Press Release

Ransomware Threats Prompt PUC Cybersecurity Advisory

Published on 5/26/2021

Filed under: Electric Gas Pipeline Telecommunications Water and Wastewater

Utilities Encouraged to Use Cybersecurity Best Practices and Remain Vigilant Following Colonial Pipeline Ransomware Cyber Attack

HARRISBURG –The Pennsylvania Public Utility Commission (PUC) has issued a Cybersecurity Advisory to public utilities across Pennsylvania highlighting cybersecurity best practices following a recent cyberattack on the Colonial Pipeline Company – which disrupted fuel supplies along the East Coast. 

Additionally, the PUC’s Cybersecurity advisory encouraged all utilities to maintain good cyber hygiene, remain vigilant, and report attempted or successful intrusions to the appropriate authorities.  This most recent advisory from the PUC follows an alert issued in March 2021 which highlighted specific cyber threats to water utilities.

Over the last several years, ransomware has become the number one threat to both public and private sector organizations and has grown in both scale and sophistication – and ransomware attacks continue to strike businesses, government agencies and individuals daily.

In addition to these ransomware mitigation measures; the PUC strongly recommends that regulated utilities conduct physical and cybersecurity risk assessments on their critical infrastructure. The Commission noted that cyber issues impact every size and type of utility, along with other businesses – further underscoring the importance of strong cybersecurity practices.

Cyber Alerts and Resources

To mitigate the ransomware threat, the PUC’s Office of Cybersecurity Compliance and Oversight has provided utilities with links to information and resources developed by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI): 

• CISA Alert AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks – This advisory urges Critical Infrastructure (CI) owners and operators to adopt a heightened state of awareness and implement the recommendations listed in the mitigations section of the advisory. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware. The advisory can be accessed using the following link:
  https://us-cert.cisa.gov/ncas/alerts/aa21-131a
  
  
• Ransomware Guide – The guide was developed by CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) and it is a one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack. CISA and MS-ISAC are distributing this guide to inform and enhance network defense and reduce exposure to a ransomware attack. The advisory can be accessed using the following link: https://www.cisa.gov/ransomware

Another way to support utility cybersecurity defenses is to ensure that incidents are reported in a timely fashion through the appropriate channels. Utilities and others can report attempted or successful intrusions through the CISA’s website at:  https://www.cisa.gov/

Utilities or businesses that are victims of cybercrimes should notify the appropriate regional FBI office. The FBI has Pennsylvania field offices in Philadelphia and Pittsburgh. The FBI may be able to assist critical infrastructure owner/operators when there is a cyberattack or suspected cyber incident.

Cyber Careers at Utilities

As utilities work to address these new potential threats, the Commission encouraged cyber professionals and young people learning about cybersecurity to consider career opportunities in the utility sector.

“There is a massive state, national and global demand for job candidates with strong cybersecurity skills, and we hope that many will explore possible #UtilityCareers,” PUC Chairman Gladys Brown Dutrieuille said. “While our utilities can often ‘hide in plain sight,’ – unnoticed unless there is a problem with service – the work of ensuring the safety and reliability of these essential community services can be very rewarding.”

For a new generation searching for opportunities to start their careers, as well as other skilled candidates, like our veterans, looking for new possibilities, utilities represent tens-of-thousands of community-oriented jobs, combining good wages with the satisfaction of knowing that you are serving your neighbors.

About the PUC

The Pennsylvania Public Utility Commission balances the needs of consumers and utilities; ensures safe and reliable utility service at reasonable rates; protects the public interest; educates consumers to make independent and informed utility choices; furthers economic development; and fosters new technologies and competitive markets in an environmentally sound manner.

Visit the PUC’s website at www.puc.pa.gov for recent news releases and video of select proceedings. You can also follow us on Twitter, Facebook, LinkedIn, Instagram and YouTube. Search for the “Pennsylvania Public Utility Commission” or “PA PUC” on your favorite social media channel for updates on utility issues and other helpful consumer information.

# # #

Contact:

• Nils Hagen-Frederiksen
  Press Secretary
  717-418-2701
  nhagen-fre@pa.gov