Cyber Threats to Utilities on the Rise: PUC Calls for Vigilance During Cybersecurity Awareness Month

Cyber Threats to Utilities on the Rise: PUC Calls for Vigilance During Cybersecurity Awareness Month

Published on 10/9/2025

Filed under: Electric Gas Pipeline Telecommunications Water and Wastewater

Commission highlights ongoing rulemaking and collaboration with national partners to address next-generation threats

HARRISBURG - The Pennsylvania Public Utility Commission (PUC) today joined with federal, state, and industry partners in recognizing October as National Cybersecurity Awareness Month, underscoring the urgent need for strong defenses across all sectors of critical infrastructure and highlighting the Commission's proactive work to safeguard the systems that power Pennsylvania's homes and businesses.

"Cybersecurity touches every part of our lives - from the devices we use at home to the systems that deliver electricity, water, natural gas, communications, and transportation across the Commonwealth," said PUC Vice Chair Kimberly Barrow. "Protecting those systems is about more than technology. It is about public safety, economic security, and preserving the reliability of the services that Pennsylvanians depend on every day."

This year's national theme, "Building a Cyber Strong America," reinforces the shared responsibility of consumers, utilities, regulators, and supply chain partners to help protect vital services from growing cyber threats.

Cyber threats do not stop at state borders, and neither should our defenses. That is why the PUC works closely with our fellow commissions across the country, alongside federal agencies and industry leaders, to share knowledge and strengthen protections. Here in Pennsylvania, we are also advancing new rules to help meet the next generation of utility cybersecurity challenges.

The Commission is currently reviewing public input on an enhanced utility cybersecurity rulemaking, designed to update Pennsylvania's requirements for reporting cyber incidents, planning for cyber defenses, and ensuring compliance with recognized security standards.

The importance of cybersecurity was also front-and-center at the PUC's annual Safety Seminar, hosted by the Commission's Safety Division in September. The event drew several hundred representatives from natural gas, pipeline, and electric utilities across Pennsylvania for training and discussions on a wide range of safety issues - with a special emphasis this year on cyber threats to critical infrastructure.

During the seminar, PUC staff and law enforcement partners highlighted cybersecurity tools and resources available to utilities. These resources are especially valuable for small and mid-size utilities that may not have the same in-house security capabilities as larger companies.

Additionally, the PUC is also an active participant in national discussions through the National Association of Regulatory Utility Commissioners (NARUC), sharing strategies and experiences to enhance cyber readiness nationwide.

Protecting Utilities and Consumers

Cyber-attacks targeting utilities have grown significantly, with the U.S. Department of Homeland Security warning that bad actors - including state-sponsored groups - are actively probing American infrastructure for weaknesses. Utilities are especially vulnerable as they expand digital communications networks, deploy smart devices, and integrate distributed energy resources.

Cybersecurity Awareness Month is led nationally by the Cybersecurity and Infrastructure Security Agency (CISA) and supported by a broad coalition of public and private partners.

The PUC urges all utilities under its jurisdiction to strengthen their cyber readiness, emphasizing practical measures such as:

• Multi-Factor Authentication (MFA): Adding an extra layer of protection beyond passwords.
  
  
• Software Updates: Regular patching of IT and operational systems to address vulnerabilities.
  
  
• Incident Response Planning: Developing and testing response plans to minimize disruption.
  
  
• Network Segmentation: Limiting access and isolating critical systems to contain breaches.
  
  
• Employee Training: Reinforcing cyber hygiene and vigilance against phishing attempts.
  
  
• Stakeholder Reporting: Promptly reporting incidents to CISA, the Pennsylvania Criminal Intelligence Center, law enforcement, and the PUC.

The Commission also encourages utilities - particularly smaller systems - to take advantage of free resources offered by CISA, including cyber evaluation tools and "cyber hygiene" scanning services. For more information on Cybersecurity Awareness Month and available resources, visit: cisa.gov/cybersecurity-awareness-month.

About the PUC

The Pennsylvania Public Utility Commission balances the needs of consumers and utilities; ensures safe and reliable utility service at reasonable rates; protects the public interest; educates consumers to make independent and informed utility choices; furthers economic development; and fosters new technologies and competitive markets in an environmentally sound manner.

Visit the PUC's website at puc.pa.gov for recent news releases and video of select proceedings. You can also follow us on X, Facebook, LinkedIn, Instagram and YouTube. Search for the "Pennsylvania Public Utility Commission" or "PA PUC" on your favorite social media channel for updates on utility issues and other helpful consumer information.

# # #

Contact:

• Nils Hagen-Frederiksen Press Secretary 717-418-2701 [email protected]