Governor Dannel P. Malloy today released the Connecticut Critical Infrastructure 2018 Annual Report, a comprehensive review the state’s electric, natural gas, and large water companies’ efforts to detect and prevent cybersecurity threats. The report stated that while Connecticut’s utilities faced more frequent and sophisticated penetration attempts in the past year, they were met with “adequate defense capabilities.”
The review and report are the result of a 2014 cybersecurity strategy and 2016 cybersecurity action plan, both products of Connecticut’s Public Utilities Regulatory Authority (PURA) and announced by Governor Malloy. Connecticut’s utilities had worked with PURA to reach agreement regarding scope and process for conducting the cybersecurity reviews. Four utility companies participated: Aquarion, Avangrid, Connecticut Water, and Eversource.
“Cybersecurity threats continue to grow across the United States, for everyone – the federal government, states, cities, businesses and organizations, and private citizens,” Governor Malloy said. “We can never be assured of security, but we can fight back and do everything in our power to make ourselves safe. Connecticut has been a leader among states, launching both a cybersecurity strategy and an action plan. The report released today shows that while our public utilities have so far detected and prevented threats, we must continue to practice vigilance.”
The report concludes that “Connecticut’s utilities are spending more time, devoting more resources, educating their workforces and transforming their cultures more thoroughly to meet the increased level of threats.” But it notes that significant threats and challenges remain, including increased volume, sophistication, and country of origin of attempted malicious probes.
At the same time, the report notes significant improvements and areas of progress. There were no known cyber breaches during the past year, despite millions of attempts.