Gov. Malloy Releases Annual Report on Utility Cybersecurity Reviews
(HARTFORD, CT) – Governor Dannel P. Malloy today released the Connecticut Critical Infrastructure 2018 Annual Report, a comprehensive review the state’s electric, natural gas, and large water companies’ efforts to detect and prevent cybersecurity threats. The report stated that while Connecticut’s utilities faced more frequent and sophisticated penetration attempts in the past year, they were met with “adequate defense capabilities.”
The review and report are the result of a 2014 cybersecurity strategy and 2016 cybersecurity action plan, both products of Connecticut’s Public Utilities Regulatory Authority (PURA) and announced by Governor Malloy. Connecticut’s utilities had worked with PURA to reach agreement regarding scope and process for conducting the cybersecurity reviews. Four utility companies participated: Aquarion, Avangrid, Connecticut Water, and Eversource.
“Cybersecurity threats continue to grow across the United States, for everyone – the federal government, states, cities, businesses and organizations, and private citizens,” Governor Malloy said. “We can never be assured of security, but we can fight back and do everything in our power to make ourselves safe. Connecticut has been a leader among states, launching both a cybersecurity strategy and an action plan. The report released today shows that while our public utilities have so far detected and prevented threats, we must continue to practice vigilance.”
The companies graded themselves using the Cybersecurity Capabilities Maturity Model. Conducting the reviews were Arthur H. House, Chief Cybersecurity Risk Officer; Steven Capozzi, PURA Public Utilities Engineer; Brenda Bergeron, Principal Attorney in the Division of Emergency Management and Homeland Security in the Department of Emergency Services; and David Geick, Director of IT Security Services at the Department of Administrative Service Bureau of Enterprise Systems and Technology (DAS/BEST).
The report concludes that “Connecticut’s utilities are spending more time, devoting more resources, educating their workforces and transforming their cultures more thoroughly to meet the increased level of threats.” But it notes that significant threats and challenges remain, including increased volume, sophistication, and country of origin of attempted malicious probes.
At the same time, the report notes significant improvements and areas of progress. There were no known cyber breaches during the past year, despite millions of attempts.
“Security of our IT systems is one of the most critical issues facing our country and you have only to glance at the headlines in the news over the last couple of years to appreciate that,” DAS Commissioner Melody Currey said. “At DAS/BEST, our IT professionals are working hard every day to deploy and administer the very best defenses and protocols to keep our state government’s systems secure and operational.”
“The number of threats to our infrastructure has never been greater and fortunately, the commitment across the public and private sectors to respond has never been stronger,” Department of Emergency Services and Public Protection Commissioner Dora Schriro said. “The plans that are in place today and the partnerships that we have formed will help to keep Connecticut, the region and our country safer than ever before.”
“A modernized, interconnected grid promises cleaner, cheaper, more reliable service for the families and businesses of Connecticut,” Katie Dykes, Chair of the PURA, said. “Connecticut’s comprehensive cybersecurity program ensures utilities can deliver on that promise while protecting the infrastructure on which we all rely.”
“These four utilities conducted serious, in-depth reviews with top management support,” Chief Cybersecurity Risk Officer Arthur House said. “This report underscores the potential of public/private partnership to advance cybersecurity in Connecticut.”
“Every sector, every business, every individual can and should be taking steps to reduce cybersecurity risks,” Chief Information Officer Mark Raymond said. “This report demonstrates that we can make progress through incremental, cooperative efforts.”