PUC issues Cybersecurity Advisory on threats to utility systems

    The Pennsylvania Public Utility Commission (PUC) has issued a Cybersecurity Advisory to water utilities across Pennsylvania with specific cybersecurity information following a recent cyberattack on a water system in Florida – and continues to encourage all other utilities to maintain good cyber hygiene and remain vigilant.

    “A PUC-regulated utility is required to have a cybersecurity plan for their operations, and we have regular conversations with our utility community about cybersecurity and developing cyberthreats,” noted PUC Chair Gladys Brown Dutrieuille, who leads the Committee on Critical Infrastructure for NARUC – the national organization for state utility commissioners – and is also a member of NARUC’s national Task Force on Emergency Preparedness, Recovery and Resiliency.

    A great deal of the PUC’s time and attention is focused on information-sharing about developing cyber threats, connecting utilities with cybersecurity resources, and improving communication between different groups of utilities – because a cyberthreat that appears in one sector may be part of a broader effort to penetrate another type of utility or business.

    The Commission noted that cyber issues impact every size and type of utility, along with other businesses – further underscoring the importance of strong cybersecurity practices.

    Based on preliminary information about the Florida incident, the PUC’s Office of Cybersecurity Compliance and Oversight has issued a Cybersecurity Advisory – reaching out to regulated water utilities in Pennsylvania about the importance of strong cyber hygiene.

    Key recommendations in the PUC Cybersecurity Advisory include:

    • Operating Systems – Update all computers operating software.
    • Passwords – Use strong passwords and multiple-factor authentication.
    • Other Safeguards – Ensure that anti-virus, spam filters and firewalls are updated, properly configured and secure.
    • Training – Users should be trained to identify and report attempts at social engineering.
    • Respond Quickly – Identify and suspend access of users exhibiting unusual activity.
    • Study Risks – Conduct regular physical and cybersecurity risk assessments on critical infrastructure.  

    Most of these tips are also excellent cyber hygiene practices for every business and every personal computer user, especially with the dramatic increase in remote work since the beginning of the COVID-19 pandemic.

    The larger number of people now working remotely has expanded the number of possible avenues for cyberattacks and further emphasized the need for constant vigilance by everyone.

    As utilities work to address these new potential threats, the Commission encouraged cyber professionals and young people learning about cybersecurity to consider career opportunities in the utility sector.

    “There is a massive state, national and global demand for job candidates with strong cybersecurity skills, and we hope that many will explore possible #UtilityCareers,” PUC Chairman Dutrieuille said. “While our utilities can often ‘hide in plain sight,’ – unnoticed by many unless there is a problem with service – the work of ensuring the safety and reliability of these essential community services can be very rewarding.”

    For a new generation searching for opportunities to start their careers, as well as other skilled candidates, like our veterans, looking for new possibilities, utilities represent tens-of-thousands of community-oriented jobs, combining good wages with the satisfaction of knowing that you are serving your neighbors. 

    Visit the PUC’s website at for recent news releases and video of select proceedings.

    0 0 votes
    Article Rating
    Notify of
    Inline Feedbacks
    View all comments
    Would love your thoughts, please comment.x