NORWALK, Conn. - State Sen. Bob Duff (D-Norwalk-Darien) welcomed the new cybersecurity plan for Connecticut’s utilities offered by Gov. Dannel P. Malloy as a good way to to help strengthen defenses against possible future cyberattacks.
Duff is Senate chairman of the legislative Energy & Technology Committee.
Connecticut is the first state to present a cybersecurity strategy in partnership with the utilities, and will share it with other states working on similar plans.
The report was initiated as part of the state’s 2013 Comprehensive Energy Strategy, which called on the state Public Utilities Regulatory Authority to work with state agencies and conduct a review of Connecticut’s electricity, natural gas, and major water companies to assess the adequacy of their capabilities to deter interruption of service and recommend actions strengthening deterrence.
PURA Chairman Arthur House, who previously worked in the U.S. intelligence community, said, “Attempts to disrupt public utility services are growing in frequency, scale and sophistication.” He welcomed commissioning the report and said it will be the first step in making cybersecurity part of Connecticut’s efforts to increase the resilience and reliability of public utility service.
Among other findings, the report recommends that Connecticut commence self-regulated cyber audits and reports, and move toward a third-party audit and assessment system. The report also makes recommendations regarding local and regional regulatory roles, emergency drills and training, coordinating with emergency management officials, and handling confidential information.
Officials commended PURA, Northeast Utilities and United Illuminating, Connecticut’s municipal electric companies and two major water companies, Aquarion and Connecticut Water, along with the telecommunications industry for working together to produce the strategic plan.
The governor has directed PURA to begin fleshing out and proposing concrete actions to respond to the questions this report raises. He further directed PURA to plan and lead a series of technical meetings with the public utilities to seek consensus on the establishment of security standards, reporting of compliance and a process to manage cybersecurity compliance oversight.