PUC Issues Cybersecurity Advisory On Threats To Utility Systems

On March 10, the Public Utility Commission announced it has issued a Cybersecurity Advisory to water utilities across Pennsylvania with specific cybersecurity information following a February cyberattack on a water system in Florida.

The PUC continues to encourage all other utilities to maintain good cyber hygiene and remain vigilant.

“A PUC-regulated utility is required to have a cybersecurity plan for their operations, and we have regular conversations with our utility community about cybersecurity and developing cyberthreats,” noted PUC Chair Gladys Brown Dutrieuille, who leads the Committee on Critical Infrastructure for NARUC – the national organization for state utility commissioners – and is also a member of NARUC’s national Task Force on Emergency Preparedness, Recovery and Resiliency.

The Commission noted that cyber issues impact every size and type of utility, along with other businesses – further underscoring the importance of strong cybersecurity practices.

Cyber Tips Following Florida Incident

Based on preliminary information about the Florida incident, the PUC’s Office of Cybersecurity Compliance and Oversight has issued a Cybersecurity Advisory - reaching out to regulated water utilities in Pennsylvania about the importance of strong cyber hygiene.

Key recommendations in the PUC Cybersecurity Advisory include:

-- Operating Systems - Update all computers operating software.

-- Passwords - Use strong passwords and multiple-factor authentication.

-- Other Safeguards - Ensure that anti-virus, spam filters and firewalls are updated, properly configured and secure.

-- Training - Users should be trained to identify and report attempts at social engineering.

-- Respond Quickly - Identify and suspend access of users exhibiting unusual activity.

-- Study Risks – Conduct regular physical and cybersecurity risk assessments on critical infrastructure.

Most of these tips are also excellent cyber hygiene practices for every business and every personal computer user, especially with the dramatic increase in remote work since the beginning of the COVID-19 pandemic.

The larger number of people now working remotely has expanded the number of possible avenues for cyberattacks and further emphasized the need for constant vigilance by everyone.

Click Here for the PUC’s advisory.

Cyber Careers at Utilities

As utilities work to address these new potential threats, the Commission encouraged cyber professionals and young people learning about cybersecurity to consider career opportunities in the utility sector.

“There is a massive state, national and global demand for job candidates with strong cybersecurity skills, and we hope that many will explore possible #UtilityCareers,” PUC Chairman Dutrieuille said. “While our utilities can often ‘hide in plain sight,’ – unnoticed by many unless there is a problem with service – the work of ensuring the safety and reliability of these essential community services can be very rewarding.”

For a new generation searching for opportunities to start their careers, as well as other skilled candidates, like our veterans, looking for new possibilities, utilities represent tens-of-thousands of community-oriented jobs, combining good wages with the satisfaction of knowing that you are serving your neighbors.

NewsClips:

The Guardian: Hacker Attempted To Poison Water Supply Of Florida City, Officials Say

FT: Microsoft Hack Escalates As Criminal Groups Rush To Exploit Flaws

LancasterOnline: Millersville U. Fall Registration Schedule Changed Following External Attack On Computer Network

[Posted: March 10, 2021]


3/15/2021

Go To Preceding Article     Go To Next Article

Return to This PA Environment Digest's Main Page