OP-ED: More to cyber security than protecting personal info


Many of you are reading this on your computer or smart phone right now. That's because we rely on computers and the Internet for almost everything we do. More than 500 million devices are connected to the Internet, and according to the U.S. Department of Homeland Security, there are 82,000 Internet-facing supervisory control and data acquisition (SCADA) systems used in various industries, including power plants, water treatment plants, transportation, manufacturing and food and beverage. These industries affect each of us and our well-being every day.

Just last week, we saw the potential for catastrophic effects due to computer issues. The New York Stock Exchange was temporarily shut down, and all United Airlines flights across the country were grounded for several hours. Investigations into both instances haven't yet pointed to cyber attacks, but regardless of whether hackers were involved, they very well could have been — and the effects could have been much worse.

Imagine having no access to travel for an extended period of time; not being able to access money at your bank; not being able to communicate with loved ones; or not having power or running water for a prolonged period. Unfortunately, with the prevalence of Internet-facing devices in today's world, these possibilities are real — and with the sophistication of hackers and the amount of vulnerable information in our shared web space, we have to work hard to prevent them. It's not just a matter of stealing information; it's the potential to manipulate equipment and control or disable vital systems.

The Pennsylvania Public Utility Commission (PUC) is constantly working behind the scenes to protect you and the industries under our jurisdiction. Not only are we working with utilities to protect your personal information and keep your lights on, but we are coordinating and cooperating with other state and federal agencies, law enforcement and other key industry stakeholders to protect our critical infrastructure and keep us all connected and safe.

A report this week from the University of Cambridge revealed that a cyber attack shutting down parts of the U.S. power grid could cost as much as $1 trillion to our economy. And it's not just because of power outages; an attack on a power grid could quickly become a multi-layer, large-scale event — a domino effect of sorts. This could create the potential for health and safety systems to fail, businesses and manufacturing to halt, transportation to be disrupted and security and law enforcement to be compromised.

Lack of communication would be a thread running through it all — no matter how you look at it, the telecommunications sector is the backbone of cybersecurity. With power, water, transportation and telecommunications all under the PUC's jurisdiction, cybersecurity is one of our priorities.

The PUC has been on the forefront of cybersecurity initiatives and has had security regulations in place since 2005. These rules require public utilities to certify annually that they have reviewed and made any necessary adjustments to their security plans. In March 2014, we finalized a policy statement regarding utility service outage response, recovery and public notification guidelines. We also established the Critical Infrastructure Interdependency Working Group to further develop best practices to address the needs of all customers during major outages. I am pleased to say our utilities have done a great job adhering to our rules and preparing for threats.

This week, the National Association of Regulatory Utility Commissioners (NARUC) will spend time discussing cybersecurity through a panel at its summer meetings in New York. There, they will focus on the recent report of the Communications Security, Reliability and Interoperability Council (CSRIC) Working Group IV. CSRIC IV was a national, year-long commitment designed to work with the telecommunications sector to develop suggested voluntary standards on a number of different topics. CSRIC's focus over the last year was on cybersecurity risk assessment and best practices, and as the PUC's representative, I was able to both learn and share information and recommendations. The Mid-Atlantic Association of Regulatory Utility Commissioners held a similar panel at its conference a few weeks ago.

At the end of July, I will participate in the Electric Infrastructure Security Summit in Washington, D.C., and discuss opportunities and challenges that remain for state commissions when addressing this vital issue.

The issue of cybersecurity is ever-present, growing and widespread, and the Commission recognizes the role of interdependency between all utility sectors, from both physical and cybersecurity perspectives. We continue to work hard on local and national levels to keep our grid secure, and we call on utilities — and all industries — to collaborate and prepare for potential cyber events.

— Pamela A. Witmer is member of the Pennsylvania Public Utility Commission.