Protecting America’s electric grid to ensure a reliable, affordable and secure supply of electricity is a top priority for electric cooperatives. Co-ops use a layered defense strategy to protect both physical and digital assets from storms, vandalism, cyber incidents and more.
Where we stand
Co-ops support the continued integration of industry experts into the development of reliability standards. We oppose legislation or regulation that would allow the federal government to unilaterally create such standards. Co-ops also advocate for continued improvement in the government’s information-sharing efforts with industry as a way of helping protect electric utility systems.
Digging deeper
Advancing cybersecurity
Electric co-ops routinely monitor and manage cyber risks. Cooperation among cooperatives is a key part of that cyber risk management process. Co-ops work together and share cybersecurity information with each other and with industry and federal government partners. Co-ops are seeking better access to government intelligence about threats so that they can respond quickly to protect members’ power and data.
Protecting the grid from natural and manmade threats
As part of the co-op commitment to keeping the lights on, electric co-ops conduct thorough planning, strategy and collaboration sessions. Co-ops work closely with the North American Electric Reliability Corp., federal agencies and local law enforcement agencies on matters of critical infrastructure protection. This includes sharing information about potential threats and vulnerabilities to the electric grid. Co-ops also deploy innovative technologies and monitoring to minimize the impact of power outages, enhance grid resilience and ensure reliable, cost-effective electricity to their communities.
ARLINGTON, Va. – The National Rural Electric Cooperative Association was recently selected to negotiate two contracts for $5 million in federal infrastructure funding to further strengthen the cybersecurity posture of electric cooperatives. The funds will be administered by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response Program (CESER) through the Rural and Municipal Utility […]
ARLINGTON, Va. – The National Rural Electric Cooperative Association has signed an agreement with the North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center to enhance electric sector cybersecurity through increased information sharing and collaboration. The memorandum of understanding prioritizes the sharing of intelligence about security threats, vulnerabilities and cyber incidents through heightened […]
ARLINGTON, Va. – The National Rural Electric Cooperative Association has been awarded $4 million from the Department of Energy to launch Project Guardian, an initiative to advance the cybersecurity posture of electric co-ops by giving them new tools to detect, respond to and recover from cyber threats and attacks. The funding, authorized under the Infrastructure […]
ARLINGTON, Va. – NRECA and a consortium of 39 co-ops from across the country were today selected to negotiate contracts for nearly $100 million in federal infrastructure funding from the Department of Energy (DOE) Grid Resilience Innovation Partnership (GRIP) program. “Electric cooperatives are focused on leveraging innovative solutions to meet tomorrow’s energy needs,” said NRECA […]
ARLINGTON, Va. – The National Rural Electric Cooperative Association (NRECA) today announced the commercial launch of Essence, a next generation Operations Technology (OT) and cybersecurity monitoring solution. Purpose-built to protect America’s critical infrastructure, Essence continuously monitors the operation of electric grids and other operational networks to give real-time situational awareness to owners and operators of […]
The Department of Energy has given a $15 million award to the National Rural Electric Cooperative Association to help electric cooperatives expand cyber monitoring capabilities of their industrial control facilities.
ARLINGTON, Va. – As the Biden Administration’s 100-day electric sector cybersecurity initiative concludes, an additional 52 electric cooperatives have committed to use NRECA’s Essence technology to share their anonymized cybersecurity and threat data with trusted government partners. This expands the commitment among electric cooperatives to join the public-private effort to enhance national cyberthreat detection, mitigation, […]
ARLINGTON, Va. – The National Rural Electric Cooperative Association has been awarded $3.9 million from the U.S. Department of Energy’s Pacific Northwest National Laboratory (PNNL) to expand the association’s Essence cybersecurity program. The award is the next step in a pilot partnership to expand cybersecurity information sharing and readiness announced by DOE last year. “Partnerships […]
ARLINGTON, Va. – The Department of Energy today awarded the National Rural Electric Cooperative Association a $6 million grant to expand ongoing research and development into electric co-op cybersecurity tools. Known as Essence 2.0, the three-year project will deploy a revolutionary cyber monitoring tool to NRECA’s member cooperatives. Essence 2.0 enables machine-to-machine learning and is […]
“The possibility of a cybersecurity attack impacting grid operations is something for which the electric sector has been preparing for years,” said NRECA CEO Jim Matheson.
NRECA’s Rural Cooperative Cybersecurity Capabilities Program (RC3) supports cooperatives as they work to improve the cyber and physical security of their organizations.
NRECA announced a collaboration between N-Dimension Solutions, Inc., Milsoft Utility Solutions, and NRTC to develop “REACT”, a tool to rapidly detect cyberattacks and compromised utility systems.
“America’s electric cooperatives appreciate the Department of Energy’s willingness to listen to stakeholders and take a fresh, open-minded and comprehensive look at the nation’s energy landscape," said NRECA CEO Jim Matheson.
Cybersecurity as a means to keep electric cooperatives safe from attacks to steal critical data or take down power lines requires more than an IT department. It demands a culture.
NRECA will advance “React,” a cybersecurity solution for utilities that monitors IT networks for near real-time detection of possible cyber intrusions.
America’s electric cooperatives will be partnering with the Department of Energy and the American Public Power Association on a $15 million initiative to strengthen protection of the nation’s electric grid from cyber and physical attack.
Claverack Rural Electric Cooperative's Bobbi Kilmer told a House Transportation and Infrastructure subpanel that regardless of the cause of a power outage, restoring service as quickly and safely as possible requires advance planning and coordination across the public and private sectors.
