The PUC’s Cyber Team, created in 2012, is comprised of staff from the Office of the Executive Director, the Bureau of Audits, the Office of Management Information Systems, the Bureau of Technical Utility Services, the Law Bureau and the Office of Communications. The team meets bi-weekly or as necessary and provides recommendations to Commissioners for cybersecurity-related initiatives such as training, communications, etc.
Cybersecurity Threats on Critical Infrastructure - Dated February 25, 2022. The PUC issued a Cybersecurity Advisory to public utilities in Pennsylvania reminding utilities to remain vigilant for cybersecurity threats that could impact critical infrastructure.
Ransom Threats Cybersecurity Advisory - Dated May 24, 2021. The PUC has issued a Cybersecurity Advisory to public utilities across Pennsylvania highlighting cybersecurity best practices following a recent cyberattack on the Colonial Pipeline Company – which disrupted fuel supplies along the East Coast.
Public Water Company Cybersecurity Advisory - Dated February 25, 2021. On Feb. 5, 2021, a water treatment plant in Oldsmar, Florida, experienced a cyberattack which was intended to gain control over the Supervisory Control and Data Acquisition (SCADA) systems used to monitor and regulate the amount of sodium hydroxide within the water supply. To make sure that Pennsylvania water companies are aware of the incident the PUC, Office of Cybersecurity Compliance and Oversight has issued a cybersecurity advisory.
Cybersecurity Best Practices for Small & Medium Pennsylvania Utilities - Fifth Edition, June 2022. The guide outlines red flags to look for and ways to prevent identity or property theft; how to manage vendors and contractors who may have access to a company’s data; what to know about anti-virus software and much more.
Gov. Tom Wolf proclaimed October 2016 Cybersecurity Awareness Month in Pennsylvania.
On Oct. 1, 2015, the PUC united state and federal government agencies, utility companies and law enforcement to highlight National Cybersecurity Awareness Month and the collaborative work being done to protect Pennsylvania’s critical infrastructure. Event participants included the PUC, the U.S. Department of Homeland Security, the Pennsylvania Office of Administration, the Pennsylvania Emergency Management Agency, the Pennsylvania State Police, the Pennsylvania Office of Homeland Security, the South Central PA Task Force, UGI Utilities Inc., Pennsylvania American Water, Verizon Pennsylvania and PPL Electric Utilities.
Securing Small & Medium-Sized Business Supply Chains
Cybersecurity and Infrastructure Security Agency (CISA) released a new handbook for small and medium-sized businesses on January 10, 2023, regarding business supply chains.
Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks Developed by the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, the handbook provides an overview of the highest supply chain risk categories commonly faced by ICT SMBs, including cyber risks.
It contains several use cases and applicable resources to assist ICT SMBs in identifying the supply chain security practices they can take to enhance their security. The handbook is intended to provide supply chain guidance to SMBs that may have limited finances, share resources on how to enhance the SMB reporting and vetting processes when purchasing ICT, and offer methods and guidance to tackle the most common and highest priority risks faced by SMBs.
Cybersecurity Press Conference Video
Cybersecurity Compliance and Oversight
The Commission's Office of Cybersecurity Compliance and Oversight (PUC-OCCO) has been monitoring the evolving Coronavirus (COVID-19) situation and its impact on cybersecurity. The PUC-OCCO has been taking part in the Department of Homeland Security, Critical Infrastructure Security Agency (DHS-CISA) government and industry coordination calls. These calls issue guidance and information for critical infrastructure partners to prepare for, respond to, and mitigate any effects that a cybersecurity event would have on the utilities regulated by the PUC.
Foreign actors are using social media (Facebook, Twitter, etc.) to spread fear about the federal government and to have people visit websites that spread malware. DHS-CISA has recommended that organizations send an email to their employees to let them know not to trust information from social media services and unofficial news websites. They also recommend going to the FEMA website if they receive information that they believe is suspicious.
With more workers teleworking, DHS-CISA has reported an increase in phishing and malware threats. DHS-CISA recommends sending an email out to your employees alerting them to the increase in these threats. They also recommend reinforcing your cyber-hygiene training programs. DHS-CISA has information on their website that can help you with securing your critical infrastructure. For more information, visit CISA’s website.
In addition to Phishing/Malware, DHS-CISA has seen an increase in vulnerability scanning and penetration attempts across all sectors. They are recommending that organizations continue their patching processes and procedures. Find the latest threat and vulnerability information.
DHS-CISA has recommended that organizations review their cybersecurity incident response plans to make sure they are up-to-date and that your contact information is current. They are also recommending you identify your service providers and suppliers in your plan and that you reach out to them during the COVID 19 crisis to ensure they can continue to support your organization during the pandemic.
DHS-CISA has put together a document that gives guidance to the private sector on defining essential critical infrastructure workers. Promoting the ability of such workers to continue to work during periods of community restriction, access management, social distancing, or closure orders/directives is crucial to community resilience and continuity of essential functions.
The Commonwealth of Pennsylvania has restricted access to areas that have COVID-19 outbreaks. In the event of a cybersecurity incident, please contact the PUC Emergency Lead Agency Representative (AREP) at 717-941-0003. Follow up information may be sent to the Lead AREP email at email@example.com. Only state and local authorities can grant access to restricted/hot zone areas.
Cyber threats are not limited to the regulated utilities. Cyber criminals are using the pandemic to take advantage of the crisis to steal customer Personal Identifiable Information (PII), credit card, and bank account information. They are also using well-crafted emails to get them to malicious websites and download malicious email. Customers who would like to get information on these threats and how to mitigate them should go to the DHS-CISA website.
- Damage Prevention Committee
- Act 13 Impact Fee
- Voluntary Natural Gas EE&C Programs
- Combined Heat & Power
- Natural Gas Companies & Suppliers
- Pipeline Safety
- Committees & Working Groups
- Energy Efficiency, Conservation and Savings Information
- Retail Markets
- Prepare Now for Winter Energy Costs
- Natural Gas Vehicles
Learn how to submit a complaint with a public utility. You can also search existing formal complaints.Get Details
811: PA One Call
Homeowners and contractors must call 8-1-1 before starting any digging or excavation project.Get Details
Need More Help?
Public utility documents available electronically include case dockets, public meeting orders and more.
Filing & Resources
Find utility-related reports, laws and regulations, federal filings, tariffs, procedures and more.
Consumers, utilities and attorneys can save time by submitting documents to the PUC electronically.