Connecticut became the first state in the country to release a cybersecurity plan in partnership with the state’s utilities to help strengthen defense against possible future threats.
Gov. Dannel Malloy on Monday announced the strategy, which calls for the state Public Utilities Regulatory Authority to work with state agencies to conduct a review of Connecticut’s electricity, natural gas and water companies to test their ability to deter interruption of service attacks.
“Fulfilling the promise of a more reliable energy future requires us to look beyond the foreseeable weather threats we know well in Connecticut to defend against possible future threats, such as a cyber-attack on our public utilities,” Malloy said. “Unfortunately, we need to do all we reasonably can to prevent, deter, detect and – if necessary – respond to a cyber-attack.”
“Just as we are taking proactive steps to harden our critical infrastructure and the shoreline to defend against severe weather events, so too must we be prepared to defend against the potential disruption that cyber intrusions can cause to vital services such as energy, water and telecommunications.”
Connecticut is working with federal authorities to strengthen its own cybersecurity and plans to make the report available for use by other states.
Malloy directed PURA to begin the process of fleshing out and proposing concrete actions to respond to the questions this report raises.
He further directed PURA to plan and lead a series of technical meetings with the public utilities to seek consensus on the establishment of security standards, reporting of compliance and a process to manage cybersecurity compliance oversight.
Among other things, the plan recommends Connecticut commence self-regulated cyber-audits and reports, and move toward a third-party audit and assessment system.
The report also makes recommendations regarding local and regional regulatory roles, emergency drills and training, coordinating with emergency management officials, and handling confidential information.
“Everyone in America is vulnerable to cyber-disruption,” Malloy said. “We need to work together at the federal, state and local levels and with the utilities themselves to do all we can to defend against serious and dangerous threats to our safety and wellbeing.”