“This bill contains a number of critical funding and policy provisions that will ultimately enable not-for-profit, member-owned electric cooperatives to continue providing 42 million Americans with affordable, safe and reliable electricity," said NRECA's Jeffrey Connor.
The exercise, “GridEx III,” simulated physical and cyber attacks on the nation’s power systems, destruction of communication systems, and damage from explosive devices and shootings.
"We are grateful to Chairman Richard Burr and Vice Chair Diane Feinstein for their leadership in creating a foundation for effective cybersecurity that also, appropriately, protects individual privacy,” said NRECA's Kirk Johnson.
DOE Awards NRECA $5 Million to Expand Cybersecurity Programs for Co-ops
PublishedOctober 15, 2024
Author
Cathy Cash
NRECA will apply $5 million in new funding from the Department of Energy to two programs—the Trusted Industrial Control Cybersecurity Community–Threat Analysis Center (TICCC-TAC) and the Strategic Program for Advancing Rural Knowledge (SPARK)—to strengthen electric cooperatives’ cyber defenses.
“As cybersecurity threats evolve, it is critical that electric cooperative tools and training stay ahead of them,” NRECA CEO Jim Matheson said Oct. 7 following DOE’s announcement.
“Electric co-ops work together to identify and manage growing threats, promote continuous improvement and develop solutions that keep the electric grid secure. This funding will play an important role in ensuring co-ops have the tools they need to better protect their systems and member information.”
TICCC-TAC will receive $3 million and SPARK will get $2 million from DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) through its Rural and Municipal Utility Advanced Cybersecurity (RMUC) program, which was created by the 2021 bipartisan infrastructure law.
TICCC-TAC will expand and enhance the NRECA Research Threat Analysis Center to help electric co-ops focus on major cyberthreats, respond quickly with the necessary expertise and engage with the broader intelligence community with discretion.
SPARK tackles the most immediate challenges rural co-ops face in building cybersecurity skillsets by providing free or low-cost training to the most under-resourced areas. The program also provides opportunities for co-ops to learn how to improve grid resilience.
More than 400 electric co-ops supported NRECA’s funding proposal to DOE, but all co-ops can take advantage of the programs.
“As evidenced by the programs’ great support, the large and growing participation in NRECA’s Cyber Goals Program and our annual Co-op Cyber Tech, among other activities, electric co-ops are eager for cybersecurity training and resources to protect their members and the grid,” said Carter Manucy, NRECA director of cybersecurity.
“We are grateful for this funding to expand and strengthen our services so that no matter how small or rural, when it comes to cybersecurity, no co-op is left behind.”
NRECA Selected for $5 Million in Cybersecurity Funding
PublishedOctober 7, 2024
Author
Media Relations
ARLINGTON, Va. – The National Rural Electric Cooperative Association was recently selected to negotiate two contracts for $5 million in federal infrastructure funding to further strengthen the cybersecurity posture of electric cooperatives. The funds will be administered by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response Program (CESER) through the Rural and Municipal Utility Advanced Cybersecurity (RMUC) program.
The two projects will help increase access to grid security training and improve peer-to-peer information sharing among rural utilities. These new NRECA programs will engage over 400 cooperatives from across the country.
“As cybersecurity threats evolve, it is critical that electric cooperative tools and training stay ahead of them,” said NRECA CEO Jim Matheson. “Electric co-ops work together to identify and manage growing threats, promote continuous improvement and develop solutions that keep the electric grid secure. This funding will play an important role in ensuring co-ops have the tools they need to better protect their systems and member information.”
The Trusted Industrial Control Cybersecurity Community – Threat Analysis Center (TICCC-TAC) project will work with participating utilities to expand and strengthen peer-to-peer information sharing, mutual assistance and cybersecurity expertise. The project will be hosted by the NRECA Threat Analysis Center (TAC), a secure platform designed to provide comprehensive threat analysis, information sharing and community collaboration to support the unique needs of rural electric utilities.
The Strategic Program for Advancing Rural Knowledge (SPARK) program will address the most pressing cybersecurity skillset challenges rural utilities face. It will implement low- and no-cost high-impact training targeting the most critical gaps of under-resourced utilities. The program also will facilitate peer-to-peer information sharing to enhance opportunities for learning and growth and improve grid resilience.
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $15 billion annually in their communities.
Along Those Lines: Balancing AI’s Benefits With Cybersecurity Risks
PublishedSeptember 9, 2024
Author
NRECA
Artificial intelligence, with its remarkable ability to digest and analyze enormous amounts of data and to identify patterns and anomalies, has nearly limitless positive applications for industry, including for electric utilities. But it could be used just as effectively as a malicious tool by hackers and scammers.
Electric cooperatives, like many other sectors, are moving cautiously with AI, finding ways to safely implement new and enhanced systems while marginalizing certain tools that could increase cybersecurity risk.
To learn more about the broad impacts of AI on co-op cyber practices, we’ll talk to Carter Manucy, NRECA cybersecurity director. And we’ll also hear from Dairyland Power Cooperative Vice President and Chief Information Officer Nate Melby and Business Application Supervisor Vlad Tsoy about a new internal AI tool that they built.
Co-ops to Help Host DOE’s Largest Class of Clean Energy Fellows
PublishedAugust 30, 2024
Author
Molly Christian
Electric cooperatives are among the 68 organizations chosen to host clean energy fellows under the latest round of a U.S. Department of Energy program.
