Cybersecurity - Faucet Facts

EMERGENCY SECURITY ADVISORY: CISA releases "Shields Up" Message regarding Geopolitical Tensions
EMERGENCY SECURITY ADVISORY: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation. Please follow the link here for more information.
New StopRansomware.gov website – The U.S. Government’s One-Stop Location to Stop Ransomware

Welcome to the PUC’s Critical Infrastructure Security and Risk Management Division (CISRM)

CISRM Statement for the team: Critical Infrastructure Security and Risk Management (CISRM) organizes and assists the state of Texas and its utilities in establishing security posture and recovery. Through tools and unilateral communication, the CISRM provides support to utilities and our state during weather emergencies and cyber-attacks. The mission of this division is to increase the preparedness of the state through outreach and assisting in recovery in the event of a disaster for utility companies across the state. This is done by connecting utilities to information and resources to help better prepare for events or by directly assisting in coordination during an emergency.

Cybersecurity News

The world of cybersecurity is a constantly shifting landscape of bad actors innovating to steal critical information or disable critical infrastructure as a way to tilt the balance of power, and most often, to extort money.

Cybersecurity Monitor

In May 2019, State Senate Bill 936 requiring the PUCT and the Electric Reliability Council of Texas (ERCOT) to foster a more collaborative, strategic approach identifying cybersecurity issues and finding areas to improve security measures across Texas’s critical electric infrastructure was passed. As part of this process, a Cybersecurity Monitor (CSM) was selected to help gather and share information across the state. Securitas Critical Infrastructure Services, Inc. (SCIS) was chosen to serve as the CSM for this program leveraging its experience and expertise in strategic planning and regulatory analysis to build a voluntary, non-regulatory outreach program to achieve these goals.

Reach out to the CSM with any questions at TXCSM@scisusa.com.

Join The Monitor Program

To develop a more comprehensive understanding of the Cybersecurity posture of the Texas electrical grid, electrical utilities can join the Cybersecuity Monitor program. Join this program and help better protect the critical infrastructure of Texas.

Cybersecurity Monitor Program Information

Cybersecurity Resources

Best Practices

While the tactics employed by cyber criminals change constantly, the strategic posture adopted by the owners and managers of critical utility infrastructure are rooted in time-tested practices that improve the odds of thwarting an attack and losing control. This guide provides an overview of those practices.

Cybersecurity Best Practices

Frameworks and Assessment tools

Cybersecurity defense can be neither an afterthought or a half measure. Effective defense against intrusions must be conducted within established frameworks that are scalable and measurable. The following resources can help you choose the right framework and testing tools for your organization.

Security Frameworks

Alert Systems and Information Sharing

Fortunately, the organizations devoted to protecting critical infrastructure from attack are closely integrated and continually monitoring threats from around the globe.

Alert Systems links

We strongly encourage Texas utility industry participants to subscribe to the following alert systems to ensure they have access to real-time threat information.

MS-ISAC - CIS Center for Internet Security
DHS - National Cyber Awareness System
DIR - Texas Information Sharing & Analysis Organization

Industry Information sharing websites

Below is a list of information sharing websites that can help provide with the most up to date research and practices that take place throughout the nation.

EPRI - Electric Power Research Institute
E-ISAC - Electricity Information Sharing and Analysis Center
Texas A&M - Texas A&M Cybersecurity Center
W-ISAC - International Security Network

Legislation

State

Utility cybersecurity isn’t just a business best practice, it’s a matter of keen interest for the Texas Legislature. With each passing legislative session, and each advance in the skills of cyber criminals, Texas legislators are building a framework for critical infrastructure companies to follow. The two most critical laws governing CISRM and State Policy related to Cybersecurity are:

Federal

The federal government works closely with state-level agencies like ours to establish and disseminate cybersecurity guidelines for the protection of critical infrastructure. Companies are encouraged to familiarize themselves with the following

We Are Here To Help

If you are a Texas utility owner or operator who wants to notify us of an incident or have a question about your cybersecurity posture, contact us.

CISRM@PUC.TEXAS.GOV

512.936.7000

Contact CISRM

Emergency Management

Texas has essentially written the book on emergency management, creating a networked approach to disaster response integrating the public, private and military sectors in a way designed to minimize loss of life and accelerate recovery. Whether the threat is the weather, a cyber-attack or a pandemic, accurate information is critical for public safety. Report outages or emergency events affecting your utility to the PUC.

Report Outages or Emergency Events

Stay connected

To ensure we can reach our counterpart at your utility company, please be sure to submit accurate contact information for our confidential database using this form:

Emergency Contacts Form

Stay alert and Informed

When storms blow through Texas, flooding, power outages, and blocked roadways are commonplace. Further advisories and emergency changes may also come up as during emergency events. Be sure to bookmark the PUC Storm Resource site to monitor critical utility recovery efforts.

www.puc.texas.gov/storm