Governor Dannel Malloy has released a plan to protect Connecticut's utilities against cyber attacks. Connecticut's electric, natural gas, major water companies and the regional distribution systems have already been penetrated in the past.
When asked just how many cyber attacks have happened, Arthur House, chairman of the Public Utilities Regulatory Authority, said he can't go into much detail.
"A lot, and of varying degrees, and that's the point," House said. "When is [one that] almost got through? When is [it] just a simple effort to steal billing information, social security numbers, that sort of stuff?"
As an example, Governor Malloy pointed out the state government's systems have to deal with more than 40 million probes a year. Back in 2013, U.S. Rep. Edward Markey (now a U.S. senator) and Henry Waxman released a survey showing that most utility companies failed to implement voluntary cybersecurity standards recommended an industry organization. Government and private experts have described the electric grid as the "glass jaw" of American industry to The New York Times, with a knockout blow possibly leading to vast blackouts for weeks.
Gov. Dannel Malloy
Malloy's plan would develop standards so regulators can judge how well the utility companies have defended themselves. Companies would also have to consider running more cybersecurity drills and doing audits of their defenses.
The federal government doesn't regulate utilities; that's up to the states. Malloy said Connecticut is the first state to work on such plans with utilities, and he hopes to lead.
"Sitting in those national defense briefings which I receive a couple times a year, it hit me that we were underprepared," Malloy said.
Representatives from Connecticut's two regulated utilities said the bulk transmission systems are highly computerized. When you get to the substations and lines that deliver power to neighborhoods, those are less computerized. But that's expected to change in the future as companies adopt technology like smart grids.