By Doug King, Director of Cybersecurity, Infrastructure & Information Security Officer
As critical infrastructure, utilities are prime targets for cybercriminals and nation-state actors who aim to disrupt vital services. Studies show time and again that most security breaches are caused by human error. Mistakes are part of human nature, but by building a culture of cybersecurity, co-ops can better manage the risk of cybersecurity failures.
Building a Cybersecurity Team
Building a culture of cybersecurity starts with having the right team in place –one with knowledgeable and experienced experts. Not all electric co-ops can afford an in-house cybersecurity team but that doesn’t mean they’re out of luck. A more affordable option might involve partnering with external cybersecurity specialists who can provide expertise and resources to the co-op at a fraction of the cost.
Employee Education and Open Communication
It’s not the technology that makes cybersecurity work, it’s the people. Within co-ops, everyone has a key role to play in supporting digital security. It is imperative that cybersecurity becomes a habit for employees at each level of the organization. This begins with an informed workforce, which requires open doors of communication between employees and cybersecurity staff. The co-op should prioritize education from the top down and empower employees to ask questions and speak up when they see something suspicious.
Overcoming Challenges
Creating a culture of cybersecurity doesn’t come without challenges. Cybersecurity professionals must walk a fine line: maintaining vigilance against threats while avoiding alert fatigue, a desensitization caused by an overwhelming volume of alerts. The right cybersecurity leader will have the judgement to determine credible threats and act on them.
Another challenge is overcoming the perception of cybersecurity as a department of ‘no’ that stifles progress. Instead, a strong cybersecurity team should be seen as enablers by facilitating the cooperative in innovation and growth while safeguarding its digital assets.
Cybersecurity is crucial to protecting the core business of electric co-ops and the communities they serve. By establishing a capable team, arming employees with information, and empowering them to through open dialogue, cooperatives can build a strong defense against cyber threats. In today’s digital world, a culture of cybersecurity is no longer an option – it’s a necessity.
BrilliT is a wholly-owned subsidiary of Rappahannock Electric Cooperative and was created to help co-ops tackle the cybersecurity and IT challenges of today's constantly evolving digital world.
About the Author
Doug King leads BrilliT with 20 years of experience in the energy industry. He has created security technology patents, provided security services for organizations ranging from 20 to 25,000 employees, and led response teams during ransomware and compromise attacks.
