Connecticut’s Public Utilities Regulatory Authority (PURA) today released its fifth ‘Public Utilities Annual Cybersecurity Report’ reviewing 2021 cybersecurity programs of regulated electric, gas, and water utilities.
This year’s report found that in 2021, phishing attacks remained the largest source of successful cyberattacks and pose a significant risk to all of the state's critical infrastructure entities. Findings also show these phishing attempts have become more automated, are easier to conduct and designed to evade detection.
Additionally, the Authority’s report found that the lack of multi-factor authentication was the primary cause of many successful phishing hacks of utility vendors and business partners.
These emerging trends, and other wide-reaching phishing and ransomware attacks directed at U.S. companies in the energy and utilities industry, highlight the urgency for Connecticut utilities to continue to refine their existing cybersecurity programs.
Many security measures can mitigate the risk of a cyberattack and are being implemented by the Connecticut utilities. Some include requiring multi-factor authentication, enforcing password policies, updating software regularly, establishing protected system back-ups, restricting access to resources, and collecting and retaining audit logs.
As in the past, this year’s report is the result of collaborative efforts between PURA, state agency partners, and Connecticut’s regulated utility companies. Due to the sensitivity of information discussed during the review process, no specific information associated with the companies is disclosed in this report.
To learn more, visit Connecticut’s cybersecurity resource page or view past annual Cybersecurity Reports issued by the Authority.