Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

October 11, 2019

Report: CT utilities thwart growing number of attempted cyberattacks

HBJ file photo Art House, Connecticut's cybersecurity risk officer.
By Matt Pilon

Over the past year, four major Connecticut public utilities faced more frequent attempts by outside actors to improperly penetrate their technology systems, but appear to have thwarted them all.

That’s according to the state’s third annual critical infrastructure cybersecurity review, which reports that Eversource, Avangrid, Connecticut Water and Aquarion continued to invest in their cybersecurity defenses last year.

All four affirmed to the state cybersecurity panel that conducts the confidential review that no federal agency had notified them of any cyber compromise during the year. 

“The array and sophistication of cybersecurity threats facing Connecticut’s public utilities is greater than it has been and continues to become more dangerous,” the report said. “The utilities are well aware of the increasing dangers, take them seriously and demonstrate top-level commitment to construct and manage defense.”

Though the review deemed cyberdefenses at the participating utilities to be adequate, it expressed concern about the rising number of cyber attempts made by nation state actors and others. 

One of the four utilities, which the report didn’t name due to confidentiality agreements, recorded threat attempts from more than 1,000 distinct actors in the last year.

State cybersecurity officials called on federal intelligence agencies to increase their timely sharing of intelligence with Connecticut about attempts to compromise U.S. utilities, in order to help utilities better prepare and defend themselves.

The report cited various warnings from intelligence officials about utility hacking threats over the past year, including one last month by three former Department of Homeland Security secretaries, who said the country “risks calamity if the U.S. does not step up its game” on cybersecurity.

Over the past three years, broadband and cable utilities have declined to participate in the state review process, which remains voluntary. From the outset, they cited concerns about duplicating federal reporting requirements and the potential for disclosures to lead to fines or litigation.

Gov. Ned Lamont thanked the utilities that chose to participate.

“In this day and age it is critical that we be prepared for any type of cyberattack that could potentially threaten our state, and the best strategy to strengthen our defenses is working with all of our public utility companies as a united front,” Lamont said in a statement. “This voluntary collaboration is helping us prepare for any contingency and we are grateful for the cooperation of each of these companies have demonstrated, which are in the public’s best interest.”

The four-person state panel that conducted the utility cybersecurity review includes:

  • Arthur House, the state’s chief cybersecurity risk officer;
  • Stephen Capozzi, an engineer at the Public Utilities Regulatory Authority;
  • David Geick, director of IT security services for a technology unit housed within the Department of Administrative Services; and
  • David Palmbach, an intelligence analyst with the Connecticut Intelligence Center.

Sign up for Enews

Most Recent

Most Recent

0 Comments

Order a PDF