“Cybersecurity is a constant priority for the Commission and the utilities we regulate,” said PUC Chairman Steve DeFrank. “While we have no indication of specific threats to Pennsylvania utilities at this time, global events serve as an important reminder that critical infrastructure must remain vigilant. By sharing timely information and reinforcing strong cybersecurity practices, the Commission is working proactively with utilities across Pennsylvania to help safeguard the systems that power our homes, businesses, and communities.”
The advisory, distributed to jurisdictional utilities earlier this week, highlights a series of recommended cybersecurity practices intended to help utilities protect essential services such as electricity, natural gas, water, telecommunications, and other systems that Pennsylvanians rely on every day.
The Commission noted that evolving geopolitical developments — including the ongoing conflict involving Iran and the broader potential for retaliatory cyber activity against U.S. infrastructure — underscore the importance of maintaining strong cybersecurity protections across all sectors of critical infrastructure.
The advisory was developed and distributed by the PUC’s Office of Cybersecurity Compliance and Oversight as part of the Commission’s ongoing efforts to monitor emerging threats and share information with the utility community.
Best Practices
Among the key areas highlighted in the advisory are several widely recognized cybersecurity best practices designed to reduce the risk of cyber intrusion or disruption, including:
-- Strengthening network protections by isolating sensitive operational systems from the public internet whenever possible.
-- Improving access security, including the use of strong passwords and phishing-resistant multi-factor authentication for remote access and administrative systems.
-- Addressing known software vulnerabilities by ensuring that critical systems, firewalls, and remote management tools are updated and properly secured.
-- Enhancing monitoring and incident response planning, including reviewing business continuity and disaster recovery plans to ensure utilities can quickly detect and respond to unusual network activity.
The Commission also encouraged utilities to remain alert for sophisticated cyber techniques that rely on legitimate system tools to avoid detection — sometimes referred to as “living off the land” activity — and to closely monitor their systems for unusual behavior that could signal unauthorized access.
Key Resources
As part of the advisory, the PUC recommended that utilities review guidance from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), including the agency’s “Shields Up” initiative and other cybersecurity resources designed to help critical infrastructure operators strengthen their defensive posture.
Utilities were also reminded of the importance of promptly reporting cyber incidents to appropriate authorities, including the Federal Bureau of Investigation, the Pennsylvania Criminal Intelligence Center, and the PUC in cases where incidents fall within the Commission’s cyber reporting regulations.
“Protecting the systems that deliver essential utility services is critical to public safety and economic stability,” DeFrank added. “The Commission will continue working closely with utilities, law enforcement, and national partners to ensure that Pennsylvania remains prepared to meet the cybersecurity challenges of today and tomorrow.”
Cybersecurity has been a longstanding focus of the Commission’s oversight and collaboration with utilities.
The PUC regularly works with federal partners, industry organizations, and other state regulators to share threat information and strengthen protections for critical infrastructure systems across the country.
Because cyber threats continue to evolve rapidly, the Commission encourages utilities of all sizes to regularly review their cybersecurity practices and remain engaged with state and federal partners on emerging risks.
For more information about cybersecurity resources available to critical infrastructure operators, visit the Cybersecurity and Infrastructure Security Agency at www.cisa.gov.
Click Here for the PUC announcement.
[Posted: March 6, 2026] PA Environment Digest
No comments :
Post a Comment