state report released Thursday said cybersecurity measures have improved at electric and water utilities, but the companies are urging cable and broadband firms to participate in preparation for cyberattacks as a show of “good corporate citizenship.”
Eversource Energy, Avangrid, Connecticut Water Co. and Aquarion Water Co. held annual review sessions with state officials between January and April to review their cybersecurity measures, according to the Connecticut Critical Infrastructure 2017 Annual Review Report.
Connecticut’s cable and broadband companies were absent from the review, the report said.
“Both utilities and state officials noted that participation by Connecticut’s cable and broadband/cable companies would enhance value of these annual reviews,” the report said. “Their participation in preparation and defense is key to Connecticut having effective defense and recovery systems.”
The report said utilities and state officials will “communicate their request to the cable and broadband companies that good corporate citizenship requires their participation in and contribution to this civic effort.”
Arthur House, the state’s cybersecurity chief, said telecommunications, which are not regulated, balked because they were concerned participation could lead to a “slippery slope” to state or federal regulation.
Representatives of Cox Communications, Charter Communications and the New England Cable and Telecommunications Association did not immediately respond to emails seeking comment. A Comcast representative did not have information immediately available.
The report warned that the expansion of the internet of things — buildings that are connected to the internet, governing security, heating and cooling and other systems — increases the number of places in the electric and water distribution systems vulnerable to a cyberattack.
The utilities do not operate the systems, which are more likely controlled by telecommunications systems that transfer data over networks without human involvement. The utilities said they will work with broadband and cable companies “should the latter agree to address this problem.”
Gov. Dannel P. Malloy appointed House, former chairman of the Public Utilities Regulatory Authority, the state’s first Chief Cyber Security Risk Officer in October 2016. The governor was prompted by increased computer hacking in the public and private sectors.
A report released in June said that of about 4.8 billion connection attempts a month to the state network from external computers, about 2 billion — or 42 percent — are blocked by security. State third-party monitoring detects an average of 66 infected or compromised state systems a month.