In light of Cybersecurity Awareness Month, the Public Utility Commission Thursday announced its publication of Cybersecurity Best Practices for Small and Medium Pennsylvania Utilities.
"While we are proud of our accomplishments to date, this is an ever changing area where we can always do more. From the Shellshock Bash bug to the massive Home Depot hack, cybersecurity intrusions are real, close to home, far too frequent and devastating to companies and individuals alike," said Commissioner Pamela A. Witmer in a statement. "Cybersecurity threats continue to change and evolve, so we are always educating ourselves in implementing the newest and most preventative efforts," Witmer said in a video news release.
The guide outlines red flags to look for and ways to prevent identity or property theft; how to manage vendors and contractors who may have access to a company's data; what to know about anti-virus software, firewalls and network infrastructure; how to protect physical assets, such as a computer in a remote location or a misplaced employee device; how to respond to a cyber-attack and preserve forensic information after the fact; and how to report incidents.
The PUC urges utility leaders to read the cybersecurity guide and recommends holding company workshops to review this information with employees.
The publication of best practices follows various Commission efforts, led by Commissioner Witmer, to educate other state commissions and utility companies about cybersecurity and to guard consumers, employees and utilities from cyber-attacks.
This year, on April 29, 2014, Commissioner Witmer and Commonwealth's Chief Information Security Officer hosted a seminar to educate Commission employees on cybersecurity best practices. Two 1.5-hour sessions were held in the Commonwealth Keystone Building in Harrisburg and were streamed live for regional PUC offices.
On May 29, 2014, Commissioner Witmer joined former Gov. Tom Ridge, who served as the first Secretary of the U.S. Department of Homeland Security, and other reputable panelists to speak at the 8th Annual Energy and Public Utilities Symposium in Washington, D.C., titled "Cyber Security and the Energy and Utilities Industries."