The PUC’s Cybersecurity advisory encouraged all utilities to maintain good cyber hygiene, remain vigilant, and report attempted or successful intrusions to the appropriate authorities. This most recent advisory from the PUC follows an alert issued in March 2021 which highlighted specific cyber threats to water utilities.
Over the last several years, ransomware has become the number one threat to both public and private sector organizations and has grown in both scale and sophistication – and ransomware attacks continue to strike businesses, government agencies and individuals daily.
In addition to these ransomware mitigation measures; the PUC strongly recommends that regulated utilities conduct physical and cybersecurity risk assessments on their critical infrastructure.
The Commission noted that cyber issues impact every size and type of utility, along with other businesses – further underscoring the importance of strong cybersecurity practices.
Cyber Alerts and Resources
To mitigate the ransomware threat, the PUC’s Office of Cybersecurity Compliance and Oversight has provided utilities with links to information and resources developed by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI):
-- CISA Alert AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks – This advisory urges Critical Infrastructure (CI) owners and operators to adopt a heightened state of awareness and implement the recommendations listed in the mitigations section of the advisory. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware.
-- Ransomware Guide – The guide was developed by CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) and it is a one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack. CISA and MS-ISAC are distributing this guide to inform and enhance network defense and reduce exposure to a ransomware attack.
Another way to support utility cybersecurity defenses is to ensure that incidents are reported in a timely fashion through the appropriate channels. Utilities and others can report attempted or successful intrusions through the CISA’s website.
Utilities or businesses that are victims of cybercrimes should notify the appropriate regional FBI office. The FBI has Pennsylvania field offices in Philadelphia and Pittsburgh. The FBI may be able to assist critical infrastructure owner/operators when there is a cyberattack or suspected cyber incident.
Cyber Careers at Utilities
As utilities work to address these new potential threats, the Commission encouraged cyber professionals and young people learning about cybersecurity to consider career opportunities in the utility sector.
“There is a massive state, national and global demand for job candidates with strong cybersecurity skills, and we hope that many will explore possible #UtilityCareers,” PUC Chairman Gladys Brown Dutrieuille said. “While our utilities can often ‘hide in plain sight,’ – unnoticed unless there is a problem with service – the work of ensuring the safety and reliability of these essential community services can be very rewarding.”
For a new generation searching for opportunities to start their careers, as well as other skilled candidates, like our veterans, looking for new possibilities, utilities represent tens-of-thousands of community-oriented jobs, combining good wages with the satisfaction of knowing that you are serving your neighbors.
Visit the Public Utility Commission website for more information on programs they administer.
[Posted: May 26, 2021] PA Environment Digest
No comments:
Post a Comment