Electric co-ops have a big target on their back. Like any organization, they are vulnerable to common cybersecurity threats like ransomware. Obviously, ransomware is a problem and a potential source for disaster. As long as ransomware keeps making money, it’ll keep being a significant threat and it can be devastating to your co-op.
But, beyond the typical cybersecurity challenges every organization faces, rural electric cooperatives have some unique concerns. They are targets by both state-sponsored terrorists as well as state actors. Bad guys picture co-ops as low-hanging fruit because they know that cooperatives don’t typically have the resources a multibillion-dollar oil and gas company has to invest in cybersecurity.
Suppose a cyberterrorist’s goal is simply to cause chaos. In that case, the attacker can accomplish their mission by targeting connected devices like a voltage regulator. If connected or configured wrong, a voltage regulator will explode like a bomb. Voltage regulators are expensive, and it’s not like people just have them lying around. The turnaround time to replace the regulator, especially right now (given world events), is probably several months. And they cost tens of thousands of dollars.
If a cybercriminal wanted to cause mass disruption to the grid, they could do it through a Generation and Transmission cooperative. Distribution cooperatives are connected to the G&Ts, which are in turn connected to the national electric grid. This is why it’s so important to protect your co-op, and in turn, the nation’s critical infrastructure.
Even if a co-op does have a dedicated IT resource or even an IT team, they are typically overloaded with just trying to keep the co-op running. Distribution electric co-ops typically don’t have any formal cybersecurity regulations to follow and often rely on vague NIST guidelines — so their IT staff may not know exactly what to do to make their systems more secure.
State-level cybercriminals are becoming more and more aware of this vulnerability at rural cooperatives. If cyber terrorists are able to shut the power off to the oil and gas pipelines of the world, they can cause mass chaos to America’s economy.
Where Security, Safety, and Reliability Intersect
Most electric cooperative’s mission statements mention safety, reliability, and affordability.
To provide all three, you have to make sure that you’re protecting the safety of the cooperative itself, protecting linemen, and protecting members with secure and safe data systems.
By having robust cybersecurity you’re also making the service you provide more reliable. If a ransomware attack were to occur, it’s going to shut down the business and you’ll be back to using pen and paper for the next several months. That’s going to make you slower, less efficient, and it’s going to lead to larger outage times.
Also, being able to keep a state-sponsored terrorist attack from happening not only benefits your members because their power isn’t out but also helps the entire United States. Rural cooperatives don’t just power homes, after all. They provide electricity that keeps manufacturers open and enables small businesses to thrive. No matter where you live, your quality of life is directly impacted by the ability of electric utilities to provide safe, reliable power. Often, keeping the lights on also means keeping the entire nation’s economy running.
A key component of security — and thus reliability — is maintaining awareness of your systems. That’s where SkyHelm’s TITAN comes in. TITAN is a purpose-built security suite engineered specifically for electrical cooperatives. It’s monitoring your co-op’s systems at all times. That means TITAN delivers on reliability because it makes sure critical servers are up, systems are operating effectively, and there are no hardware issues.
Related: TITAN’s Origin Story
TITAN is security-centric. SkyHelm partners with your co-op to make sure you’re protected. We monitor for threats and when we find something suspicious, we reach out to you and suggest an action. We’ll work with your team to figure out what the appropriate action is. When we notice unusual activity, we promptly notify your team of the odd behavior. We block obvious cyberattacks immediately.
Most cooperatives are familiar with the idea of a dispatch team that watches the electric grid. Having TITAN in place is very similar. You have a dispatch that’s watching to see if there’s a power outage somewhere. In the same way, SkyHelm has a 24-7 team watching to see if a server goes offline or is not looking healthy or doing something it shouldn’t. The monitoring takes care of both reliability and security.
Establishing and Meeting Cybersecurity Standards
We are very familiar with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards because of our work with cooperatives. We basically consider that the baseline minimum of cybersecurity components we felt a product should cover. Starting from NERC CIP, we also designed TITAN to address all applicable National Institute of Standards and Technology (NIST) standards.
Although co-ops are not currently required to be under any regulatory body type, they’re one incident away from that happening. Suppose a national incident causes a problem for the grid and comes from a co-op. In that case, the regulation is going to be there immediately after. Not only should you maintain a baseline of cybersecurity because you should have that protection, but you don’t want to be the weak link in a chain that protects America. At the same time, if regulation does get implemented, you don’t want to be scrambling to try to make something happen.
Co-op Cybersecurity is Everyone’s Responsibility
Gone are the days when a co-op could just outsource cybersecurity and say, “Hey everybody, we did it. We’re cyber secure. We accomplished our goal and we’re done.”
Cybersecurity is an ever-evolving challenge and it requires everyone across the organization to be vigilant. It takes everybody working together to ensure employees or members are not compromising the network by simple actions, like clicking on malicious links or downloading viruses or other malware. Still, electric cooperatives have to adapt to having limited human resources. The amount of attention that you have to devote to cybersecurity can be reduced with TITAN.
This situation is just too important to hope that you’re doing enough. We have a responsibility that extends beyond protecting ourselves, protecting our co-ops, even beyond protecting our members. We have a responsibility to our country to make sure we’re doing everything we need to do — everything we can do — to ensure that we have safe and reliable power delivery to everybody in the United States.
Contact us today to learn more about how TITAN can help you protect your employees, members, and the nation’s critical infrastructure.
Continue Reading: How Northwestern Electric Cooperative Improved Their Cybersecurity