4. No Standard For Reporting Attacks
Electric utilities lack a uniform process for reporting cyberattacks against their systems, according to the report. Most reported that they follow standard requirements for reporting attacks to state and federal authorities, but they did not describe when reporting was mandatory. Currently, the incidents being experienced did not rise to reportable levels, they said. Many facilities indicate ongoing threats posed by banking malware, phishing scams and other financially motivated cyberattacks.