The Public Utility Commission Wednesday emphasized the importance of both cyber and physical security planning in safeguarding Pennsylvania’s critical utility systems in conjunction with National Critical Infrastructure Security and Resilience Month.
“Every day, we depend on a network of systems, including electricity to power our homes and businesses; natural gas for heating and cooking; clean drinking water; transportation systems; and telecommunications and Internet to stay connected with family and friends,” said PUC Chairman Gladys M. Brown. “Keeping these critical systems secure and operating – in the face of everything from natural disasters to man-made threats – is a key part of our responsibility to our citizens, our communities and our national security.”
Chairman Brown stressed that the Commission is committed to working with key stakeholders in government, utilities and nonprofit organizations to help ensure the security and resilience of our critical infrastructure.
Those include efforts to strengthen cybersecurity of key systems, safeguard sensitive business and consumer information, enhance the physical security of critical facilities and improve the resilience of these systems – so that services can be restored more quickly.
Earlier this year, the PUC and the Office of the Governor hosted a “Black Sky” exercise, testing the state’s response to a large-scale outage event.
The exercise drew more than 130 participants, representing state and federal government agencies; neighboring state utility commissions; military and law enforcement agencies; utility companies; emergency-response organizations; and nonprofit organizations.
Pennsylvania is at the forefront of efforts to bring together key stakeholders in government, utilities and nonprofit organizations to collaborate and prepare for these threats.
“The overriding goal for these efforts is to keep our communities functioning,” said Commissioner Robert F. Powelson. “It is important that we work together to safeguard our infrastructure and position Pennsylvania for swift recovery, regardless of the emergency we face.”The PUC has also produced a guide to Cybersecurity Best Practices for Small and Medium Pennsylvania Utilities, outlining ways that utilities can prevent identity or property theft; manage vendors and contractors who may have access to a company’s data; understand anti-virus software, firewalls and network infrastructure; how to protect physical assets, such as a computer in a remote location or a misplaced employee device; how to respond to a cyber-attack and preserve forensic information after the fact; how to report incidents; the potential benefits of engaging a law firm in advance of a breach; and a list of federal cyber incident resources.