The fellows will support co-op efforts to evaluate or deploy battery storage, distributed energy resources, microgrids and other clean energy innovations.
“These fellowships really are a win-win—by providing cooperatives with additional staff to support innovative projects underway while also developing the workforce of the future and highlighting the benefits of being a part of the cooperative family,” said NRECA Regulatory Affairs Director Stephanie Crawford.
DOE’s Clean Energy Innovator Fellowship (CEIF) program recruits recent college graduates and energy professionals to spend up to two years backing host organizations’ projects. The 2024 fellowship class, which the DOE announced Aug. 21, is the largest to date.
As part of that round, Tri-State Generation and Transmission Association Inc. in Colorado will host a fellow to analyze battery storage as a distributed energy resource for disadvantaged rural communities. The fellowship will be Tri-State’s third under the CEIF.
“Our fellows have been instrumental in helping create innovative energy solutions for our members, bringing a fresh perspective and energy that is making a real difference for our members,” Tri-State Chief Energy Innovations Officer Reg Rudolph said. “Our fellows offer refined skill sets for using data and analytics for more informed and strategic decisions and are purpose-driven, which resonates with our cooperative business model and vision of the future.”
The decision gives the state’s co-ops “another way to deliver on a commitment to powering a brighter future for our 2.5 million members and rural communities,” said Lee Ragsdale, senior vice president of energy delivery for NCEMC.
The fellow “will help accelerate the deployment of microgrids across the state by working with our team to implement a simplified, templated design for these innovative systems, ultimately enhancing grid resilience in communities throughout North Carolina,” Ragsdale added.
Other co-ops receiving new fellows include Farmers Electric Cooperative in Greenville, Texas, to expand its DER program; Rappahannock Electric Cooperative in Fredericksburg, Virginia, to grow its commercial/industrial clean energy DER integration programs for grid resilience and optimization; and Ahoskie, North Carolina-based Roanoke Cooperative to support efforts to operationalize its data analytics plan.
“Having a DOE fellow means Farmers has access to additional insights and valuable new work on projects as we build our distributed energy programs,” said Samantha Crouch, Farmers’ general counsel and senior director of power supply and energy services. “We’re also excited about the opportunity to encourage the professional growth and education of a future energy industry professional.”
DOE Official: Finding Common Ground Is Key for Reliable, Resilient Grid
PublishedAugust 27, 2024
Author
Molly Christian
The power sector and government are best at solving industry challenges—including how to ensure a stable, reliable grid—when they work together, a top Department of Energy official told electric cooperative leaders at an NRECA gathering in Arlington, Virginia.
Gene Rodrigues, assistant secretary for DOE’s Office of Electricity, spoke Aug. 21 at an inaugural meeting between NRECA’s Strategic Technology & Advisory Council and Member Advisory Groups (MAGs).
The council and MAGs are made up of co-op representatives and have leads within NRECA’s Business & Technology Strategies division. The MAGs focus on areas of innovation, including distributed energy resources, cybersecurity, generation and data analytics. Representatives of the Transmission and Distribution Engineering Council also attended the meeting.
As the power sector rapidly transforms due to emerging technologies and new demand sources, Rodrigues said four principles should anchor what DOE and co-ops do: reliability, resilience, security and affordability.
“The thing that makes NRECA effective … is that we work together around those four things,” he said. “Those principles are what I think are really important.”
But ensuring those attributes is increasingly difficult, according to Rodrigues.
“Reliability and resilience are no longer things that we can forecast accurately,” he said. “And that means we have to get better in this industry about being not just adaptable, but actually being a little more able to … allow judgment to replace a regulator’s economic model for what to do and how to approve it.”
Addressing those challenges also means collaborating across policy divides.
“As we think about all those things that are important to fight against, let’s find a way for this industry to come back to an area of … agreement,” said Rodrigues.
As an example, he pointed to a successful collaboration among DOE, NRECA and other stakeholders to craft final new energy efficiency standards for electric distribution transformers to provide stability to industry after DOE’s problematic initial proposal amid the ongoing supply chain crisis.
“In a perfect world, we would address every issue that way, instead of litigating and regulating, et cetera,” the DOE official said. “We don’t live in a perfect world. So, what we have to do is try to push the balance to as much upfront collaboration around those four principles as we can and just recognize that there are always going to be things that we argue about.”
That cross-sector cooperation will be key as the U.S. prepares for elections in November that could have a big impact on national energy policy.
“There is so much common ground,” Rodrigues concluded.
Co-ops Discuss Risks, Opportunities of Demand Surge From AI, Data Centers
PublishedJune 11, 2024
Author
Molly Christian
An expected surge in U.S. power demand from AI, data centers and other sources will be an “engine of growth” for electricity providers but also pose major reliability risks, two electric cooperative leaders warned at a recent event on supply threats to the grid.
Northern Virginia is home to many data centers that are having a “huge impact” on power consumption, Northern Virginia Electric Cooperative President and CEO David Schleicher said during a June 5 virtual briefing on “The Deepening Electricity Supply Crisis” hosted by the U.S. Energy Association.
About six years ago, Manassas-based NOVEC was a 1,000-megawatt distribution co-op, but its capacity has since doubled and is on the way to reaching around 8,000 MW.
“It’s our engine of growth,” Schleicher explained.
But that expansion comes with big challenges. Schleicher noted that data centers can be built in 18 months—well ahead of the four-year or longer lead times for some new substation equipment.
