Unified Cyber-Physical Grid Security Is Now a Must TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityAI Developed Code: 5 Critical Security Checkpoints for Human OversightAI Developed Code: 5 Critical Security Checkpoints for Human OversightbyMatias MadouNov 3, 20254 Min ReadCyber RiskZombie Projects Rise Again to Undermine SecurityZombie Projects Rise Again to Undermine SecuritybyRobert Lemos, Contributing WriterOct 30, 20257 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsLibraryNewslettersPodcastsReportsVideosWebinarsWhite papers Partner PerspectivesSEE ALLCybersecurity OperationsPhysical SecurityCyber RiskICS/OT SecurityNewsLet's Get Physical: A New Convergence for Electrical Grid SecurityLet's Get Physical: A New Convergence for Electrical Grid SecurityLet's Get Physical: A New Convergence for Electrical Grid SecurityThe power grid is being attacked online and IRL. Increasingly, regulators and industry experts agree: Security teams need to focus on both cyber and physical threats, together.Nate Nelson, Contributing WriterNovember 3, 20256 Min ReadSource: David Mabe via Alamy Stock PhotoUS energy industry regulators and analysts are increasingly repeating the same message: Grid operators need to unify their cybersecurity and physical security strategies.Power plants and transmission/distribution system operators (TSOs and DSOs) have long focused on maintaining uptime and enhancing the resilience of their services; keeping the lights on is always the goal. That's especially true as the past few years have seen the rise of OT/OT convergence, wherein formerly siloed equipment that runs physical processes for critical infrastructure (operational technology, or OT) has been hooked up to the IT network and the Internet in some cases, exposing it to more cyberthreats. Now, another type of convergence been forcing a new conversation.On one hand, cyber threat actors increasingly look to cause actual operational disruption in the field. It's awkward, as "operations teams that once focused solely on hardware and uptime are now being asked to scan logs, document evidence of compliance and assess threats," analysts from Black & Veatch wrote in an industry report published today. In a survey, they found that grid operators expressed equal worry over ransomware, miscellaneous malware, and cloud vulnerabilities.And growing nearly as fast as cyber threats is a strange trend toward physical attacks on grid infrastructure. Since 2020, plants and system operators have suffered hundreds of incidents, ranging from random shootings to intrusions and vandalism, the Black & Veatch report pointed out.Related:US Stands Out in Refusal to Sign UN Cybercrime TreatyIn this new world, both industry regulators and analysts, like those at Black & Veatch, are arguing the same point: that where once keeping the lights on might have just meant maintaining equipment and avoiding fallen trees, today's grid operators need a robust, integrated physical and cybersecurity strategy to maintain continuous service.A "Juice"-y Target: Rising Threats to the US Power GridLast year, Check Point Research (CPR) tracked the rate of change in weekly cyberattacks in different US industries. It found that threats to retailers were way down, along with those against Internet and managed service providers (ISPs and MSPs). Communications and health care attacks remained steady. The sector with the single greatest rise in weekly attacks, by no small margin, was utilities — up 69%, from an average of 689 attacks per week in H1 2023 to 1,162 in H1 2024.In the same vein, last January Trustwave researchers found that ransomware attacks against global energy and utilities organizations rose 80% year over year (YoY), with nearly half of all attacks affecting the US. Related:Data Security Posture Management — What Does 'Best in Class' Look Like?On the physical attack front, in February 2023, the Electricity Information Sharing and Analysis Center (E-ISAC) disclosed that physical attacks on the power grid had risen a full 71% in 2022 (and 20% over 2020 numbers). Between 2020 and 2022, 4,493 incidents were reported to authorities. Some portion of those 4,500 cases involved petty theft of machine parts and copper, but a significant number were violent, featuring politically and racially motivated attacks.As if to underscore the point, that same month E-ISAC shared its data, two neo-Nazis were indicted for plotting to attack five substations in Maryland and Pennsylvania. The goal — as in many similar cases — was to bring darkness to the city of Baltimore, which the conspirators hoped would "completely destroy this whole city," as reported in court documents. Black & Veatch reports that substation attacks in general rose 50% that year.Ian Bramson, vice president of global industrial cybersecurity for Black & Veatch, attributes the rising threats on grid infrastructure — both cyber and physical — to "a convergence of factors."He hypothesizes that "while the grid has always been a target, the frequency and sophistication of attacks on critical infrastructure have escalated since the Colonial Pipeline incident in 2021. That attack demonstrated to a wide range of threat actors the global impact they could achieve by disrupting essential services, sparking increased interest and activity in targeting the grid."Related:From Power Users to Protective Stewards: How to Tune Security Training for Specialized EmployeesHe adds, "This momentum has only grown amid ongoing global conflicts, which have further amplified both the motivations and capabilities of adversaries. Mix in grid modernization, digitalization, and remote operation efforts that expand the attack surface, and you have the right combination of motivation and opportunity to perpetuate the frequency and severity of attacks." He notes that he expects these trends to continue into 2026.IT-OT-Physical Convergence in Today's Critical InfrastructureIn the face of rising kinetic and Internet attacks, Black & Veatch asked grid operators to what extent they integrate physical and cybersecurity measures and teams. A third of participants didn't know the answer. The rest were split roughly evenly: some used a single team to manage and monitor both physical and cyber threats, some used specialized teams for each, and some used different teams but still managed them under a single incident response strategy.The report authors took issue with these results. They wrote that the third who didn't know whether their cyber and physical security operations overlapped or not "don’t fully understand how physical and cyber risks intersect," and that the respondents who don't totally integrate physical and cyber are facing "a dangerous gap."Bramson tells Dark Reading that "the gap comes from having more than one team owning cybersecurity, and the potential opportunity for assumptions of 'the other side' covering some aspect of the system." IT and OT might involve different machinery, but ever since cyber-physical attacks rose to prominence in the late 2000s and 2010s, the considerations of each have affected both.For instance, an IT operation might primarily concern itself with firewalls, or network monitoring; but "in many cases, cyberattacks can often involve physical access to sites, whether by malicious insiders or unwitting employees and contractors. Understanding who is present on-site, when and why, is critical to investigating and mitigating attacks on operations," Bramson explains.The same point is increasingly being echoed across the industry. Last year, when the Department of Energy announced $45 million of funding for energy sector security, it chose to distribute a chunk of that money to a research project focused on preventing cyber-physical threats to distributed energy resources (DER) using zero-trust authentication. The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standard 003‑11 (CIP‑003‑11) states in repeated, clear terms that bulk energy systems (BES) must incorporate both cyber and physical security controls into their cybersecurity plans. And in June, when the Federal Energy Regulatory Commission (FERC) approved CIP-015-1 — a standard expressly focused on cybersecurity monitoring — it nonetheless directed NERC to modify the document "to extend internal network security monitoring to include" physical controls.As IT and OT grow closer together, Bramson says, there will be clear organizational upsides to unifying threat strategies to sweeten the pot. Those upsides will vary depending on the organization, but importantly, he concludes that "each team also brings a level of institutional knowledge that benefits the other, expanding the eyes on the security, both cyber and physical, of the organization as a whole."About the AuthorNate Nelson, Contributing WriterNate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."See more from Nate Nelson, Contributing WriterMore InsightsIndustry ReportsIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025Miercom Test Results: PA-5450 Firewall WinsSecurity Without Compromise Better security, higher performance and lower TCOThe Total Economic Impact™ Of Palo Alto Networks NextGeneration FirewallsAccess More ResearchWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeEditor's ChoiceCybersecurity OperationsElectronic Warfare Puts Commercial GPS Users on NoticeElectronic Warfare Puts Commercial GPS Users on NoticebyRobert Lemos, Contributing WriterOct 21, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeNov 13, 2025During this event, we'll examine the most prolific threat actors in cybercrime and cyber espionage, and how they target and infiltrate their victims.Secure Your SeatWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterTues, Nov 18, 2025 at 1pm ESTSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideThe AI Security GuideTop 10 Identity-Centric Security Risks of Autonomous AI AgentsExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The convergence of cyber and physical security is no longer a future consideration; it’s a present-day imperative for critical infrastructure operators. As detailed by TechTarget and Informa Tech’s Digital Business Combine, the escalating threat landscape demands a unified strategy, particularly for sectors like the power grid. Historically, grid operators have focused on maintaining uptime and resilience, but the rise of Operational Technology (OT) convergence – the linking of OT systems with IT networks and the internet – has dramatically increased the attack surface. This, coupled with rising instances of both cyber and physical attacks, is forcing a fundamental shift in security thinking.

