7 Cybersecurity Threats to Australia’s Energy Sector in 2025

From two-way smart grids to AI-powered predictive analytics, digital transformation is making Australia’s energy sector more efficient, responsive, and sustainable.

But this interconnectivity also creates a wider attack surface for sophisticated cyber attacks. As such, the risk of disruptions is rising as hostile actors look to target the IT and operational technology (OT) systems that support our grids, turbines and substations.

In 2024, one in 10 cybersecurity incidents involved critical public infrastructure, such as government systems and essential utilities. As such, state authorities and energy providers are under pressure to keep digital and physical systems safe from emerging threats.

In this article, we’ll explore seven key energy sector cybersecurity threats, why they matter, and the cybersecurity practices energy companies can put in place to defend against them.

Let’s start with the obvious: Australia’s energy sector isn’t facing the same threats it was five years ago. Rapid digitalisation and sophisticated cyber threats have created a more complex and dangerous security environment. Here’s why everything is changing:

• Digitalisation - Previously, providers only needed to secure centralised control rooms and isolated OT systems. Today, they have to protect enormous networks of interconnected IT. This gives new entry points to attackers.
• New threats - Nation-state bad actors are viewing energy networks as increasingly lucrative targets, leading to swarms of new attacks that aim to disrupt operations and threaten national security.
• Attack sophistication - To make matters worse, bad actors are deploying increasingly sophisticated tactics, including AI-powered malware and multi-stage attacks, to disrupt services and steal sensitive data.
• Interconnectivity - Internet of Things (IoT) and OT devices like sensors and smart meters that interconnect with critical energy infrastructure often have minimal energy security controls, creating vulnerabilities that attackers can exploit.
• Third-party reliance - Energy companies are growing increasingly reliant on outsourced systems such as cloud platforms. This offers scalability and reliability. But choosing the wrong supplier without solid security controls can also introduce vulnerabilities.

With these threats in mind, the recent Australian Energy Sector Cyber Security Framework (AESCF) aims to provide a roadmap for energy providers to assess cyber security maturity and strengthen resilience against cyber risks.

So, what are the critical cybersecurity risks facing Australia’s energy sector? Here are the seven key threats that are most prevalent today:

1. Ransomware attacks on IT and OT systems
2. Phishing attacks targeting energy workers
3. Cyber risks in the energy supply chain
4. Insider threats in critical infrastructure
5. Outdated systems exposing the grid
6. DDoS attacks
7. Cloud and AI model poisoning

In the following sections, we’ll explore each of these trends in detail and explain what energy providers need to do to fight back.

Ransomware has transformed from a corporate concern into a serious threat to critical infrastructure. In 2021, for instance, CS Energy was hit by a significant ransomware attack, resulting in stolen data, disrupted internal systems, and impacted customer services.

Why is this problem growing in severity? In part, it’s because IT and OT systems no longer work in isolation. Everything is connected, meaning a single compromised IT system (through outdated software or even a stolen password) can enable attackers to move laterally into OT systems that control everything from turbines to grid distribution.

Ransomware threats are also becoming more strategic, with sophisticated groups working together to disable backups, lurk inside networks, and target critical systems first. This ensures that, by the time the ransomware is actually detected, it’s too late.

Start by separating core systems and IT devices through firewalls, one-way gateways, and zero-trust principles at every stage. This will ensure that, even if a bad actor compromises one device, they can’t use this to pivot into OT systems.

Aside from this, entities need to take a proactive approach to their security measures by:

• Creating regular backups in an immutable environment to enable disaster recovery.
• Deploying secure endpoint protection to detect and prevent threats on devices.
• Investing in staff training to help staff identify suspicious links and files.

In addition, artificial intelligence (AI) is also proving invaluable when it comes to cybersecurity in the energy industry. Tools like Agentforce offer real-time monitoring, identifying anomalies across networks to prevent ransomware before it locks down core systems.

Phishing attacks are also becoming increasingly sophisticated. Gone are the days of poorly-worded emails sent from suspicious email addresses.

Nowadays, AI can craft highly-personalised, context-aware emails at scale, mimicking writing styles to make messages appear more legitimate. Energy sector workers are particularly vulnerable as they often have access to the critical systems that control national infrastructure.

A quarter of the incidents involving critical infrastructure last year were the result of phishing. The problem is so severe that the ASIO recently reported that cybersecurity incidents related to espionage cost the electricity, gas, water, and waste sectors a combined total of $75.6 million in 2023-24.

Protecting energy workers from phishing starts with strong technological guardrails and employee awareness. From a technical standpoint, entities need to implement safeguards like:

• Multi-factor authentication (MFA) to add an extra layer of security to logins.
• Login monitoring to detect behaviour that could signal a compromised account.

Solutions like Salesforce Event Monitoring can help with this by monitoring and providing insights into user activity. This gives security teams the power to detect unusual patterns and fix threats before they escalate.

Aside from this, staff training is essential. Run regular phishing simulations and training workshops to help teams recognise and report suspicious emails. Phishing always begins with individuals, so it’s essential your staff have the right mindset to detect issues early.

Australia’s energy supply chain is becoming increasingly reliant on external smart devices like inverters. While these solutions are essential for supporting renewable energy integration, they also introduce new vulnerabilities that attackers can exploit.

To tackle this problem, the Australian Energy Market Operator (AEMO) has introduced new powers to better manage and mitigate threats from inverter devices. However, energy providers must also take their own initiative to guard against this problem.

This risk begins and ends with supply chain management. Organisations need to thoroughly vet any potential vendor they engage with to ensure the products they’re purchasing are secure and reliable.

