America’s nearly 900 electric cooperatives keep the lights on across 56 percent of the nation. As part of the shared co-op commitment to deliver affordable and reliable energy to our member-consumers, local electric cooperatives work together to develop new technologies, learn from each other and keep the electric grid secure.
As we enter Week 4 of National Cybersecurity Awareness Month, the theme is “Safeguarding the Nation’s Critical Infrastructure.” Electric cooperatives are proud to play a key role in protecting the security of the nation’s complex, interconnected electric power system.
To ensure the reliability and security of the electric grid, co-ops use a flexible approach and draw on a variety of tools and resources. Cybersecurity threats and threat actors continue to evolve and so must the industry’s capability to defend against them. The possibility of a cybersecurity attack is something for which the electric sector has been preparing for years. These preparations include:
- Implementing security standards and technologies to protect our systems
- Forging close partnerships within and across the energy sector and government to identify threats and solutions, and to respond to incidents
- Engaging in active information sharing about threats and vulnerabilities with our industry and government partners
- Participating in industry and cross-sector disaster planning exercises
- Partnering with the Department of Energy (DOE) and other federal agencies on cybersecurity research to improve the tools and resources needed by industry to address cyber threats
Protecting the electric grid from threats that could impact national security and public safety is a responsibility shared by both the government and the electric power sector.
Currently, one of the most valuable research programs for electric co-ops is the funding partnership between DOE and NRECA that we call the Rural Cooperative Cybersecurity Capabilities Program, or RC3. This partnership is specifically focused on addressing the unique cybersecurity needs of small and medium-sized distribution utilities, which comprise much of our membership.
RC3 is a three-year program designed to support and improve electric co-op cyber and physical security programs. The program was funded by DOE at $7.5 million over three years.
A key part of the RC3 program involves training at co-ops throughout the country. In 2017, six cybersecurity summits were hosted across the country as part of the program, with staff from more than 150 electric co-ops in attendance. Five more will be hosted in 2018 and 2019.
Through the RC3 program, NRECA is building a self-assessment toolkit that all co-ops can use. The self-assessment program was launched at select co-ops across the country last year and helps to improve their cybersecurity capabilities. Through the self-assessment program, electric co-ops can identify and implement necessary changes and they can measure their progress over time as they harden their systems.
As RC3 moves into its final year of funding and to meet the growing demand for tools and training, NRECA is working to develop a series of resources for co-ops to consult. These include table top exercises that co-ops can use to test their readiness and cybersecurity guidebooks designed to help a variety of co-op employees better understand cyber preparedness.
The industry’s strategies to protect against cyber threats are constantly evolving. Electric cooperatives are working continuously to assess risks and improve our ability to prevent attacks and recover more quickly and safely after an attack. We’re doing everything we can to protect the reliability of the electric grid on which we all depend.
Jim Matheson is CEO of the National Rural Electric Cooperative Association, the national service organization that represents the nation’s more than 900 not-for-profit, consumer-owned electric cooperatives. He is a member of the Electricity Subsector Coordinating Council, which serves as the principal liaison between leadership in the federal government and in the electric power sector, with the mission of coordinating efforts to prepare for national-level incidents or threats to critical infrastructure. He previously served seven terms as a U.S. representative from Utah.