Protecting Your Energy Infrastructure in the Age of AI (IT/OT/ET) Workshop

For almost ten years, ransomware was the biggest threat in cybersecurity. Now, in 2026, the threat landscape has changed alongside the geopolitical climate.

Service disruption is the aim of multiple attacks, including, but not limited to, ransomware, wiperware, data-destruction malware, and denial-of-service attacks. Targeting power grids to destabilize countries is not novel. Some of the most well-known attacks on power grids include the attack by the Russian APT group targeting Ukraine’s power grid (2015) and, more recently, Poland's power grid in December 2025. The attack in Poland targeted the distributed edge of the grid: the RTUs and communication systems managing dozens of smaller generation sites, rather than the centralized control systems that were attacked in other incidents in Ukraine.

This shift reflects the changing nature of electric grids, as countries like Poland add more distributed renewable generation. While the attack did not result in power outages (if it had, about half a million users would have been affected), attackers gained access to operational technology systems critical to grid operations and disabled key equipment at the site, rendering it beyond repair. Unlike previous grid attacks that focused on centralized infrastructure, these distributed energy systems are more numerous, rely heavily on remote connectivity, often receive less cybersecurity investment, and present more opportunities for attack. Researchers found that the data-wiping malware used was DynoWiper.

What actions can we take? The main principle is security by design, whereby least-privilege access control is at the forefront, alongside network segmentation to create layered security. The fewer pathways to critical controls like the “red button,” the better, and the more difficult they are to access, the stronger your security. The goal is to design an environment that deters attackers by eliminating easy opportunities for compromise.

In this presentation, our Senior Cyber Security Experts will explore the types of attackers targeting power grids and the methods they use to conduct attacks, review case studies to understand how these incidents unfolded, and consider how to redesign environments to make service-disruption attacks significantly more difficult to execute.