On September 18, 2018, Connecticut’s governor released an annual report on the cybersecurity sophistication and readiness of the state’s electric, natural gas and major water companies. The four participating utility companies were Aquarion, Avangrid, Connecticut Water and Eversource.
The report sets the stage for the current threat level by highlighting the federal government’s warnings earlier this year about Russian involvement in cyber attacks on US utility companies. None of the participating Connecticut companies suffered any such attack, according to the report. As the report makes clear, however, those companies have been subject to persistent attempts to access their networks. The report details that participating companies have defended against “a few thousand to over 10 million” attempts to penetrate and compromise their systems each week.
Despite the increasing volume and complexity of threats, the report concludes that the four participating companies have had no known cyber breaches this year. The report also points to the progress the participating companies have made in the areas of board of director involvement, internal audit and review, employee training, vendor due diligence and preparedness drills.
The annual report is the result of a voluntary program established in 2016 under which the participating companies agreed to undergo an annual cybersecurity review.