Michigan

MICHIGANBlue Dividing RuleIn Case of AttackCyberattacks convince state to step up preventive effortsLANSING—A cyberattack against the Lansing Board of Water and Light last May forced the company to pay a $25,000 ransom to get its systems back. It cost an additional $2.4 million to respond and upgrade its technology to prevent further attacks.The Michigan Public Service Commission does not regulate the Lansing Board, but the well-publicized incident prompted the commission to fast-track new rules for cybersecurity reporting.Judy Palnau, spokesperson for the commission, told American Gas that gas and electric utilities face cyberattacks on a daily basis. Although there have been no reports of breaches, the issue is of paramount concern, she said.The utilities will be required to submit annual reports detailing hacking attempts, cybersecurity training, and the names and contacts of key personnel involved in keeping information safe.Although the PSC was already working on cybersecurity regulations, the Lansing incident “stepped up efforts,” Palnau said.Cybersecurity has been much in the news lately, she said. The state of Michigan sees thousands of attempted attacks daily, she said. Five years ago, she toured a small telephone company that was being attacked every day by someone in Jordan.Sally Talberg, chairperson of the public service commission, said in a news release that “it is a question of when—not whether—an attack will occur.”She added that cybersecurity threats pose a challenge to the reliability and safety of natural gas and electric infrastructure, and that federal and state governments need to work collaboratively with utilities to develop programs to address security issues. The annual report will include an overview of the utility’s cybersecurity program; a list of the company’s cybersecurity departments and staffing; a description of cybersecurity training and exercises for employees; an explanation of cybersecurity investments and their rationale; a discussion of the methods used to conduct risk assessments; and a summary of cybersecurity incidents that resulted in a loss of service, financial harm or a breach of sensitive business or customer information.American Gas - March 2017Burns McDonnellUser GuideMastheadPresident's MessagePaying It ForwardWe’re All in This TogetherWarm WelcomeDigestBuilt for the JobA HORSE of a Different ColorLaser FocusBlowin’ in the WindNothing Corny About ThisBy The NumbersNatural Gas IntelligencePlacesOregonWest VirginiaMichiganIowaMassachusettsNew EnglandIllinoisOhioUncovering the Commercial SectorThe Right IngredientsJobsOps ConferenceBurner TipsAd IndexNext IssueMaking A DifferenceMcDonaldULC Pipeline Robotics