We are seeing a sharp rise in the number of attacks on critical national infrastructure, especially utility organisations, across the globe. They have traditionally made easy targets as cybersecurity is generally not their key focus.
Their use of industrial control systems (ICS) that often use legacy operating systems that are hard to patch leaves them highly vulnerable.
Governments needs to do more from a regulatory standpoint as these organisations have massive physical infrastructure investment requirements that they can't ignore.
Spending money on upgrading power systems supplying hospitals is an easier choice, than spending money on cybersecurity where they know an incident will happen but not when.
Most governments have failed to do enough to address the likelihood of widespread power failures, caused by a cyber attacks. The good news is we are seeing a big shift in the utility industry from protection (gates, guards and guns) to more rapid cybersecurity threat detection and response.
Symantec has claimed that Russian-linked hackers have targeted and successfully penetrated power grid networks in the US and Europe. The attacks bear the hallmarks of a hacking group that Symantec calls Dragonfly, which the company believes is a front for a state-led hacking operation. The company implied - but didn't explicitly state - that Dragonfly is connected with Russia.