According to Arthur House, the chief cybersecurity risk officer in Connecticut, lawmakers in Washington are not doing enough to protect the nation’s electrical grid, natural gas system, and public water supplies against bold and sophisticated hackers. As House does not see cyber security legislation at the national level, he is encouraging state lawmakers to take the matter into their own hands.
On Sept. 18, House released the second annual cybersecurity review of Connecticut’s systems for the delivery of electricity, natural gas, and water. He was joined by Gov. Dannel P. Malloy and representatives of state agencies and utilities. While there are hundreds of millions of attempts to access these utility systems annually, the 2018 report did not find any penetrations in Connecticut’s systems.
According to the report, Connecticut’s utilities are putting in the effort to devoting resources, transforming their cultures, and educating their workforces to meet the numerous and severe cybersecurity threats. This annual report was born of Connecticut’s Public Utilities Regulatory Authority (PURA), which works with four utility companies in the state to determine the scope and process of cybersecurity reviews.
Malloy says that Connecticut’s annual review is a model for the nation, as they are able to stay ahead of threats and manage an effective defense. Nationwide, attentions are certainly turning towards cybersecurity. Spending dedicated to cybersecurity is projected to exceed $1 trillion from 2017 to 2021. Although Congress has not passed any significant cybersecurity legislation, Connecticut’s model demonstrates how states can provide the first response to infrastructure failures by cooperating with utilities, regulators, and security officials.
As technology develops, city infrastructure is becoming integrated. Multiple systems share data with each other through the network. While this increased connection makes cities efficient in some ways, it gives hackers more access points to hold data for ransom, steal it, or disrupt and destroy system operations. The primary fear of officials is that a hacker could cause a prolonged power outage, crippling the power grid and sending ripple effects through the government and economy. With an interconnected system, they could also hack into police communications, emergency services, and traffic lights.
While this public threat has come to light more recently, businesses and individuals have recognized the harmful potential of hackers for years. Any business that relies on an online system for sales or marketing knows that it must protect its customers, who have in turn learned to look out for dangerous sites. Web design is the reason that 94% of people mistrust or reject a website. When a business does not present itself well online, consumers have a hard time trusting their cybersecurity measures.
With so much of an individual’s personal information in a state’s systems, the public is also looking to trust cybersecurity measures taken by the government. In the case of Connecticut’s cybersecurity action plan, state police have assigned detectives to a new cyber unit. The plan also encourages increased investments in security and intelligence gathering as future actions.