NOVEC gets its power from the PJM Interconnection, which relies heavily on the region’s natural gas and coal plants. But state and federal policies are pushing a shift toward carbon-free resources.
“[We’re] seeing an awful lot of renewable [energy] coming in with solar and offshore wind, which is going to be an integration challenge without new baseload generation,” Schleicher warned.
The Rockwall, Texas-based generation and transmission co-op is experiencing organic annual demand growth of 10%, and an influx of data centers is forcing them to plan for “doubling or even tripling our size,” Rayburn President and CEO David A. Naylor said at the briefing.
For Rayburn, all options are on the table for increasing supply, but when “you look at what’s available to meet those needs … you’re driven by the current technology,” Naylor said.
The co-op went so far as to purchase a natural gas-fired plant last year, but “we need more resources to meet our current needs, let alone… these additional data centers and [other demand sources],” he said.
In 2023, the North American Electric Reliability Corp. projected “material growth” in electricity demand in its long-term reliability assessment—a change from prior forecasts for flat to modest increases, NERC President and CEO Jim Robb said at the USEA event.
At the same time, the loss of many coal plants could rob the grid not only of power but other services such as spinning reserves, frequency response and voltage support, Robb said.
“As we pull any of these individual plants out, we’ve got to be mindful that we’ve got to replace not just the energy … but also the reliability benefits that they provide to the grid,” he said. “And that’s why we get concerned about the loss of traditional generation.”
NRECA Signs MOU with Electricity Information Sharing and Analysis Center to Bolster Cybersecurity Collaboration
PublishedMay 28, 2024
Author
Media Relations
ARLINGTON, Va. – The National Rural Electric Cooperative Association has signed an agreement with the North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center to enhance electric sector cybersecurity through increased information sharing and collaboration.
The memorandum of understanding prioritizes the sharing of intelligence about security threats, vulnerabilities and cyber incidents through heightened coordination between the E-ISAC and NRECA’s Threat Analysis Center.
“Electric sector cybersecurity challenges and threats are increasingly complex and require seamless coordination between industry partners,” NRECA CEO Jim Matheson said. “This MOU will facilitate enhanced collaboration between the E-ISAC and NRECA’s TAC, ensuring the reciprocal exchange of critical threat information and analysis.”
Under the MOU, NRECA will provide E-ISAC with deidentified summaries of cyber threats and incident reports from its member electric co-ops, while E-ISAC will share advisories and analysis of threat data.
Ultimately, the partnership aims to strengthen both parties’ security capabilities through collaborative exercises, knowledge sharing and comprehensive joint efforts.
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $15 billion annually in their communities.
NRECA Receives $4 Million in DOE Funding to Boost Electric Co-op Cybersecurity Preparedness
PublishedMay 20, 2024
Author
Media Relations
ARLINGTON, Va. – The National Rural Electric Cooperative Association has been awarded $4 million from the Department of Energy to launch Project Guardian, an initiative to advance the cybersecurity posture of electric co-ops by giving them new tools to detect, respond to and recover from cyber threats and attacks.
The funding, authorized under the Infrastructure Investment and Jobs Act and part of the Rural and Municipal Utility Cybersecurity (RMUC) Program, will be provided over a four-year period by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER).
“As cyber threats evolve, so must electric co-op efforts to protect against them,” NRECA CEO Jim Matheson said. “Project Guardian will accelerate ongoing electric cooperative cybersecurity collaboration and, in partnership with DOE, help protect the electric grid from increasingly sophisticated cybersecurity threats and attacks.”
NRECA and a working group of electric cooperatives will leverage the funding to concentrate efforts on four areas:
Self-Assessment Framework. NRECA will revamp a self-assessment program to help co-ops understand their cybersecurity strengths and vulnerabilities while also guiding them toward greater cyber maturity. The program will help electric co-ops develop right-sized incident response plans and incorporate tailored cybersecurity tabletop exercises in their planning.
Threat Analysis Center. NRECA will use its Threat Analysis Center to disseminate program content to electric co-ops, including tabletop exercises, guidelines, on-ramp guides for TAC usage, threat advisories and other critical information.
Cyber Champions. The project will cultivate co-op cyber champions who are responsible for amplifying and cascading relevant information and updates to other electric co-ops within their region. In partnership with other public entities, they will establish two-way communication channels and synchronize messaging related to cyberattack reporting and collaboration before, during and after cyberattacks.
Workforce Development. The project team will catalogue cybersecurity job roles and descriptions aligned with industry needs, in collaboration with DOE’s National Laboratories. Standardized job descriptions and career trajectories will help co-ops secure and retain a robust cybersecurity workforce.
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $15 billion annually in their communities.
NRECA, Electric Co-op Consortium Selected for Wildfire Mitigation Infrastructure Funding
PublishedOctober 18, 2023
Author
Media Relations
ARLINGTON, Va. – NRECA and a consortium of 39 co-ops from across the country were today selected to negotiate contracts for nearly $100 million in federal infrastructure funding from the Department of Energy (DOE) Grid Resilience Innovation Partnership (GRIP) program.
“Electric cooperatives are focused on leveraging innovative solutions to meet tomorrow’s energy needs,” said NRECA CEO Jim Matheson. “This infrastructure funding is an important step as electric co-ops work to harden systems against wildfires and enhance the reliability of the grid. These projects hold tremendous potential for local communities as their co-ops unlock new ways to use technology to help mitigate wildfires and keep the lights on.”
