April 7, 2016
Connecticut Green Guide

Despite resistance, PURA cybersecurity effort marches ahead

dan at FreeDigitalPhotos.net
dan at FreeDigitalPhotos.net
State energy regulators want to ensure utilities and telecom providers are taking adequate measures to protect against cyber attacks.

The state's energy and telecom regulator is marching ahead with a cybersecurity oversight program, even though some major companies shared a number of concerns with the voluntary initiative.

The Public Utilities Regulatory Authority (PURA) reported Wednesday on its efforts over the past 16 months to design a program to ensure electricity, gas, water and telecom providers are effectively managing cyber risks.

PURA said the entities it regulates, though many shared a number of concerns, have expressed a "general willingness" to participate in annual cybersecurity reviews. Nonetheless, the agency reported receiving the heaviest pushback from wireline, wireless and cable television providers like Frontier Communications, Verizon, AT&T Corp. and Cablevision.

Those companies are anxious about sharing details of their cybersecurity measures with state officials. Telecoms worry that state oversight could lead to a misuse of information or a higher risk of fines, prosecution or litigation.

They also argue that state oversight could be duplicative, since they already report certain cybersecurity information at the federal level. They don't want the oversight program to lead to mandated state-level reporting requirements or best practices regarding cybersecurity.

A representative of the New England Cable & Telecommunications Association and CTIA - The Wireless Association wrote in a January letter to PURA that telcos felt PURA hadn't adequately addressed all of its members' concerns.

The filing noted that PURA has acknowledged telcos employ top cybersecurity experts, and that telcos willingly participated in PURA's process.

"However, the process and scope of [PURA's] proposed Program continue to be a concern," the industry representative wrote.

Telecom providers have urged PURA to wait for the creation of a federal oversight program, but the agency said it's unconvinced that's anywhere on the horizon.

PURA said it's sensitive to the concerns, and has agreed to limit the annual review meetings to just its key staff and the Division of Emergency Management and Homeland Security, who would later report to the governor, the legislature's Energy and Technology Committee and the Office of Consumer Counsel.

All state participants in the meetings would sign non-disclosure agreements, and PURA said companies would get to review external messaging about the meetings before they are released publicly.

The agency said it remains hopeful telecom companies will come back to the table. It expects a round of cybersecurity review meetings to take place later this year.

PURA cited various reports from the media and national security officials pointing to a perceived growing danger of hackers damaging the the United States' energy and communications infrastructure.

In February, the PURA report noted, the Homeland Security warned U.S. power companies that technology used to shut down parts of the grid in Ukraine could be used on U.S. companies.

Free E-Newsletters

Sign up now for our daily and weekly
e-newsletters! Click Here

Today's Poll Will bioscience be the CT economic engine most hope it will be?<>
Most Popular on Facebook
Copyright 2017 New England Business Media