Once the devices are in place, it’s important to monitor firmware to check for vulnerabilities, enforce strict zero-trust policies to limit device permissions, and design and update risk management plans to address supply chain risks.

With Salesforce Shield 2.0, energy companies can set up detailed monitoring to control third-party access. This ensures that every connection in the network is visible, trackable, and secure at all times.

In 2024, 83% of organisations reported at least one insider attack, and the energy sector is no exception to this trend. The shift to hybrid work models and collaborative working, combined with the sensitive nature of energy infrastructure, creates a perfect storm for insider risks.

This isn’t just about malicious threats, either. As per the ASD, 32% of all critical infrastructure incidents in 2023-24 happened because of a compromised account or credentials. One suspicious link or misplaced password can be all it takes for a data breach to occur.

Protecting against insider threats starts with strong data security protocols, such as access controls and user permissions. Staff should only have access to the minimum number of energy systems that they need to fulfil their role, limiting opportunities for an attack.

Of course, this won’t protect against all threats, especially from users with privileged permissions. As such, organisations should also:

• Use behavioural analytics tools to detect unusual activity that could indicate a problem.
• Implement DLP controls to stop sensitive information from leaving the organisation.
• Conduct regular staff training workshops to work toward a security-conscious culture.

Again, Salesforce Shield 2.0 combined with Event Monitoring can help with this by providing detailed user activity insights, giving entities the tools to find anomalies and respond quickly to risks.

Many of Australia's industrial control systems (ICS) were designed decades ago, well before advanced cyber threats were on the radar. These legacy systems lack modern security protections like encryption and MFA, making them a prime target for attackers.

And once an attacker can access one of these outdated systems, they have an entry point into the entire network.

The eventual goal is to replace this tech with secure-by-design systems, as per the ASD Annual Cyber Threat Report (2023-2024) . However, this transition takes time (and costs money), meaning providers need to look for alternative ways to minimise risk in the meantime.

The first step here is to inventory your assets to learn what IT and OT systems you have, where they are, and how they interlink. Then, isolate older OT systems from the wider network to limit attack vectors, and install intrusion detection systems to monitor for unusual patterns.

This is a solid starting point, but the end goal should be modernisation. Plan phased upgrades to replace or retrofit older systems with secure-by-design alternatives over time, as per ASD recommendations.

During the transition period, solutions like MuleSoft can help you connect outdated tech with newer applications securely, allowing legacy assets to communicate with modern energy systems without introducing vulnerabilities.

Distributed Denial of Service (DDoS) attacks overwhelm systems by hitting them with enormous volumes of traffic. For energy providers, this equals disrupted services and lower grid availability, making it one of the most concerning emerging threats, as per the ASD’s Annual Cyber Threat Report .

The problem here isn’t just disrupted services. DDoS attacks are also used to distract security teams while attackers initiate more serious attacks. Think of it as a smokescreen that gives criminals the freedom to move around undetected.

Defending against DDoS attacks requires a layered approach to technical and operational safeguarding. Here are some ideas that can be combined together to form a net of protection.

• Rate limiting can reduce the impact of sudden traffic spikes.
• Traffic scrubbing services can filter malicious requests before they reach core systems.
• Incident response exercises help teams react quickly during the worst-case scenario.

It’s important to consistently monitor traffic so you can detect risks early. If you’d like some help with this, Agentforce is a great solution, offering AI-powered anomaly detection and helping you identify and prevent external threats before they become a concern.

Cloud adoption and AI automation are boosting efficiency, enabling predictive maintenance and empowering smarter decision-making for Australia’s energy sector. However, these technologies can also introduce security vulnerabilities and attack vectors if they aren’t properly managed.

As one example, a misconfigured cloud environment can expose sensitive data to attackers, while unsanctioned AI tools could introduce unverified data, leading to flawed outputs or decision-making (known as ‘model poisoning’).

This is a double-edged sword. While 80% of security leaders believe AI agents introduce new security opportunities, 79% believe they also bring unique challenges (State of IT, Security Report). The key will be striking a balance to maximise benefits while avoiding risks.

To mitigate the risks of cloud environments, providers need to carefully vet the vendors they choose to work with and conduct regular security audits and penetration tests to find and fix misconfigurations.

On the AI side, clear organisational policies are essential to govern effective adoption and define how data should be handled in alignment with SOCI and Cyber Security Act standards. You can loop this in with compliance training to keep staff aligned with emerging requirements.

Lastly, AI is only as trustworthy as its data. Use data quality and validation tools to ensure your models are only trained on verified datasets. This will reduce the risk of poisoning and ensure all of your decisions are backed by trusted information. As a starting point, Data Cloud can bring your data together in one place, secure it, and give you the tools to leverage its benefits.

Australia’s energy transition is well underway, and systems are more connected than ever. This presents exciting opportunities for clean energy and innovation, but also introduces new risks.

From ransomware and phishing attacks to outdated systems and insider threats, providers need to treat critical infrastructure and cybersecurity as two sides of the same coin to keep pace.

The key to operational resilience is detecting threats early, protecting sensitive data, and choosing the right tools to support security objectives.

Looking to get one step ahead of evolving threats? Here’s how Salesforce’s suite of tools can help you detect, prevent, and respond to emerging threats faster and more reliably.

• Agentforce delivers AI-driven threat detection to enable proactive protection.
• Shield 2.0 offers robust data protection, helping you navigate compliance.
• Data Cloud provides full-stack observability across cloud and AI environments.
• MuleSoft gives you the tools to integrate all of your IT systems under one roof.

The next stage is to train your teams on the skills they need to embed security into their everyday tasks. With Trailhead, employees can access guided modules on everything from cybersecurity to AI, giving them the expertise to protect critical infrastructure while learning new business-ready skills.