A winter storm impacted Americans all across the nation on Jan. 24 and Jan. 25 — a storm the National Oceanic and Atmospheric Administration (NOAA) referred to as “unusually large and severe.” 

According to NBC News, at least nine deaths have been attributed to the severe weather. 200 million individuals are placed under severe cold alerts, and more than 820,000 energy customers are out of power as of Jan. 26. 

Severe weather such as this can place a strain on power grids, utilities and other such critical infrastructure. While critical infrastructure operators will be focused on keeping up with the weather and needs of their communities, malicious cyber actors may take advantage of the heightened activity. 

Chris Grove, Director, Cybersecurity Strategy at Nozomi Networks, explains, “During major winter storms, particularly when they hit regions that are not prepared for snow such as Florida, power grid operators are rightly focused on physical restoration, clearing lines, stabilizing substations, managing load, and ensuring worker safety. That operational intensity can reduce visibility in digital environments at precisely the moment when attackers prefer to operate: during periods of disruption, distraction, and degraded monitoring.”

How Do Cybercriminals Leverage Severe Weather? 

“Historically, we’ve seen that adversaries don’t need to launch sophisticated new attacks during these moments,” says Grove. 

With the influx of activity and strain, malicious actors don’t need advanced tactics to compromise power grids — all they need is a moment of weakness. 

Grove explains that they “exploit pre-existing weaknesses like unpatched systems, legacy remote access, poor network segmentation, or limited asset visibility knowing that response times may be slower and anomalies harder to distinguish from storm-related issues.” The vulnerabilities that were present before the storm may be the ones leveraged during the peak of it. 

What Can Security Leaders Do to Defend Power Grids?

“From a defensive standpoint, preparation matters more than prediction,” Grove asserts. “Ahead of severe weather, grid operators should prioritize:

• Confirming visibility into critical assets and communications paths
• Ensuring remote access controls and credentials are locked down and access is monitored
• Verifying backup monitoring, logging, and alerting processes
• Establishing clear coordination between IT, OT, and physical operations teams
• Ensure cyber response Playbooks are on-hand

“The goal isn’t to add new controls at the last minute, but to reduce uncertainty so operators can quickly tell the difference between storm damage and something more concerning.”

Winter Storms Test Cyber Resilience 

Unexpected disasters such as storms can reveal just how prepared an organization truly is for threats — especially for critical infrastructure.  

“At a broader level, events like this highlight an important reality for U.S. grid security: cyber resilience is inseparable from operational resilience,” Grove declares. “Weather extremes, geopolitical tensions, and digital threats increasingly intersect. The strongest posture isn’t built on fear of attack, but on the ability to maintain visibility, control, and recovery even when conditions are far from normal.”

For security leaders, winter storms can be a test of more than just security, but of operations, communication, and responsiveness. 

“In short, winter storms test infrastructure physically but they also test how well organizations can operate securely under pressure,” Grove says. “Those that have invested in asset awareness, segmentation, and coordinated response are far better positioned to weather both the storm and the threat landscape that comes with it.”