NRECA’s consortium bid enables smaller co-ops to work together and submit a competitive application for infrastructure funds. The consortium projects will accelerate completion of high-priority wildfire mitigation projects at 39 electric co-ops across the country.
Specific co-op projects in the consortium application cover a range of projects focused on local wildfire mitigation.
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $15 billion annually in their communities.
Early that Sunday morning, the Colorado electric cooperative was hit with a ransomware attack that quickly spread through its network and took over key systems like phone and email, customer information and meter data management.
After months of work to re-create and restore DMEA’s network, build new cyber protections and get back to a new normal, managers at the co-op decided that the lessons from that attack were too valuable to keep to themselves. Hear from DMEA Chief Information Officer Bob Farmer and IT Manager Jay Suckey as they walk us through what happened and what they learned.
View an NRECA webinar recording (cooperative.com login required) to hear more from Farmer, Suckey and NRECA cyber experts on the DMEA cyberattack and response.
NRECA’s New Commercial Cybersecurity Solution Protects OT and IT Systems in Real Time
PublishedFebruary 27, 2023
Author
Media Relations
ARLINGTON, Va. – The National Rural Electric Cooperative Association (NRECA) today announced the commercial launch of Essence, a next generation Operations Technology (OT) and cybersecurity monitoring solution.
Purpose-built to protect America’s critical infrastructure, Essence continuously monitors the operation of electric grids and other operational networks to give real-time situational awareness to owners and operators of critical infrastructure. The program is used by 149 co-ops that collectively provide power to a total of 4.6 million meters. It can effectively be deployed by other types of utilities as well.
“As threats and threat actors evolve, electric cooperatives consistently work to improve their cyber defenses,” said NRECA CEO Jim Matheson. “That’s especially true as the nation’s electric grid becomes increasingly connected and digitized. Essence is field tested and proven to help electric cooperatives stay ahead of the curve.”
The program runs on a proprietary artificial intelligence system that oversees a cyber-physical rules engine which instantly alerts operators to both physical and cyber anomalies. This instant awareness allows Essence users to quickly identify and respond to issues in real time. The technology also enhances the physical security of electric system assets such as transformers.
“Identifying, troubleshooting and responding to increasingly sophisticated cyber and physical attacks is a constant area of focus for the owners of critical infrastructure,” said Wayne McGurk, NRECA’s Chief Information Officer and Essence program lead. “Essence is uniquely positioned to empower America’s electric co-ops and other critical infrastructure owners across many sectors that can benefit from monitoring their OT and IT assets in real time.”
NRECA developed Essence in collaboration with the Department of Energy (DOE) and electric co-ops. The current version of Essence demonstrates a significant advancement in the capability to defend against major security threats against critical infrastructure.
“The development and deployment of Essence at Wake Electric has given us advanced visibility and operational awareness while enhancing our system protection,” said Don Bowman, vice president of operations and engineering at Wake Electric Cooperative, which provides electric service to 48,000 consumers in seven North Carolina counties. “This new visibility into what’s happening on our system enables us to stay ahead of evolving threats.”
Essence is available to NRECA’s member co-ops as well as utilities of all kinds, including municipal and investor-owned electric utilities and natural gas and water providers. To request a demo or learn more, visit www.electric.coop/essence
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $12 billion annually in their communities.
Essence 3.0, NRECA’s Cybersecurity Solution for Grid Awareness, Goes to Market
PublishedJanuary 31, 2023
Author
Cathy Cash
NRECA’s Essence 3.0 cybersecurity solution is going from a research and development project funded by the U.S. Department of Energy to a commercial solution already deployed at nearly 55 electric cooperatives and with growing demand by more.
“We have a go-to-market strategy to actively market and sell Essence to utilities, including our co-op members,” said Wayne McGurk, NRECA senior vice president and chief information officer.
The tool’s core capabilities include passively mapping a co-op’s network, providing situational awareness to grid operators and observing digital conversations between networks and devices.
This latest version of Essence has been expanded to identify 32,000 threat and vulnerability characteristics for information technology and operational technology to spot anomalies on Supervisory Control and Data Acquisition (SCADA) networks and issue alerts.
“The bottom line is cybersecurity threats have a cascading effect—they cause outages, equipment degradation or they downright destroy equipment,” said McGurk.
“With Essence monitoring your OT and IT systems associated with the grid, you have the instant ability to know what is going on with your system and track cyberthreats sooner and mitigate before it can potentially get catastrophic. Essence elevates situational awareness across the grid.”
Current Essence 3.0 customers include generation and transmission cooperatives that in turn provide the solution’s coverage to their member distribution co-ops. In total, Essence effectively provides 149 co-ops serving a total of 4.6 million meters nationwide with next-generation systems to detect cyberthreats.
Co-ops are providing “overwhelmingly positive” reviews about Essence 3.0’s new capabilities and performance and its flexible component-level architecture for easy deployment, McGurk said.
“Essence 3.0 is purpose-built for co-ops and utilities with new capabilities for protecting American critical infrastructure,” said McGurk.
“With electrical grids, you must be concerned not only with IT but also OT in order to protect the grid. Not only does Essence 3.0 have a better user interface, but better performance, and we cover the ecosystem across both IT and OT.”
Visit the Essence page on electric.coop to learn more about the tool or to request a demonstration. There will also be a four-hour training session on Essence at TechAdvantage® Experience in Nashville, Tennessee, next month.
Q&A: Electric Co-ops’ Top Policy Priorities for 2023
PublishedJanuary 3, 2023
Author
Erin Kelly
NRECA is diving into 2023 with a long list of policy goals that range from shaping a new five-year Farm Bill to helping electric cooperatives prepare for catastrophic wildfires.