A key finding from Black & Veatch’s research underscores this urgency. Operators are grappling with a surge in attacks, with utilities experiencing a staggering 69% rise in weekly cyberattacks between H1 2023 and H1 2024, compared to 689 attacks in the earlier period. Simultaneously, physical attacks on the grid have risen sharply, with 4,493 reported incidents between 2020 and 2022, including acts of vandalism, theft of equipment, and, alarmingly, politically motivated attacks as evidenced by indictments of neo-Nazis targeting Baltimore.

The driving force behind this convergence isn’t just the increased vulnerability brought by OT-IT integration, but also the expanded reach and capabilities of threat actors. Following the Colonial Pipeline incident in 2021, which demonstrated the potential for disruption across critical services, malicious actors gained experience and motivation to target infrastructure. Ongoing global conflicts further amplify this risk, making the grid a strategic target for state-sponsored actors.

Analysis reveals a critical gap in many organizations’ security approaches. A significant portion of grid operators (approximately one-third) lack a clear understanding of how cyber and physical threats intersect. Furthermore, a divided approach – with separate teams managing cybersecurity and physical security – creates “dangerous gaps” as highlighted by Black & Veatch. This fragmentation hinders the ability to effectively investigate and mitigate attacks, blurring the lines between traditional cybersecurity protocols and physical security measures.

The Department of Energy’s recent $45 million investment in DER cybersecurity, focused on preventing cyber-physical threats, and the NERC CIP-003-11 standard emphasizing the integration of both cyber and physical controls, reinforces the need for a holistic strategy. The Federal Energy Regulatory Commission’s (FERC) approval of CIP-015-1 – directing NERC to extend internal network security monitoring to include physical controls – further solidifies this requirement.

Ultimately, the trend toward IT-OT-Physical Convergence is likely to continue, as organizations increasingly recognize that separating cybersecurity from physical security is no longer a viable option. Successful grid operators will be those that embrace a unified approach – learning from each other—and leverage combined institutional knowledge to enhance the overall security posture, mitigating the escalating threats to critical infrastructure.