Cybersecurity

The PUC’s Cyber Team, created in 2012, is comprised of staff from the Office of the Executive Director, the Bureau of Audits, the Office of Management Information Systems, the Bureau of Technical Utility Services, the Law Bureau and the Office of Communications. The team meets bi-weekly or as necessary and provides recommendations to Commissioners for cybersecurity-related initiatives such as training, communications, etc.

Advisory

CISA, EPA and FBI Release Top Cyber Actions for Securing Water Systems - Dated February 21, 2024. CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) released the joint factsheet Top Cyber Actions for Securing Water Systems. 

Small Offices & Home Offices Router Alert - Dated February 6, 2024. The PUC issued an alert to public utilities in Pennsylvania reminding them the potential dangers associated with using outdated or inexpensive routers.

Iranian Cyber Threats to U.S. Critical Infrastructure - Dated October 20, 2023.  The PUC issued a Cybersecurity Advisory to public utilities in Pennsylvania reminding utilities to remain vigilant for cybersecurity threats that could impact critical infrastructure.

Cybersecurity Threats on Critical Infrastructure - Dated February 25, 2022.  The PUC issued a Cybersecurity Advisory to public utilities in Pennsylvania reminding utilities to remain vigilant for cybersecurity threats that could impact critical infrastructure.

Ransom Threats Cybersecurity Advisory - Dated May 24, 2021. The PUC has issued a Cybersecurity Advisory to public utilities across Pennsylvania highlighting cybersecurity best practices following a recent cyberattack on the Colonial Pipeline Company – which disrupted fuel supplies along the East Coast. 

Public Water Company Cybersecurity Advisory - Dated February 25, 2021.  On Feb. 5, 2021, a water treatment plant in Oldsmar, Florida, experienced a cyberattack which was intended to gain control over the Supervisory Control and Data Acquisition (SCADA) systems used to monitor and regulate the amount of sodium hydroxide within the water supply. To make sure that Pennsylvania water companies are aware of the incident the PUC, Office of Cybersecurity Compliance and Oversight has issued a cybersecurity advisory. 

Best Practices

Cybersecurity Best Practices for Small & Medium Pennsylvania Utilities - Fifth Edition, June 2022. The guide outlines red flags to look for and ways to prevent identity or property theft; how to manage vendors and contractors who may have access to a company’s data; what to know about anti-virus software and much more.

Gov. Tom Wolf proclaimed October 2016 Cybersecurity Awareness Month in Pennsylvania.

On Oct. 1, 2015, the PUC united state and federal government agencies, utility companies and law enforcement to highlight National Cybersecurity Awareness Month and the collaborative work being done to protect Pennsylvania’s critical infrastructure. Event participants included the PUC, the U.S. Department of Homeland Security, the Pennsylvania Office of Administration, the Pennsylvania Emergency Management Agency, the Pennsylvania State Police, the Pennsylvania Office of Homeland Security, the South Central PA Task Force, UGI Utilities Inc., Pennsylvania American Water, Verizon Pennsylvania and PPL Electric Utilities.

Securing Small & Medium-Sized Business Supply Chains

Cybersecurity and Infrastructure Security Agency (CISA) released a new handbook for small and medium-sized businesses on January 10, 2023, regarding business supply chains. 

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks Developed by the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, the handbook provides an overview of the highest supply chain risk categories commonly faced by ICT SMBs, including cyber risks.

It contains several use cases and applicable resources to assist ICT SMBs in identifying the supply chain security practices they can take to enhance their security. The handbook is intended to provide supply chain guidance to SMBs that may have limited finances, share resources on how to enhance the SMB reporting and vetting processes when purchasing ICT, and offer methods and guidance to tackle the most common and highest priority risks faced by SMBs. 

Cybersecurity Press Conference Video