“All of our priorities are aimed at helping our members maintain reliable and affordable power and giving them tools to help meet the challenges of the future,” said Hill Thomas, NRECA’s vice president of legislative affairs.
Thomas and Ashley Slater, NRECA’s vice president of regulatory affairs, said their teams will work closely together to help pass legislation that benefits co-ops and then ensure that those new laws are implemented as intended.
Co-ops saw major policy wins in 2021 and 2022 with passage of the bipartisan infrastructure law and key co-op provisions in the Inflation Reduction Act, and NRECA will continue its efforts this year to ensure that members benefit fully from the programs created by those laws.
In a recent Q&A session, Thomas and Slater outlined what’s ahead for co-op policy goals.
What are NRECA’s top regulatory priorities for 2023?
Slater: I have a long list!
• Implementing NRECA’s two priority provisions in the Inflation Reduction Act: direct-pay energy tax credits and the $9.7 billion U.S. Department of Agriculture program to assist co-ops with the energy transition.
• Shaping agency funding opportunity announcements for co-op programs included in the $1.2 trillion bipartisan infrastructure law. Those programs include rural broadband, electric vehicle programs to build a network of chargers, grid resiliency and modernization, physical security and cybersecurity, and clean energy programs.
• Protecting co-op access to an affordable, reliable power supply as the Environmental Protection Agency looks to regulate greenhouse gas emissions and air pollutants.
• Ensuring sound transmission policy as the Federal Energy Regulatory Commission contemplates first-in-a-decade transmission reform.
• Ensuring that the Department of Energy uses its presidentially directed Defense Production Act authority appropriately to ease supply chain shortages.
• Ensuring that any new cybersecurity or physical security reporting requirements by the Department of Homeland Security are optimized for co-ops to enhance their security posture and improve their ability to protect against, detect and respond to—or recover from—threats to the electric system.
• Modernizing environmental permitting. The existing processes take too long, are too expensive and are an impediment to co-ops’ ability to meet future energy needs. They need to be modernized to give more certainty in the energy transition.
• Working with co-ops to prepare for and respond to catastrophic wildfires. Co-ops that want to do vegetation management are running into inconsistent guidance from the Bureau of Land Management and the Forest Service. We need to work with the agencies to streamline the process.
• Working with co-ops to ensure that the broadband maps produced by the Federal Communications Commission are done correctly to provide the best picture of where broadband is and isn’t available across the country. The FCC has released a pre-production draft of its latest broadband maps.
What are NRECA’s top legislative priorities for 2023?
Thomas: For the first couple of months, our top priority will be holding Co-op 101 sessions to meet the 81 new members of Congress and educate them about electric cooperatives. Beyond that, we want to make sure Congress is engaged when they need to be to ensure the legislation that has already passed is implemented the right way to benefit co-ops and their members.
A new five-year Farm Bill is being written by Congress that will affect electric co-ops and all of rural America, so that will be a priority. And we support a bipartisan permitting modernization conversation. Also, we’re going to continue to face supply chain problems, and we’re going to continue to work to solve that.
We’ve already had co-op leaders come and testify to Congress about the upcoming Farm Bill. How will it affect electric co-ops specifically?
Thomas: The Farm Bill is the only piece of legislation that Congress does that is uniquely and specifically aimed at rural America. It is designed to support rural America and we share that goal. It’s important for us to talk about our priorities, including many of the USDA programs that we use such as rural development financing, the home energy efficiency program and clean energy deployment financing. These programs can be reauthorized in the new Farm Bill, and we want to make sure they’re operating as effectively as possible and are good to go for the next five years.
The other big conversation will be about broadband. There’s an opportunity to rewrite and improve the USDA ReConnect broadband program, which has provided opportunities to many of our members but could also operate more efficiently. It’s a fairly new program that has received lots of money, but some of our members haven’t been able to get access to it because it’s just too bureaucratic. We need to streamline the program so we can serve the communities that need it most.
Is the environment in the Biden administration and in Congress, with divided government, conducive to accomplishing NRECA’s goals?
Thomas: On the congressional side, with the House majority and the president being from different parties, it is going to be a tough environment for big, game-changing legislation. But we have a good reputation for being able to bridge gaps and find partnerships and bipartisanship. I think there will be lots of opportunities for us to engage in these important conversations.
Slater: We recognize that resource planning decisions are unique to the needs of the specific co-op and the communities they serve. The administration understands that if they want their policies to have a real impact, they have to reach rural America. And they can’t get there without electric co-ops.
That presents a real opportunity for our members who want to participate. In order to push an energy transition across the country, if you want to get there, you have to go through electric co-ops. If there’s no uptake, you’re not going to be successful in getting these dollars utilized…To the extent that we can be a conduit, that’s our edge.
Co-op Employs Quick Thinking, Creative Solutions to Reduce Outages After Substation Attack
PublishedDecember 6, 2022
Author
Derrill Holly
Editor’s Note: Randolph EMC announced Wednesday morning that permanent, full power had been restored to its Moore County substations and members. The co-op is no longer asking members to conserve electricity.
A North Carolina electric cooperative’s quick thinking and creative solution has restored intermittent power to members after two Duke Energy transmission substations were attacked by gunfire over the weekend.
The Asheboro-based co-op immediately responded by dispatching crews to assess the damage and craft a plan to restore service to members as quickly as possible.
