Summary
The risk of cyber-attacks on public infrastructure isn't slowing—it's growing. And fast. The fallout can be serious for utilities and customers. United Systems' IT experts lay out four proactive steps that are key to reducing your utility's cyber risk.
4 Cybersecurity Priorities for Utilities Protecting Critical Infrastructure
A declaration of emergency. City services offline. Utility payments disabled.
For cities and utilities, these are no longer worst-case hypotheticals. They’re reality.
February 2026: A Texas city lost access to its online credit/debit bill payment system after a ransomware attack targeted the city’s third-party vendor. The FBI and U.S. Secret Service forensic team were brought in to investigate.
March 2026: A ransomware attack sparked an emergency declaration from a San Francisco-area city. Nearly all municipal services had to be shut down.
The risk of these kinds of cyber-attacks on public infrastructure isn’t slowing—it’s growing. And fast.
U.S. utilities face aging infrastructure, scale, and fragmented regulatory structures, which contributed to a 70% higher chance of experiencing a cyber-attack in 2024 compared to 2023.
And this year, “cyber insecurity” ranked in the top 10 global risks by the World Economic Forum.
This comes amid the looming September expiration of the Cybersecurity Information Sharing Act (CISA). It encourages private entities to share information about cyber threats with the federal government.
So, not only is the risk of a cyber-attack greater, but there may soon be fewer resources available for utilities to stay ahead of them.
It’s not just the threat of a data breach that concerns IT experts.
In many cases, disruption is the point.
United Systems’ Network Services Manager, Corey Mason, and Chief Information Security Officer, Darren Duncan, say disruption can be just as damaging to infrastructure and reputation.
They stress that these four steps are key to reducing your cyber risk:
Separate critical systems from everything else. The computer managing water pumps should never share a network with staff email. In many utilities, one wrong click can provide a direct path to critical infrastructure.
Know what’s on your network and keep it current. Many utilities run more devices than they realize. Many aren’t updated regularly. Every connected device with outdated software is an unlocked door, and attackers are always scanning for crimes of opportunity.
Protect your backups and have a recovery plan. Ransomware attacks almost always go after backups first. If your only copies of critical data sit on the same network that was just compromised, recovery gets very costly, very quickly.
Lock down users and train staff. A convincing phishing email, a weak password, or one account without multi-factor authentication is often all it takes for a breach. Email filtering doesn’t catch everything. Your staff is the last line of defense. Train them to know what to look for.
Cyberattacks targeting utilities and municipalities are operational realities. Preparing your network, staff, and recovery plan before an incident occurs can make the difference between a contained disruption and a community-wide crisis.
Ready to reduce friction across operations?
Coordinate billing, payments, customer service, metering, work orders, and operational workflows through utility-focused technology and support services. Talk with our team to learn how United Systems supports utilities through technology, operational services, metering, customer service, and workflow management.