Press Releases

PURA Press Release Header

04/05/2021

PURA Releases 2020 Connecticut Public Utility Annual Cybersecurity Report

Cyber Attacks, Threats Rise During COVID-19 Pandemic

 


(New Britain, CT – April 5, 2021)– Connecticut’s Public Utilities Regulatory Authority (PURA) today released its annual Public Utilities Critical Infrastructure Report reviewing 2020 cybersecurity vulnerabilities and policies of regulated electric, gas and water utilities, as well as information pertaining to cyber attacks that occurred in the previous year.


This year’s reportfound that state-regulated utilities adapted their cybersecurity programs as the COVID-19 pandemic forced personnel into remote work status. As a result, all regulated electric, gas and water utilities more fully participated in cyber-related exercises as they focused on enabling company network connectivity from personal devices and homes using virtual private networks (VPNs).


The Authority also found the societal shift during the initial months of the pandemic resulted in cyber criminals increasing their use of phishing attacks -- the most prominent source of cyber-attacks -- and other malware threats targeted at personal accounts/systems and online meeting platforms.


These attempts were often directed at individuals or organizations seeking to obtain COVID-19-related information. Meanwhile, ransomware attacks generally declined because businesses, schools and other social venues scaled-back operations.


Third-party vendors, as noted in past annual reports, remained an area of vulnerability as they provide external services to utilities.Utilities must remain vigilant evaluating and monitoring the cybersecurity protections of their vendors.


While the report notes that progress was made by all regulated public utilities in 2020, PURA urges its regulated entities to continue to scale up cyber-security protocols and test their prevention, detection and response systems as threats continue to increase in number, speed and sophistication each year.


“Cybersecurity must remain a key objective for Connecticut utility companies as cyber criminals continue to take advantage of the challenges brought forth by the pandemic,” said PURA Chairman Marissa Gillett.


“We continue to improve the security posture of our utilities across the state by working together, sharing information and being transparent about our issues and challenges," said Jeffrey W. BrownChief Information Security Officer for the State of ConnecticutUtilities remain a high-profile target and we need to continue to hold ourselves to a very high standard.


To learn more, visit Connecticut’s cybersecurity resource page or view past annual Cybersecurity Reports issued by the Authority.

 

 

###

 

 

About the Public Utilities Regulatory Authority:

The Public Utilities Regulatory Authority (PURA) is statutorily-charged with regulating the rates and services of Connecticut's investor owned electricity, natural gas, water and telecommunication companies and is the franchising authority for the state’s cable television companies. In the industries that are still wholly regulated, PURA balances the public’s right to safe, adequate and reliable utility service at reasonable rates with the provider’s right to a reasonable return on its investment. PURA also keeps watch over competitive utility services to promote equity among the competitors while customers reap the price and quality benefits of competition and are protected from unfair business practices. Visit PURA’s website at https://portal.ct.gov/pura.

 

 

 

Follow PURA on social media:

 

   

 


Contact

Taren O'Connor
Director of Legislation, Regulation and Communication
860-827-2689
Taren.Oconnor@ct.gov