This page contains a Flash digital edition of a book.
CO - OP LIVI NG Cyber Security Patrols


Electric cooperatives enhance eff orts to protect reliability, security of their electric distribution systems


By Megan McKoy-Noe, CCC Y


our home probably has several se- curity features—door locks, bolts, and an alarm system. When it comes to cyber security, electric coopera- tives follow the same principle—building and reinforcing multiple layers of pro- tection to safeguard your personal data from attacks.


Securing digital data on an electric dis-


tribution system isn’t a “once and done” job. It’s a continual process of evaluating and addressing risks, tightening measures, planning, and evaluating again. While it’s diffi cult to thwart a determined computer hacker, with constant vigilance electric co- operatives can signifi cantly minimize the possibilities.


“Keeping our members’ information secure is a top priority,” explains Michael Milligan, director of system engineering for Snapping Shoals Electric Membership Cor- poration in Covington, Ga. “Technology constantly changes, requiring a ‘continu- ously improving’ approach towards cyber hazards.”


developing outreach strategies for secure information sharing.


To further pinpoint cyber vulnerabilities, a seven- year utility system security study was conducted by the DOE’s Idaho National Laboratory (INL). Poor “patch management” was cited as the biggest utility weak- ness—patches fi x publicly known security problems. To prevent would-be hackers from discovering se- curity lapses, teams of grid guardians routinely scour electric distribution systems to fi nd and fi x weak spots. “I look for vulnerabilities in control system soft- ware,” remarks May Chaffi n, an INL cyber security re- searcher. “I try to get them repaired before someone takes advantage.”


Lessons learned from the GridEx activity and re- searchers like Chaffin have been incorporated into CRN’s cyber security toolkit. Based on best practices developed by the National Institute of Standards and Technology (NIST) and other industry organizations, the guide focuses on procedures co-ops should adopt to continuously monitor cyber threats and enhance risk preparedness.


“CRN’s cyber security resources are well-rounded tools that helped make our existing security plan more complete and serve as references for future projects,” Milligan comments.


Snapping Shoals EMC represents a na- tional trend of cooperatives bulking up cy- ber security with tools from the Coopera- tive Research Network (CRN), the research arm of the Arlington, Va.-based National Rural Electric Cooperative Associa- tion (NRECA). CRN’s Guide to Developing a Risk Mitigation and Cyber Secu- rity Plan and supporting documents, released in 2011 with funding support from the U.S. Department of Energy (DOE), help utilities of all types develop a process to shore up cyber defenses.


“Electric cooperatives have made substantial progress in cyber security without additional regulation because they owe it to their members to protect system reliability and prevent unauthorized access to personal information,” explains Glenn English, NRECA’s CEO.


Security Sweep


Electric cooperatives have been working with the DOE, the North Ameri- can Electric Reliability Corporation (NERC), the Federal Energy Regulatory Commission (FERC), the U.S. Department of Homeland Security, the Obama administration, and the electric utility industry to strengthen and bolster cyber security. An assault on a co-op, for example, could be a prelude to, or part of, a coordinated cyber strike on the country’s power grid as a whole that could impact electric reliability. Last year, NERC, the nation’s electricity reliability watchdog, conducted an exercise dubbed “GridEx” to identify cyber security concerns and encourage utilities and government agencies to work together to mitigate the issues uncovered.


“GridEx provided a realistic environment for organizations to assess their


cyber response capabilities,” observes Brian Harrell, NERC manager of Critical Infrastructure Protection standards, training, and awareness. “Through the interaction, participants forged relationships across the cyber security com- munity.” A report on the test notes most utilities have adequate response plans in


place, but more training and updated guidelines were suggested. Commu- nication diffi culties were also identifi ed—a problem NERC will confront by


6 OKLAHOMA LIVING


Two INL cyber security specialists conduct research on an electric utility Supervisory Control and Data Acquisition sys- tem. Source: Idaho National Laboratories


Andy Bochman, an energy security lead for IBM’s ra- tional division, praises CRN’s efforts. “While the [IT] community is waiting for [practical] implementation guides from NIST, CRN’s offering breaks things down into actionable, prioritized parts. It allows co-ops to travel down a well-marked path toward better cyber


security and risk mitigation planning in the age of the smart grid.” Regulating Security


The possibility of cyber mischief undermining automated digital technolo- gies used by utilities has Congress, the White House, and regulators consider- ing the right balance of security and emergency response initiatives. “There is no question that there will be some kind of legislation,” predicts English. “It’s important that policymakers make a distinction between what’s appropriate security for bulk power versus distribution systems. The question is whether what’s put forward makes sense, if it will be overly burdensome, and if it will make electricity less affordable for our members.” In 2010, the U.S. House considered the Grid Reliability and Infrastructure Defense Act. A similar measure, the Cyber Security Act of 2012, was introduced to the U.S. Senate in February. Both bills would provide the federal govern- ment with more power to draft cyber security standards but would weaken the NERC/FERC partnership that allows industry stakeholders to help ensure standards are technically sound and able to be properly implemented. NRECA cyber security experts believe any legislation should focus on encouraging fed- eral agencies to routinely provide actionable, timely intelligence about cyber threats and vulnerabilities to utility industry experts. “Hackers are getting smarter, and for some, much of the fun is the challenge of beating your system,” observes CRN Program Manager Maurice Martin. “Co-ops understand cyber security isn’t a one-time thing. Improved commu- nications about potential trouble remains key to this effort.” Electric co-ops are building cyber barricades and fashioning robust plans for addressing current and future dangers. But in a rapidly evolving cyber environ- ment, there’s no such thing as perfect security. OL


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104  |  Page 105  |  Page 106  |  Page 107  |  Page 108  |  Page 109  |  Page 110  |  Page 111  |  Page 112  |  Page 113  |  Page 114  |  Page 115  |  Page 116  |  Page 117  |  Page 118  |  Page 119  |  Page 120  |  Page 121  |  Page 122  |  Page 123  |  Page 124  |  Page 125  |  Page 126  |  Page 127  |  Page 128  |  Page 129  |  Page 130  |  Page 131  |  Page 132  |  Page 133  |  Page 134  |  Page 135  |  Page 136  |  Page 137  |  Page 138  |  Page 139  |  Page 140  |  Page 141  |  Page 142  |  Page 143  |  Page 144  |  Page 145  |  Page 146  |  Page 147  |  Page 148