Pennsylvania utility regulator sharpens focus on cybersecurity threats

Pennsylvania’s utility regulator has created a new office to deal specifically with cybersecurity threats.

The Public Utility Commission (PUC) already requires utility companies to have a cybersecurity plan in place. Officials said the new Office of Cybersecurity Compliance and Oversight will be better equipped to make recommendations to strengthen those plans.

Spokesman Nils Hagen-Frederiksen said the potential fallout from a cyber attack is only growing as utilities become more interconnected.

“Natural gas and electricity and water and wastewater and telecommunications — they’re all so deeply integrated. And if the power goes down, all of those other services typically go down in a very short period of time,” he said. “An organized cyber attack can actually have the same kind of impact as a massive hurricane, without the physical destruction,” said Hagen-Frederiksen.

That kind of widespread, long-lasting utility operations failure is known as a “black sky event.”

The PUC is concerned with two main threats: online customer accounts and utility operations, which range from how employees handle emails to the computerized mechanisms that get services to homes.

The new office’s director Michael Holko most recently was a program manager at the state’s Office of Administration, Office for Information Technology.

The agency said it was able to create the position without adding to its budget, by reallocating a vacant position.