PUC sharpens focus on cybersecurity threats

Regulator creates office to deal with potential for cyber attack on services, customers

  • Rachel McDevitt

Marie Cusick / StateImpact Pennsylvania

The Public Utility Commission regulates, among other things, pipelines like these in Delaware County that are part of the Mariner East 2 project.

Pennsylvania’s utility regulator has created a new office to deal specifically with cybersecurity threats.

The Public Utility Commission already requires utility companies to have a cybersecurity plan in place.

Officials said the new Office of Cybersecurity Compliance and Oversight will be better equipped to make recommendations to strengthen those plans.

Spokesman Nils Hagen-Frederiksen says the potential fallout from a cyber attack is only growing as utilities become more interconnected.

“Natural gas and electricity and water and wastewater and telecommunications — they’re all so deeply integrated. And if the power goes down, all of those other services typically go down in a very short period of time,” he said. “An organized cyber attack can actually have the same kind of impact as a massive hurricane, without the physical destruction.”

That kind of widespread, long-lasting utility operations failure is known as a “black sky event.”

The PUC is concerned with two main threats: online customer accounts and utility operations, which range from how employees handle emails to the computerized mechanisms that get services to homes.

The new office’s director Michael Holko most recently was a program manager at the state’s Office of Administration, Office for Information Technology.

The agency said it was able to create the position without adding to its budget, by reallocating a vacant position.