By Doug King, Director of Cybersecurity, Infrastructure & Information Security Officer
Electric cooperatives are a digital bullseye for cybercriminals who seek to do harm to the country’s critical infrastructure. As the digital landscape rapidly evolves, so do the threats faced. This evolution, however, is both a challenge and an opportunity. By embracing proactive cybersecurity measures, co-ops have the chance to not only ensure the reliability of their services but also set the standard for cybersecurity in the industry.
Emerging Threats
With global tensions heating up, electric cooperatives should be mindful of malicious nation-state actors and their increasing collaboration with cybercriminals. As critical infrastructure, utilities are a prime target for national enemies who seek to disrupt necessary services to Americans, impede the country’s capacity to respond to crises, and instill panic. In the past few years, utilities have seen more pointed, sophisticated attacks at higher frequencies than ever before.
Proactive Measures
Electric co-ops can’t afford to be reactive, it’s time to consider how to be proactive. With a cybersecurity team in place, co-ops should conduct comprehensive attack surface management (ASM) analyses to identify vulnerabilities in digital infrastructure. Additionally, it’s imperative that they are selective about what information is made public. Special care should be taken for data relating to operational technology (OT), such as substations. For example, no OT data should be accessible to the public or uploaded to the internet.
Shoring Up Defenses
Many co-ops are in dire need of a security uplift: stop the bleeding, then get healthy. This means first implementing basic security measures. Once in a stable condition, the focus should shift to developing a robust security posture. This includes building the right team of cybersecurity professionals, getting co-op leadership on board, and empowering cybersecurity from the top down.
Electric co-ops are at an inflection point: set the pace for the industry and lead in cybersecurity or be complacent and fall behind the times. There is no road sign that declares we must be victims of security breaches. By taking charge, staying informed on emerging threats, and implementing proactive measures, leaders can better predict and prevent cyberattacks and ultimately ensure the reliability of the grid.
BrilliT is a wholly-owned subsidiary of Rappahannock Electric Cooperative and was created to help co-ops tackle the cybersecurity and IT challenges of today's constantly evolving digital world.
About the Author
Doug King leads BrilliT with 20 years of experience in the energy industry. He has created security technology patents, provided security services for organizations ranging from 20 to 25,000 employees, and led response teams during ransomware and compromise attacks.
