Reports show that hydropower is increasingly being targeted. One of the first notable, publicly documented attacks was on New York’s Bowman Dam. Iranian hackers infiltrated its control system as part of a broader cyber campaign against the United States' infrastructure. Though the access was limited, the incident was alarming. It highlighted that water and energy sites can be compromised digitally as well as physically.
More recently, in April 2025, Russian actors launched a cyberattack that had a significant impact on Norway’s Bremanger dam. They manipulated the control system to open the floodgates, releasing approximately 500 liters of water per second for four hours before the breach was contained. While no physical damage occurred, the incident remains one of the most significant threats. It was a clear, overt sabotage of vital infrastructure that raised safety and operational concerns.
Hydropower sites have several qualities that make them particularly lucrative and strategic targets for adversaries.
Understanding why criminals target hydroelectric infrastructure is only half the equation. The more pressing question is how operators can respond and what practical steps will meaningfully improve security.
Protection begins with a comprehensive cyber risk assessment. By identifying assets and mapping out vulnerabilities across IT and OT connections, facilities can direct investments where they matter most.
Firewalls and control systems remain foundational preventions against break-ins, but they are insufficient as stand-alone tools. ICS/OT networks should be isolated from enterprise and internet-facing programs using strict segmentation. Unidirectional gateways allow data flow from critical OT channels to monitoring platforms without allowing external traffic back in.
Password reuse has become a widespread practice, but its convenience also creates vulnerabilities. Facility leaders should enforce strong access controls by replacing default credentials. Implementing multi-factor authentication further strengthens defenses by preventing unauthorized entry to important systems, even when credentials are compromised.
Outdated components remain one of the most common entry points for attackers, with 32% of incidents exploiting unpatched software vulnerabilities. To reduce this risk, hydropower operators should prioritize regular firmware and software updates. For remote sites, secure over-the-air update capabilities are also essential to prevent transmissions from being intercepted or exploited.
Facilities should deploy real-time monitoring and anomaly detection tools designed for hydropower OT environments, capable of identifying unusual activity within SCADA systems, turbine controls and dam operations. AI-driven platforms can flag deviations from normal flow and flag behavior early, so operators can contain intrusions before they escalate into operational disruption or safety risks.
Facility leaders should develop and routinely test incident response plans tailored to hydropower operations that cover both IT and OT. Combining this with ongoing staff training can minimize human error, boost awareness of phishing and social engineering threats, and ensure swift, coordinated action when attacks occur.
As hydropower remains the largest source of green energy, it remains a prime target for malicious actors seeking to cause disruption and sow fear. With increasingly sophisticated attack methods, defense systems must evolve to keep pace. By combining modern risk assessment practices with ongoing operational vigilance, facilities can lessen their vulnerability surface and ensure the grid remains resilient even amid rising digital threats.
