Senators Looney, Duff, Maroney, & Needleman Urge PURA to Strengthen Cybersecurity and AI Protections

Senate President Pro Tempore Martin Looney (D-New Haven), Senate Majority Leader Bob Duff (D-Norwalk), state Senator James Maroney (D-Milford), and state Senator Norm Needleman(D-Essex), are urging the Public Utilities Regulatory Authority (PURA) to address the growing vulnerabilities of the state’s critical infrastructure to cyberattacks and malicious use of artificial intelligence.

Senators Looney, Duff, Maroney, and Needleman wrote a letter to PURA on February 18 highlighting the increasing frequency and sophistication of cyber threats targeting essential services beyond electricity, gas, and water. They stressed the need for heightened vigilance and proactive defense across hospitals, schools, transportation systems, communications, financial institutions, and civic organizations. The senators called for PURA to assess and report by the end of 2025 on measures to enhance Connecticut’s preparedness, security, and resilience.

Senators Looney, Duff, Maroney, and Needleman are requesting that PURA provide a detailed plan by the end of the year for strengthening cybersecurity efforts and defending against potential disruptions.

The letter they wrote to PURA is below:

February 18, 2025

Commissioners

Connecticut Public Utility Regulatory Authority

10 Franklin Square

New Britain, Connecticut 06051

Dear Commissioners:

We write with regard to Connecticut’s growing vulnerability to disruption from cyberattack and malicious use of artificial intelligence. We share the concern of many colleagues and Connecticut residents as to how PURA maintains vigilance, supports defense, and prepares to participate in recovery efforts subsequent to cyber compromise or disruption by use of artificial intelligence.

Given the increasing frequency, sophistication and breadth of probes and interference in our critical infrastructure in the broadest sense, we face significant harm from more numerous and powerful sources of threat. Connecticut needs to be aware of and prepared to thwart or manage cyber and artificial compromise to our essential government and private sector services.

Our interest goes beyond the scope of what we frequently discuss as “critical infrastructure” – the distribution and available use of electricity, natural gas and water – to critical infrastructure in the broadest sense. We need to focus on these normal areas of concern, but also on a range of other potential targets such as hospitals, schools, transportation systems, communications systems, financial structures and operations and civic organizations whose disruption would cause significant damage to Connecticut’s security, safety and wellbeing.

We rely on the reliability and safe functioning of our social fabric more than ever, making us dependent on institutions for the necessities of life. We need to expand our concept of “critical infrastructure” to consider how we can best identify and detect potential threats, prevent their execution and defend against possible attacks, and recover from potential damage. We need to create, manage and rehearse programs in all of these areas. Connecticut requires both ongoing vigilance to ensure reliability as well as practiced contingency plans to manage actual damage.

Specifically, we request from PURA an assessment and report by the end of 2025 assessing the points in this letter and setting forth plans for PURA to work with Connecticut’s utilities, relevant government authorities including federal, state and local agencies and private business to identify what constructive steps PURA can take to add regulatory strength to our urgent need for security and integrity in the continued functioning of our critical infrastructure.

We welcome the opportunity to discuss this request with you and urge you to work with the urgency our vulnerabilities require to protect Connecticut from cyber and artificial intelligence threats.