In November 2021, Delta-Montrose Electric Association suffered one of the worst cyberattacks in the history of electric utilities in the United States. Though the attack did not result in outages or disclosure of member data, it corrupted decades’ worth of records and disabled DMEA’s billing, telephones, email, and other systems. It required many weeks of staff overtime to create short-term workarounds and fix the damage.
The cyberattack also made DMEA one of the most well-known electric co-ops in the country for a time. While the Montrose-based co-op might have preferred to be recognized for its achievements in hydropower and solar generation, or its innovative fiber internet service, DMEA staff believed that other electric co-op managers needed to hear about their experience. “Sharing DMEA’s story is important so that other cooperatives can learn from what we’ve experienced,” said Jay Suckey, DMEA chief information officer. “We’re dedicated to the Cooperation Among Cooperatives principle and improving cybersecurity for other rural utilities.”
While co-ops are especially collaborative, the entire electric power industry — which includes investor-owned and publicly owned utilities, regional transmission operators, and other entities — communicates openly and frequently about cybersecurity. All of these players are physically connected through the North American electric grid, so they share a common interest in mounting the best defense possible against increasingly sophisticated hackers.
PHISHERS GET AN AI CYBERBOOST
Over the last couple of years, hackers have significantly enhanced their phishing emails and texts using artificial intelligence. “We used to train our staff to look for grammar and spelling errors that indicated an email or text was written by someone who didn’t speak English as a first language,” said Lindsey Mote, cybersecurity administrator at Falcon-based Mountain View Electric Association. “AI has vastly improved the hackers’ English.”
Cybercriminals also use AI to conduct rapid, in-depth research on companies that do business with electric co-ops and other types of utilities — and then tailor their messages to appear authentic. “They ask the AI something like, ‘If I want to send an email from XYZ company, how would I make it appear genuine?’” Suckey noted.
The primary goal of most email and text scammers is to obtain money, often through a payment for a fake invoice. They also often seek an employee’s login credentials. “Then they can send emails posing as you to everyone in your contact list, seeking financial information or trying to plant spyware or malware,” said Mote.
DEFENDING AGAINST FOREIGN ADVERSARIES
Phishing for money and login credentials may seem tame compared to the cyberthreats posed by hackers working for U.S. geopolitical adversaries who seek the capabilities to disrupt critical infrastructure in a future conflict. For example, China-backed Volt Typhoon has been discovered in the network systems of numerous utilities across the country. “That’s pretty scary stuff,” Mote said.
At the June 2025 National Rural Electric Cooperative Association Cybertech conference in Denver, co-op leaders heard about how the Israel-Iran conflict could increase the risk of a cyberattack on electric grids, according to Trina Zagar-Brown, vice president of business services for Glenwood Springs-based Holy Cross Energy. “Critical infrastructure in the U.S. is a well-known potential target, and as global conflicts increase, so do the risks of a cyberattack,” she said.
Since the beginning of what we know as the modern internet, cyberattacks have been a threat to many industries, including utilities. And like other industries, electric grids today have more points of vulnerability to cyberattacks than in the past, largely due to new technology.
The capability of a foreign adversary to exploit such vulnerabilities and strategically shut off power was demonstrated when Ukraine suffered blackouts in 2016 and 2022, caused by malicious code — malware — known as Industroyer and attributed to Russia. “Distribution electric co-ops have to be cognizant of these types of threats that are happening around the globe,” said Zagar-Brown.
The hacker that infiltrated DMEA likely entered through a single computer server that had not been updated with the latest security patch. “From there, the domain administrator’s login information was stolen, and the attack escalated,” according to an NRECA special report.
In the months after the attack, DMEA compiled a list of 20 cybersecurity recommendations that have been widely circulated throughout the electric co-op community and beyond. Many of these focus on continually training staff on how to detect and avoid the latest AI-powered hacking innovations.
“All our employees get updated training once a month,” Suckey said. “We do phishing tests and conduct other tests to make sure they learn about the red flags and how those are changing.” Many other electric co-ops in Colorado and across the United States adopted these same best practices to train employees.
In the 2021 attack, DMEA’s safeguards — such as network segmentation to isolate critical systems from the corporate network and least-privilege access that prevented further escalation of the attack — enabled DMEA to avoid the worst possible scenarios. “If our safeguards hadn’t held, our 30,000-plus members could have been left in the dark — or worse, had their personal and financial data exposed,” Suckey reflected.
“Thanks to those controls, we avoided catastrophe, even though it was still a nightmare.”
It was an ordeal DMEA and the co-op community have put to good use. “DMEA has been so open about what happened, how they handled it step-by-step, and what the outcomes were,” Mote said. “Many companies don’t talk about when a cyberattack victimizes them. But that doesn’t help the rest of us.”
Jim Hight is a writer, research analyst, and consultant based in Buena Vista, Colorado, where he is a grateful member of Sangre de Cristo Electric Association.
CO-OP CONSUMER-MEMBERS ALSO TARGETED
In addition to defending their systems from cyberattacks, co-op leaders want their consumer-members to be aware of how scammers may target them. Many scammers build bogus websites that mimic a utility payment portal and collect payments from utility customers who think they are paying their electricity bill. MVEA’s Lindsey Mote offers these tips to help you ensure you are truly paying your electric co-op:
- Instead of using an internet search engine for your electric co-op’s payment website, navigate to it directly by typing in the web address from a recent bill.
- Verify that your co-op’s website address is spelled correctly in the address bar before visiting the website.
- If you have any doubt you’re on the correct website, call your local electric co-op to confirm its web address.
- Bookmark the correct payment site for future use.
- Use your co-op’s app and other member tools — such as SmartHub — to ensure your payment is made to the co-op and not a scam website.
