Electric co-ops have to prioritize cyberthreats a bit differently than other organizations. Their primary threats are foreign actors, such as state-sponsored terrorists, or state level actors themselves. The next level of concern is ransomware and cybercriminals who want to steal their members’ information. Finally, there’s what I would describe as internet background radiation. This includes botnets, worms, whatever is trying to just get into their systems that could cause havoc and mess with reliability.
The first step in assessing threats is monitoring them. That’s where TITAN, a purpose-built security suite for electric co-ops, comes in.
We have a 24/7 Security Operations Center, or SOC, that continually monitors the activity within your co-op’s network and IT infrastructure. That includes traffic as it comes in from the internet and out to the internet. We’re looking for strange patterns and anything that doesn’t fit what we would recognize as part of the normal cooperative traffic.
We do that with something we call the Cooperative Information Security Network, or CISN. Because we have so many cooperative customers, we have a baseline understanding of what a cooperative network should look like. That expertise helps us better identify abnormal events, specifically within the context of your electric co-op traffic.
Because it’s cooperative specific, the CISN is a huge advantage. If a cooperative had some other type of SOC service monitoring it — that also monitors a grocery store and a manufacturing facility — that SOC is not going to understand co-op traffic and know what to look for. A standard SOC service may not be able to identify abnormal activity because they don’t know what’s unusual in the context of your cooperative’s traffic.
We’re looking for anomalies in electric co-op traffic. When we find an anomaly, we use an orchestration tool that allows us to take that anomaly and — assuming we’ve investigated and found it to be a threat— block it across all of the cooperatives we serve.
The TITAN dashboard consolidates and illustrates information from several different security sources. Although the SOC monitors and watches traffic, if a co-op wants to add another pair of eyes, they’re perfectly capable of doing so thanks to the dashboard.
Not every electric co-op has an IT staff, and you don’t have to be an IT expert to understand TITAN’s dashboard, though it helps. Still, it lists threats, and everybody knows what a threat is. Maybe your employee doesn’t understand specifically what that threat means, but they still understand that the threat needs to be addressed.
For cooperative employees who are IT people, I would suggest considering the dashboard another tool in your arsenal. The dashboard shows you how secure your co-op’s systems are overall. It can simply be used to fact check and make sure everything is being accomplished as it should be for the electric co-op.
Whether you’re an IT expert or novice, TITAN makes it easy to understand and protect your critical IT infrastructure.
The National Rural Electric Cooperative Association, or NRECA, looked at distribution electric cooperatives and came up with recommendations on what they need to do to make sure they have a secure IT infrastructure. These recommendations became the Rural Cooperative Cybersecurity Capabilities (RC3) Cybersecurity Self-Assessment.
I think every co-op should do an RC3 assessment to help you understand how secure your co-op is. At the very least, you’ll know if you’re doing enough to ensure you’re not the low hanging fruit a cybercriminal will target.
The assessment helps cooperatives understand where to start. Some of the significant recommendations I’ve seen come out of the assessment include identifying vulnerabilities, having a next-generation firewall, making sure there are appropriate logs and information about what’s going on at the organization, and a good inventory of the co-op’s systems. Finally, an RC3 assessment makes policy recommendations, such as planning for a security incident or data loss.
That said, RC3 is not meant to address everything. Cybersecurity is always changing. It’s more sophisticated than just being able to take a test and say, “Hey, we passed. We’re secure.”
At some point, you need to know your cooperative is doing everything it can to be as secure as possible.
I think cooperatives can determine if that’s the case by looking at it the same way they look at their electric power. Most electric cooperatives have a dispatch. They’re very familiar with the idea of somebody monitoring their distribution electric network 24/7. They already have someone making sure that nothing has gone out, nothing is broken, and that everything is safe.
At the same time, co-ops are constantly making sure they have the right equipment installed, that maintenance is being done in the right way, and that they’re staying ahead of the challenges caused by increased demand.
Staying on top of cybersecurity is the same in many ways. Just as a cooperative stays prepared for its electric distribution network demands, electric co-ops need to be ready for the demands of their network from a reliability and security perspective. Cooperative employees need to monitor the systems or make sure somebody is watching it.
It may seem impossible to stay on top of the ever-changing cybersecurity threats and keep your IT infrastructure secure, but with the right partner and tools, it’s totally possible. Contact us to learn more about how SkyHelm can protect your co-op today.
Keep Reading: How We Created TITAN