Fortifying the Grid: Biometrics Go Military-Grade for US Utilities

DENVER, CO – February 12, 2026 – In a direct response to an unprecedented wave of cyberattacks targeting America’s most essential services, biometric identity firm authID has announced a new security platform designed to bring military-grade authentication to the nation's vulnerable energy and water infrastructure. The move comes as federal agencies warn of sophisticated, state-sponsored hackers pre-positioning themselves within critical utility networks for future disruption.

Denver-based authID (Nasdaq: AUID) today launched what it describes as an “out-of-the-box” biometric security solution aligned with the federal government's stringent Personal Identity Verification (PIV) framework. The platform aims to replace outdated and easily compromised security measures with advanced facial verification, locking down access to the control systems that manage the flow of electricity, water, and gas to millions of Americans.

A New Frontline in Cyber Defense

The urgency for such a defense is stark. The digital systems governing U.S. utilities have become a primary target for foreign adversaries. According to cybersecurity firm Check Point Research, utilities were hit with 1,162 documented cyberattacks between January and August 2024 alone, a staggering 70% increase over the previous year. By late 2024, some reports indicated attacks were up over 200% year-over-year, with utilities facing an average of 1,339 weekly incidents.

These are not random acts of digital vandalism. The 2025 U.S. Homeland Threat Assessment explicitly identified Chinese state-sponsored groups like Volt Typhoon as having infiltrated critical infrastructure networks, quietly maintaining access for future strategic advantage. In one alarming 2025 incident, the FBI alerted a major Massachusetts water utility that Chinese hackers had compromised its systems, gaining the ability to manipulate chemical inputs and potentially poison the water supply.

Other state actors have been equally aggressive. In late 2023, the Iran-affiliated group “Cyber Av3ngers” successfully targeted and manipulated industrial control systems at multiple U.S. water facilities, including the Municipal Water Authority of Aliquippa in Pennsylvania. Experts worry that many utilities, often described as “low-hanging fruit” due to a reliance on outdated software and poor password hygiene, are ill-equipped to fend off these advanced, persistent threats.

Raising the Bar with Military-Grade Authentication

Despite mandates from regulatory bodies like the North American Electric Reliability Council (NERC), many defenses remain inadequate. The authID solution seeks to bridge this gap by applying the principles of the federal PIV standard—a benchmark for secure identification for government employees and contractors—to the civilian utility sector.

PIV is the gold standard for high-assurance identity, mandating strict background checks and multi-factor authentication to access sensitive facilities and data. Applying a PIV-aligned framework to a power plant or water treatment facility represents a monumental security upgrade. It moves beyond vulnerable passwords and even standard multi-factor authentication, which can still be susceptible to sophisticated phishing and social engineering attacks.

This level of security is particularly crucial for protecting Supervisory and Control Data Acquisition (SCADA) systems, the digital nerve centers that allow operators to monitor and control physical processes in real-time. By tying every critical command to the verified, live biometric identity of an authorized operator, the system aims to make it virtually impossible for an imposter to gain control.

How Biometric Identity Locks Down Access

authID's platform is built on the principle of binding digital access to a live human being. Instead of a password or a physical token that can be stolen, the system uses a person's face as the ultimate key, creating a definitive biometric root of trust.

“We cannot overstate the level of security needed for these locations,” commented Rhon Daguro, CEO of authID, in the company's announcement. “Interruptions to gas, water, or electricity delivery can cause widespread chaos. Nuclear facilities are especially sensitive. Our biometric identity verification solution ensures only authorized access to these critical systems, by binding an identity to a live human, and defending against spoofs, deepfakes, and imposters.”

The system is designed to thwart the increasingly sophisticated tools used by hackers, including AI-generated deepfakes and presentation attacks where an attacker might use a photo or video to try and fool a camera. By performing a liveness check, the platform verifies that it is interacting with a real person present at the time of authentication, not a digital fabrication. This effectively locks down SCADA consoles, privileged engineering accounts, and remote access for the vast ecosystem of third-party contractors that utilities rely on.

“There is no other platform offering that out of the box,” Daguro stated. “We provide a scalable path to higher trust without user friction, and on Day One our clients can operate with confidence and security without the vulnerability of legacy tools.”

A Comprehensive Platform for a Complex Ecosystem

The challenge of securing a utility goes beyond just the main control room. The ecosystem includes a sprawling network of employees, vendors, and contractors, each requiring different levels of access. Furthermore, the growing use of Artificial Intelligence in operations introduces new security considerations. Gartner predicts that by 2027, 40% of utilities will deploy AI-driven operators in their control rooms.

authID’s platform addresses this complexity with three integrated solutions. IDX provides a central hub for managing the identities of all users, ensuring consistent security policies across the entire organization. PrivacyKey tackles critical data privacy concerns by using cryptographic keys to protect user biometric data, helping utilities comply with laws that prohibit the direct storage of biometric information. Finally, authID Mandate is a forward-looking tool designed to secure AI itself, allowing only verified human users to launch powerful AI agents and creating an auditable trail that links every AI action back to an accountable individual.

With aggressive investment flowing into modernizing the energy sector, securing that new infrastructure from day one is paramount. The U.S. energy portfolio is diverse, with natural gas, nuclear, coal, and renewables all playing a major role. Advanced security solutions must be adaptable enough to protect them all.

“According to the U.S. Energy Information Administration, the top US energy suppliers are natural gas at 40%, nuclear at 18%, coal at 17% and renewables at about 24%,” Daguro added. “authID can provide the most impactful security for all of them. With the aggressive investment now flowing to the energy sector, we expect to lead the way on securing this vital infrastructure.”