Dragos
Kristine Martz is Principal Product Advisor for Dragos Inc. and has over fifteen years of experience in power and utilities cybersecurity and regulatory compliance, with expertise in NERC standards and real-time systems security.
Recent analysis of operational technology (OT) cybersecurity activity in the electric sector, as summarized in the Dragos “2026 OT/ICS Cybersecurity Year in Review,” offers a clear view into how cyber risk is evolving for utilities. The most notable development is not the emergence of entirely new threats, but a steady maturation of adversary behavior, particularly in how adversaries study, understand, and prepare to influence industrial systems.
Rather than focusing solely on enterprise networks or opportunistic disruption, observed activity increasingly reflects deliberate efforts to understand how electric systems operate in practice. For utility leaders, cyber risk is increasingly intertwined with how we operate, manage, and restore the grid. This evolution has implications for how utilities should think about preparedness, resilience, and leadership.
Understanding Systems, Not Just Accessing Them
Over the past year, a clear pattern has emerged. Adversaries are spending more time understanding how electric systems work, not just how they can be accessed. In multiple cases, activity moved beyond initial entry into operational environments and into sustained interaction with engineering workstations, control configurations, and alarm data.