, for example, to only Internet-facing assets in the IT department ignores potential threats in the broader ecosystem of wireless, microwave, satellite, and cloud-based communications.
Consider the ongoing integration of distributed energy resources (DERs) into the grid. Utilities continue to bring in renewable energy, battery energy storage and other resources, which are managed by communications networks and create potential vulnerability points with each new resource added. Both of these resources, as well as the network required to manage them, must be secured to further elevate cybersecurity to an operational priority.
Private broadband communications has emerged as a key component in grid modernization efforts, enabling rapid coordination of DER and other grid resources while helping to increase overall resilience. Beyond that, however, private LTE (PLTE) can be an essential tool in the cybersecurity toolkit, a Utility must be strongly considered amid the evolving risk environment.
The advantage of PLTE is that it comes with built-in cybersecurity capabilities, starting with giving utilities full ownership of the network. Because utilities own and design these networks, they can embed utility-grade reliability and sophisticated security controls from the ground up while responding quickly to potential threats. The high-speed nature of these networks allows operators to detect anomalies, locate nearby traffic “black holes” and enforce policies around segments, roaming and third-party access.
PLTE is not just a communication platform – it can be a cybersecurity asset that reinforces resilience in the grid.
How to Remediate Cybersecurity Issues
As networks become more complex, utilities must recognize cybersecurity as a primary business risk. The staggering costs of cybercrime in the U.S. and the global stakes. An effective strategy requires embedding cybersecurity into the organizational DNA, with board-level accountability, CEO priority and clearly defined roles across all business units.
Funding cybersecurity efforts can be a constant challenge. Cyber defense budgets, often treated as operating expenses, are under constant pressure to shrink. Unlike new products or services, cybersecurity doesn’t generate revenue — it keeps it safe. This fact can make it difficult to demonstrate a business case.
Cybersecurity can be seen as essential to continuity, risk management and brand reputation to help shift the conversation from “cost” to “strategic necessity”. For utilities, resilience is not optional – it’s the difference between protecting critical services and leaving communities vulnerable in moments of crisis.
Beyond investing in PLTE, utilities can take a number of practical steps to strengthen cybersecurity and improve network visibility. Best practices include:
- Strengthen hygiene: Patch systems, prevent common threats and monitor known vulnerabilities.
- Establish baselines: Ensure proper detection and train crews to respond to anomalies such as “staying off the ground” using legitimate tools such as PowerShell.
- Check out the vendors: Investigate the vendor’s practices thoroughly – contracts do not transfer accountability.
- Test Flexibility: Conduct regular exercises for business continuity and disaster recovery, simulating the loss of both IT and OT systems.
- Invest in people: Avoid skill stagnation with ongoing training, conferences and cross-functional exercises.
Using national standards, such as the National Institute of Standards and Technology’s Cybersecurity Framework, also allows utilities to build security strategies and evaluate programs. Leading utilities are treating zero-trust and micro-class architectures, stress-testing continuity plans and vendor risk as a shared responsibility.
Perhaps most importantly, utilities must create a culture of cyber resilience. Investments in training and professional development can keep staff agile while cross-functional exercises prepare teams for a crisis. The goal of equipping employees to respond to threats is not to instill fear, but instead to instill a healthy respect for cybersecurity as a foundation for business resilience.
A way forward
Today’s heightened threat environment is such that adversaries are constantly probing utility systems and infrastructure for threats like ants finding their way into a pantry. Yet utility is not powerless. By embedding cybersecurity in both culture and strategy and investing in communications that give them greater control over connected assets, utilities can equip their leaders and employees to counter today’s attacks and prepare for tomorrow’s uncertainties.
After all, cybersecurity in utilities is about more than protecting infrastructure—it’s about defending communities, economies, and lives.
About the authors
Adam Spratt
Adam Spratt is the manager of cybersecurity at Southern Company and the team lead for the cybersecurity program at Southern Communications. He has spent 15 years in technology security and the last 10 years securing Southern Company’s telecommunications networks. He earned his Certified Information Systems Security Professional Degree as well as a Bachelor of Science degree in Cybersecurity and Information Assurance from Western Governors University.
Victor Atkins
As Director of Critical Infrastructure Security Consulting, Victor Atkins is responsible for delivering cybersecurity solutions and services tailored to 1898 & Company’s infrastructure sectors with executive-level clients. He led and managed cyber intelligence missions for the US Department of Energy’s Office of Intelligence and Countermeasures and directed implementation programs at Department of Energy National Laboratories to discover and characterize sophisticated foreign cyber threats that have the potential to disrupt energy sector operations. Additionally, he served on the Central Intelligence Agency and the White House’s National Security Council, focusing on both nuclear terrorism and nuclear proliferation control. He was named one of nine inaugural non-resident senior fellows within the Atlantic Council’s Indo-Pacific Security Initiative, which works with U.S. allies and partner governments to develop programs and policies to address security challenges in the region while exploring opportunities for mutual cooperation.