“That transmission line fed our Eastwood substation and our Seven Lakes substation,” said Dale Lambert, CEO of Randolph EMC. “Service cannot be [fully] restored to Randolph EMC substations until the repairs are made.”
Early Sunday morning, co-op crews, aided by mutual aid personnel and contractors from the surrounding areas, began building more than two miles of new lines to connect the co-op’s de-energized lines to available power supplied from other locations. The tielines have enabled the co-op to restore service to members on a rolling basis due to power constraints.
“These tielines will allow us to pick up some of the members who are affected, but not all at the same time,” said Lambert, who is using social media messages and videos to help keep co-op members informed.
Randolph EMC is urging members in the affected area who have power to conserve electricity so that what is available will not overload the newly constructed, temporary system.
“We have provided rotating intervals of power, but we will not rest until our Moore County members are fully restored. They are our top priority,” said Lambert.
The tieline buildouts were completed Monday night. They involved upgrades to existing lines and construction of a new three-phase line.
“This is an unprecedented outage that’s drawn national attention because of the crime that occurred,” said Lambert. He added that the Moore County Sheriff’s Department has increased patrols around the co-op’s assets since Saturday to help discourage further criminal activity.
The FBI and state authorities are assisting local law enforcement with the investigation.
“These kinds of things cannot happen,” said North Carolina Gov. Roy Cooper during a briefing on Monday. “We cannot tolerate this kind of wide power outage to so many people.”
Duke Energy said it will cost several million dollars to repair its equipment and it could be at least Thursday before power transmission from the two damaged sites can be restored.
Local officials have opened temporary shelters to assist those without power, and the intermittent energized periods are now allowing some businesses to operate, restoring access to gasoline, groceries, medical care and other necessities.
NRECA Receives $15 Million DOE Award to Expand Cyber Protection of Industrial Control Systems
PublishedNovember 1, 2022
Author
Media Relations
ARLINGTON, Va. – The Department of Energy today awarded a $15 million award to the National Rural Electric Cooperative Association to help electric cooperatives expand their cyber monitoring capabilities of their industrial control facilities. The award will be spread over three years, with $10 million disbursed in 2022 and the remaining $5 million in subsequent years.
“As threats and threat actors evolve, electric cooperatives consistently work to improve their cyber defenses. Funding like this helps co-ops stay ahead of the curve,” said NRECA CEO Jim Matheson. “Our longstanding partnership with DOE makes the electric grid more resilient, reliable and secure.
“On behalf of America’s Electric Cooperatives, I thank the agency for recognizing this important opportunity. We look forward to working together to advance the real-time security and cyber capabilities of electric cooperatives.”
With the award funds, NRECA will partner with electric cooperatives to identify and deploy industrial control system monitoring technologies. The association will leverage learnings from this process to enhance the security and preparedness of all co-ops.
Electric cooperatives and other utilities have adopted or committed to adopt technologies to improve the security of the operational technologies and industrial control systems that manage the nation’s electric systems by enhancing the visibility, detection, and monitoring of these critical networks.
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $12 billion annually in their communities.
Along Those Lines: What Does an Electric Co-op Look Like to a Hacker?
PublishedOctober 18, 2022
Author
NRECA
In recognition of Cybersecurity Awareness Month in October, the latest episode of Along Those Lines examines what an electric cooperative’s internal and operational networks might look like to a hacker and what co-ops can do to tighten their defenses.
Hear from Ryan Newlon, NRECA’s cybersecurity solutions principal, and Bryan Hatton, a cybersecurity researcher at the Idaho National Laboratory whose work includes “white hat hacking.”
NRECA Pioneers Dual-Disaster Tabletop Drill With Co-ops, State Officials
PublishedMarch 22, 2022
Author
Cathy Cash
What would happen if a polar vortex plunged thousands into icy darkness in the Northeast and then, after electric cooperatives in the central U.S. sent mutual aid, a 7.7-magnitude earthquake hit along the New Madrid Fault that stretches from Illinois to Arkansas?
That’s a scenario that emergency, safety and energy coordinators from 22 electric cooperative statewide associations and their state government peers wrestled with in Fractured Freeze, the first tabletop exercise of its kind. The drill was organized by NRECA and the National Association of State Energy Officials.
NRECA CEO Jim Matheson welcomed more than 50 participants, including two U.S. Department of Energy officials, to the exercise recently in Arlington, Virginia.
“This is an excellent example of where folks can put their heads together and better prepare for the future because, let’s face it, your job is not getting any easier,” Matheson said. “At NRECA, we want to find the best way to convene everyone; to find opportunities to facilitate discussion and implementation of ideas.”
Roundtables of co-op and state officials tackled power restoration and recovery from the two make-believe disasters that created harrowing circumstances for mutual aid crews, including shortages in gasoline, accommodations and supplies along with damaged roads, bridges and other critical infrastructure.
“Dual disasters like those in Fractured Freeze may not be that far-fetched as weather and environmental conditions become more extreme,” said Martha Duggan, NRECA senior regulatory affairs director. “This exercise allowed electric co-ops to face two catastrophes in a safe place, polish their strengths and develop bonds with state officials that will be crucial when disaster strikes.”
Ben Bolton, senior energy programs administrator at the Tennessee Department of Environment and Conservation, facilitated the exercise and shared his experience from 11 natural disasters in his home state over the last two years.
“You can’t have a massive outage without it affecting rural co-ops or the state energy office. Both get involved in different ways,” he said. “We need to increase our cooperation. This is a first great step to build that bridge between rural co-ops and state energy offices.”
