Pennsylvania has some free advice for smaller utilities trying to shore up their cybersecurity defenses: get a lawyer.
That’s one big addition to a new list of suggested best practices released by the Public Utility Commission this year. In the pamphlet, the PUC calls data breaches “almost inevitable,” and advises small and midsized utilities to find a law firm to help monitor risks and assess damage in the event of a “cyber incident.”
“Cybersecurity attacks happen every day. In fact, they’re probably happening right now,” said PUC Commissioner Pamela Witmer at a news conference. “Fortunately, in the utility industry, these breaches have not had any major repercussions and we are all here to try to make sure that it stays that way.”
Witmer said the different parts of the utility infrastructure have to be able to “talk,” or send data, to one another. She added that an attack on one piece — such as a power or telecommunications utility — could have a “domino” effect on others, affecting things such as access to water and safe roads.