Thursday, October 1, 2015

PUC Highlights Utilities Cybersecurity Information Sharing, Collaboration

The Public Utility Commission Thursday united state and federal government agencies, utility companies and law enforcement to highlight National Cybersecurity Awareness Month and the collaborative work being done to protect Pennsylvania’s critical infrastructure.
“The PUC works vigilantly with each and every one of these entities on a holistic approach to security – ensuring not only that our critical infrastructure is physically protected and that we preserve reliability – but that our proprietary and personal information is secure, as well,” said Commissioner Pamela Witmer in her opening remarks at a public event today. “We are not only employees of our respective agencies and companies; we are all consumers – and we realize the importance of securing sensitive material. Proactive inter-industry training and preparedness are key.”
Gov. Tom Wolf proclaimed October 2015 Cybersecurity Awareness Month in Pennsylvania.
Commissioner Witmer highlighted the PUC’s cybersecurity efforts and cooperation with other agencies and companies, beginning in the early 2000s, as well as the interdependency among all utility sectors, from both physical and cybersecurity perspectives.
“All interconnected utility sectors must practice good cyber hygiene and risk management tools to help defend their systems against cyber-attacks,” said Commissioner Witmer. “According to the U.S. Director of National Intelligence, cybersecurity is the No. 1 security threat worldwide, ranking higher than terrorism, espionage and weapons of mass destruction.”
The U.S. Department of Homeland Security participated in the event today, as well as state and local agencies, including the Office of Administration, the Pennsylvania Emergency Management Agency, the Pennsylvania State Police, the Pennsylvania Office of Homeland Security and the South Central PA Task Force.
“Cybersecurity should be an ever-evolving area of focus for everyone, and an ongoing emphasis to each of us to stay one step ahead of those who wish to disrupt our business operations and personal daily routines,” said Marty Nevil, Deputy Director for Operations for PEMA.
The recurring theme throughout the event was the importance of collaboration among government agencies, businesses and consumers to ensure that both sensitive information and critical infrastructure are protected from cyber-attacks.
“The Commonwealth’s security posture is robust, and a number of enterprise security services exist to safeguard the Commonwealth against cyber-attacks,” said Commonwealth Chief Information Security Officer Erik Avakian. “We must ensure that our Commonwealth’s cybersecurity posture, leadership and maturity levels continue to progress so that we can continue on the path to success.”
Several major Pennsylvania utilities also participated in today’s event, including UGI Utilities Inc., Pennsylvania American Water, Verizon Pennsylvania and PPL Electric Utilities.
“This month, we want to remind you that all of us here today are constantly working together to share information and prepare for cyber incidents,” said Commissioner Witmer. “This issue is not going away, and we strongly encourage all citizens to evaluate both their personal and professional cybersecurity preparedness.”
The PUC also released the second edition of its Cybersecurity Best Practices for Small and Medium Pennsylvania Utilities.
The guide was compiled by the PUC’s Cyber Team, which was created in 2012 and is comprised of staff from the Office of the Executive Director, the Bureau of Audits, the Office of Management Information Systems, the Bureau of Technical Utility Services, the Law Bureau and the Office of Communications.
The updated guide outlines for utilities ways to prevent identity or property theft; how to manage vendors and contractors who may have access to a company’s data; what to know about anti-virus software, firewalls and network infrastructure; how to protect physical assets, such as a computer in a remote location or a misplaced employee device; how to respond to a cyber-attack and preserve forensic information after the fact; how to report incidents; the potential benefits of engaging a law firm in advance of a breach; and a list of federal cyber incident resources.

No comments:

Post a Comment