Keon McEwen is head of solutions development, industrial cybersecurity, for Black & Veatch.
When Spain and Portugal lost power for 12 hours last April, the first response was to rule out a cyberattack.
This response speaks volumes to where we stand on grid security when power outages automatically raise suspicions about potential cyberattack involvement. The concerns make sense when considering that the pre-digital grid era of isolated, air-gapped control systems no longer exists. Distributed energy resources now number in the thousands — everything from solar panels to smart inverters, with each one presenting a potential entry point for attackers.
The Black & Veatch 2025 Electric Report offers a revealing look at how utilities view the current threat landscape which features security challenges also faced by many other industries. Indeed, malware tops the list of concerns at 41%, with cloud vulnerabilities close behind at 38% and ransomware at 37%.
The grid is unique in that many of the most dangerous attacks remain undetectable to the human eye. For example, it’s tough to distinguish between normal maintenance activities and cyberattacks that trigger motor failures. Similarly, a power surge could result from aging equipment or from intentional interference. And without greater visibility into utility system operations, operators won’t detect attacks until their systems reach critical failure points.
Yet control room operators still must detect digital intrusions while diagnosing mechanical failures — even with limited visibility into what's actually happening. Engineers focused on power flows must monitor data flows, and when equipment behaves abnormally, someone must determine if it's wear or warfare.
The utility sector isn’t unaware of its security weaknesses. Nearly one-third of the respondents ranked monitoring and response as a top cybersecurity priority, trailing only training and access management. But the challenge isn't just technical. It's also operational.
Traditional security assumed a utility could secure perimeters and trust everything inside. Modern grids have no meaningful perimeter and all those distributed energy resources, remote sensors and mobile devices, unfortunately, also present ripe targets.
Risk-based security reality
Smart grid security means protecting what matters most. Utilities need maximum protection for their crown jewels, such as generation assets, turbine controllers and core distribution systems. Everything else must get managed through access controls and monitoring to handle a utility’s extensive number of smaller devices.
The Black & Veatch report shows a gap between security measures and actual needs. About 37% of respondents believe they could bounce back from an operational technology attack in a day. Yet only half say their spending decisions come from formal risk assessments, leaving a gap between confidence and preparation.
New regulations may push utilities to step up their monitoring and adopt more structured risk practices, but they only set the minimum compliance requirements. Real security comes about when cybersecurity is woven into daily operations and gets treated as part of the job.
People trump patches
All the sophisticated monitoring systems in the world won't help if the human element fails. Technology security depends on security-aware operators who proactively safeguard systems. Using strong credentials, managing access responsibly and staying alert to threats relies on a coordinated team approach. According to the report, training now sits at the top of utility security priorities, with 40% of respondents pointing to workforce readiness as the area that matters most.
The operational teams that manage hardware and uptime need to develop skills in network and device logging, compliance documentation and threat assessment. Security protocols require constant enforcement regardless of equipment breakdowns or reduced maintenance intervals.
Executive leaders from the C-suite need to ensure that these practices become standard operating procedures. If the organization’s senior managers still view cybersecurity as a compliance checkbox rather than an operational strategy, poor cyber practices could mean successful cyber incidents.
The real problem in the org chart
Attackers don't distinguish between physical and digital vulnerabilities, but utility defenses still do. From experience, utilities have a better chance against attackers when their operations, IT and engineering teams work closely as a unified front.
More often, however, physical security and cybersecurity teams operate separately, using different tools and protocols. What’s more, they may also lack constant communication, making it that much harder to collaborate when adversaries strike.
The numbers prove this disconnect: 34% of respondents surveyed haven't integrated physical and cybersecurity planning and only 22% use unified teams.
Scale accelerates everything
Grid modernization accelerates every challenge. The Black & Veatch report shows utilities moving from managing thousands of devices to potentially millions — each one a vulnerability. More connected devices mean more automation, more complexity and more attack propagation pathways. The threat landscape will intensify with more renewables, AI systems and connected devices. Utilities can't avoid this complexity.
The question becomes whether utilities can build organizational capabilities to manage it securely. When it comes to expertise, respondents were split on their reaction: 40% have used outside specialists for OT security, while about one-third rely only on internal staff. As attack surfaces expand and threats evolve, this strategic choice becomes critical. You either build deep internal expertise or partner with organizations that have it.
What actually works
Success comes from building awareness across both physical and digital operations, training teams to understand how grid systems and cyber threats intersect and how to respond when monitoring systems spot something unusual.
No single department can manage cybersecurity for an entire utility. Grid security must become everyone’s responsibility, because no one person can or should carry the burden.
This much is beyond doubt: the grid is becoming more digital, more vulnerable and more distributed every day. Utilities that build integrated defenses will keep the grid running safely. The rest will end up explaining failures to regulators.
