Sept 11 (Reuters) - U.S. utilities faced a near 70% jump

in cyberattacks this year over the same period in 2023,

according to data from Check Point Research, underlining the

escalating threat to a critical infrastructure.

The utilities and power infrastructure across the U.S. are

becoming increasingly vulnerable as the grid expands rapidly to

meet surging demand for power and assets are digitalized.

Utilities are low-hanging fruit for cyberattacks because

many of them use outdated software, said Douglas McKee of cyber

security firm SonicWall.

To date, the attacks have not crippled any U.S. utility, but

industry experts warn a coordinated attempt could be

devastating, impacting essential services and causing

substantial financial losses.

There were 1,162 cyberattacks on average through August this

year, compared to 689 in 2023, Check Point data showed.

The energy sector is considered to be more vulnerable to

such attacks. In May 2021, fuel pipeline operator Colonial

Pipeline was forced to shut down its entire network due to one

of the biggest cyberattack incidents on the energy industry.

More recently, U.S. oilfield services firm Halliburton ( HAL )

disclosed that an unauthorized third party had accessed

and removed data from its systems.

The utilities industry depends on IoT and ICS (Internet of

Things and Incident Command System) technology, which are not as

advanced in their cyber defenses as the software used by Apple ( AAPL )

or Microsoft ( MSFT ), McKee said.

Compliance with regulations such as the North American

Electric Reliability Corp's (NERC) Critical Infrastructure

Protection, which safeguards bulk power systems from cyber

threats, only provide a minimum standard or protection, experts

said.

The expansion of the grid, including incremental

interconnections to new customers like Gen-AI data centers, is

creating more potential points of attack.

Earlier this year, NERC said the number of susceptible

points on the U.S. electrical networks has been increasing by

about 60 per day.

Several major U.S. companies have suffered ransomware

attacks in recent years, including UnitedHealth Group's ( UNH )

Change Healthcare unit in February.

"If an equivalent attack occurred that was on the scale of

Change Healthcare...the impact could be completely devastating,"

said Kevin Kirkwood, chief information security officer at

Foster City, California-based cybersecurity provider Exabeam.

Even breaches that do not directly compromise critical

infrastructure could lead to significant financial losses, said

Wayne Tung, managing director at Sendero Consulting.

The average cost of a data breach in the energy sector

reached a global high of $4.72 million, IBM reported in 2022.

Historically, election years also fuel heightened malicious

cyber activity.

"With the upcoming U.S. election, we can expect a surge in

cyberattacks on critical infrastructure, including utilities,

energy grids, and communication networks," said Nataliia Zdrok,

Senior Threat Intelligence Analyst at Binary Defense.