Security

How To Safeguard Connected Power Devices From Cyberthreats

The convergence of IT, operational technology and the Internet of Things makes it harder to protect power systems.

James Martin is a global connectivity product manager at Eaton. He has promoted Eaton’s software and connectivity solutions for more than 10 years and has built trusted technical adviser relationships with channel partners, field sales and sales operations.

Cybersecurity is an urgent priority for the energy and utilities industry in 2025. Cyberattacks on U.S. utilities surged by a staggering 70% in 2024, according to data from Check Point Research, underscoring the importance of implementing comprehensive, end-to-end cybersecurity measures to protect critical infrastructure.

Historically, power management has been overlooked in most cybersecurity strategies. However, the convergence of IT and operational technology (OT) and the rise of network-connected devices supporting IT systems, such as uninterruptible power supplies (UPSs) and rack-mount power distribution units (PDUs), has forced teams to protect power systems.

These devices are crucial for backup power during outages, and they are frequently integrated into network infrastructure and edge applications to enable remote monitoring and management. As utilities enact their cybersecurity strategies for 2025 and beyond, they should prioritize protecting connected power devices from potential threats. Here are some practical strategies.

LEARN MORE: Why IT, OT and IoT convergence is top of mind this year.

Why Power Systems Present New Cyber Challenges

With power management becoming engrained in network infrastructure, the Cybersecurity and Infrastructure Security Agency and the Department of Energy issued a public advisory stressing the importance of protecting connected UPSs and other emergency power systems. Their guidance urges organizations to adopt mitigation measures to protect these critical assets from cyberattacks.

Governing bodies such as Underwriters Laboratories and the International Electrotechnical Commission have taken steps to certify power devices for cybersecurity compliance. For utility IT managers, identifying UPSs and rack-mount PDUs with network management cards that meet UL 2900-1 and ISA/IEC 62443-4-2 standards is an effective starting point when strengthening security for power systems and mitigating potential vulnerabilities.

Click the banner below to secure your SCADA networks in an evolving threat landscape.

Tips To Safeguard Power Equipment

Beyond certifications, utilities can take a few key actions to secure their power management devices:

Implement practical cybersecurity measures: Foundational cybersecurity practices, such as using firewalls, encrypting information and conducting routine security assessments, should apply to power management devices, just as they do with other network-connected IT assets. A proactive routine for regularly updating software, establishing strong password policies and deploying endpoint protection is essential to safeguarding power management equipment.
Leverage advanced management tools: Network management cards enable IT teams to use a range of innovative cybersecurity functions, including implementing zero-trust architecture, automation and remote management. For large-scale deployments, zero-touch provisioning can also streamline the process of executing timely network updates—helping to reduce risks and improve uptime and operational performance.
Use power management software: Power management software, which is used primarily to monitor and manage power devices and gracefully shut down critical loads, can isolate secure networks physically from unsecured ones. This is an affordable air gap solution. Power management software integrates with Windows and popular virtualization systems to help IT teams monitor power infrastructures. IT leaders can also implement custom protocols to perform specific actions on a schedule, including UPSs, rack-mount PDUs and other power devices, which supports both cybersecurity and operational efficiency.
Try cryptographic signature checks: Utilities should look for solutions that require cryptographic signature checks, ensuring that only authenticated firmware updates are applied. Organizations can also partner with vendors that provide 24/7 monitoring across converged IT/OT environments. This adds extra protection and observability to critical infrastructure.
Deploy protective hardware: Teams can deploy protective hardware solutions, such as smart locks on IT racks that restrict access to authorized personnel only. This protects infrastructure from potential threats outside the cyber landscape. Utilities can also partner with technology partners like CDW who can advise on the best ways to strengthen the security of interconnected IT devices and operations. This added level of expertise and surveillance can deter future risks.

DIG DEEPER: Critical infrastructure companies can defend against growing cyberthreats.

Pushing for Future Cyber Resilience

Security threats are an ongoing challenge, so IT leaders need to work toward a cyber resilient posture where improving defenses is an always-on effort.

Utilities that fail to take these actions may suffer catastrophic losses. In 2024, water and wastewater plants in Texas were hit by cyberattacks. Hackers gained remote access to supervisory control and data acquisition (SCADA) systems, arbitrarily adjusting settings and controls. In Muleshoe, Texas, a water tank overflowed for 30-45 minutes before the situation was brought under control. Similar incidents have occurred in the past 12 months at major utility, energy and healthcare organizations. Each case serves as a reminder that great tools are available to help organizations protect their IT infrastructure. By adopting a comprehensive, end-to-end cybersecurity strategy, utilities can strengthen their defenses and adapt to an evolving IT landscape.

Click the banner below to learn how the energy and utilities industry is preparing for Industry 4.0.