“PG&E Among Utilities Cited for Failing to Protect Against Cyber and Physical Attacks,” The Wall Street Journal, April 10, 2019. They allegedly broke the rules years ago.
What does it say when major utility companies don’t follow the rules on protecting themselves from cyberattack? Is that a colossal Governance and Compliance issue? Do they feel that the rules don’t apply to them? Are they more like guidelines? Is this a cultural issue?