Federal and many state regulations require electric, water, wastewater, and gas utilities to establish an identity theft prevention program. Utilities must have policies and procedures in place to detect, prevent, and mitigate the theft of personal customer information. What does this mean for your community-owned utility? You must evaluate and address all of the ways people can open and access your customer accounts which contain personally identifiable information (PII). Failure to comply with these regulations puts your utility at risk of hefty financial penalties and potential civil lawsuits.
Cyber Liability Insurance
Join us for a special event during the American Public Power Association’s 2021 Business & Financial Conference in Denver. Come for lunch on Sept. 20 to learn what’s happening in the municipal cyber and business insurance markets and how you can lower costs and improve coverages through a national group program for APPA members.
In the wake of the COVID-19 pandemic and the resultant implementation of social distancing directives, altered business processes, and new economic realities, community-owned utilities must review and address their technology infrastructure and cybersecurity measures.
Cyber-attacks remain a top business risk for all utilities and municipalities, increasing in frequency, severity, and sophistication. At the top of the cyber-attack list? Ransomware. The recent attack on the Colonial Pipeline is focusing heavy attention on the threat of ransomware on U.S. energy infrastructure. The bottom line: planning is everything. Learn the three best practices for preparing for a ransomware attack and how to create a detailed incident response plan that prevents paralysis should the worst happen.
Environmental perils rank among the highest in Marsh’s Global Risks Report 2021, specifically extreme weather, failure to address climate change, and environmental damage from human activity. These perils can lead to expensive clean-up measures and tort liability. U.S. municipalities and their community-owned utilities should adapt their business model to these realities and include environmental insurance coverage in their risk transfer strategy.
Front page headlines, consumer panic, political fallout, and a $5 million ransom paid. The attack on the largest fuel pipeline in the U.S. is focusing attention on the vulnerability of our energy infrastructure like never before. With people lining up at gas stations when facing only a few days of a shortage, imagine the reaction to the local electric grid being down for who knows how long. It’s beyond time for all municipalities and their utility departments to build out their cyber defenses.
To provide customers with several payment options, the Utilities Department of the Village of Jackson Center in Ohio accepts bank account direct and credit card payments. To ensure the security of customer information and thwart cyber intrusions overall, Jackson Center took advantage of cybersecurity services offered by its electric service wholesale supplier, American Municipal Power, Inc. (AMP). With the help of an assessment conducted by AMP personnel, Jackson Center has developed a culture of cyber vigilance and addresses vulnerabilities through an effective step-by-step process that is manageable for a small staff.
Due to recent news coverage of a major cyber penetration of U.S. government agencies and corporations across the globe, cybersecurity is front and center for city governments and their municipal utility departments. Before reaching out to consultants prepared to help evaluate cyber vulnerabilities and design a protection program, each community-owned utility should gather a baseline of information about their cybersecurity status. This outline will help the utility and potential consultants focus more quickly on the issues to be addressed.
You don’t need to be an expert in IT or have a huge consulting budget to champion your utility’s cybersecurity program. First and foremost, you must recognize that every city employee, utility employee, and governing official plays a key role in maintaining a cyber defense that protects business operations.
To meet public power’s need for cybersecurity solutions that are comprehensive and cost effective, Hometown Connections, Inc. has launched a Cybersecurity Management Program for public power electric, gas, water, and wastewater utilities and other city departments. Hometown Connections is helping community-owned organizations across the United States evaluate their cybersecurity requirements, develop plans for cyber risk management, and deploy effective cybersecurity defenses that include ongoing monitoring, training, remediation, and maintenance services.