Co-op participants said Fractured Freeze provided significant benefits: • New state emergency contacts. • Opportunities to educate state officials on the co-op model. • Relationship building with other co-op statewide associations. • Reinforcement of the need for timely recordkeeping for reimbursement from the Federal Emergency Management Agency. • New resources and techniques for disaster recovery.
Co-op officials said the exercise gave them a blue-sky chance to fill the void in their state connections.
“It was a good idea for NRECA to have this exercise and invite state officials,” said Rob Land, vice president for risk management and training at the Association of Missouri Electric Cooperatives. “It helps to develop a working relationship before a disaster strikes.”
Peggy Dantzler, vice president of loss control and training for the Electric Cooperatives of South Carolina, echoed the significance of the exercise in establishing these relationships. “Co-ops need a person at the county or state emergency level so communications can happen more accurately and more quickly,” she said.
Co-op leaders also were eager to share with state officials how co-ops operate and coordinate to restore service through mutual aid agreements.
“The exercise really opened up their eyes to how much territory we cover in a state,” said Joe McElroy, safety director at the Michigan Electric Cooperative Association. “They also have a much better idea on how we all work together in the real-life disasters. In that respect, the exercise was worth its weight in gold.”
Even veterans of massive natural disasters found the exercise valuable. Discussions drew new ideas to expedite recovery, like contacting park services when chainsaws are needed or the state tourism department to secure housing for crews. State and public officials also can help identify large empty parking lots for staging and tent cities.
“We exercise our storm muscle quite a bit,” said Addie Armato, CEO of the Association of Louisiana Electric Cooperatives. “When you’re in the heat of it, you’re strictly focused on your industry and your particular needs. This exercise allowed us to come together and have a better understanding of the big picture and not just tunnel vision we have when we get into recovery mode.”
Q&A: Texas Co-ops Weigh In on Grid Reforms a Year After 2021 Freeze
PublishedFebruary 14, 2022
Author
Derrill Holly
A year after a prolonged severe winter storm caused the near-collapse of the Texas power grid and left more than 4 million households without electricity, state lawmakers, regulators and power providers have worked to assess the causes of the outages and harden critical infrastructure. When another cold snap hit the state early this February, those measures were tested in real-time.
Julia Harvey is vice president of government relations and regulatory affairs at Texas Electric Cooperatives, the statewide association that represents 76 co-ops serving more than 4 million members. She recently discussed steps that have been taken over the past year to shore up the energy grid and what still needs to be done.
The widespread outages last year have been largely attributed to failures in the state’s natural gas infrastructure, is that right?
Harvey: Yes. There was some interplay between natural gas assets and the electric utility system that we had not seen to this extent before. When some aspects of the natural gas transmission system were affected by sustained freezing temperatures, multiple electric generation resources were not able to operate at full capacity because their fuel supply was constrained.
The loss of fuel access for electric generation became a multiple-day event. Because so much generation was unavailable and demand was so high, ERCOT [the Electric Reliability Council of Texas], which manages the statewide grid, had to invoke load shedding operational rules to help stabilize the system.
What have you learned in the past year, and what tangible steps have been taken to reduce the chances of such extreme disruptions from happening again?
Harvey: The susceptibility of certain infrastructure to freezing was central to changes in both legislation and Texas Public Utility regulations. More than 4,000 access points on key utility infrastructure have been inspected since September, and enhanced weatherization measures have been implemented to support increased resiliency during extreme weather.
According to ERCOT, on-site inspections have been completed at 302 generation facilities and 22 transmission facilities, and 321 of those sites now meet winterization requirements imposed by the legislature and the PUC. As important as generation weatherization is, a reliable grid can only be achieved when the gas system is also weatherized.
In regard to the [natural] gas system, an additional reform relates to a new critical infrastructure map being created by the PUC and the Texas Railroad Commission, which regulates the oil and gas industry. This map will reflect current and future operational needs related to the gas supply chain. That allows certain gas transmission assets to be designated as essential so they are prioritized by electric utilities during a load shed event. Gas facilities identified on the map will also be required to weatherize, which will support increased resiliency on the system.
Are you confident that all the relevant state agencies are working together effectively on this issue?
Harvey: Last February’s freeze highlighted the importance of coordination and communication between both the electric and natural gas industries and the regulatory agencies that oversee various aspects of their operations.
The Texas Legislature has now formalized a framework to make that work. It’s a council of oil and gas representatives, the PUC, the railroad commission, and ERCOT that establishes a venue and a forum for communications during emergency events to help ensure that the electricity supply chain operates reliably during emergencies.
How confident are you that co-op voices are being heard as the nature of Texas energy markets and industry oversight evolves?
Harvey: Leading up to the freeze event during the first week of February [2022], the PUC, ERCOT and the new Texas Energy Reliability Council created by the legislature were very good about communicating with all segments of the industry—including cooperatives—regularly and consistently. We feel like we have a seat at the table from the cooperative perspective and our concerns are being heard and addressed. Part of the framework of ERCOT, reaffirmed since the 2021 event, has been the importance of effective communications on market issues, and regulators recognize this.
What challenges remain for the state’s grid?
Harvey: We are fully expecting more changes to be made to the electric system, both to infrastructure and market aspects of the business. Those include the need for weatherization of natural gas components. That’s why advancement and completion of key infrastructure mapping is so important. Portions of those systems need to be weatherized so they can better withstand extreme weather. We also expect additional weatherization requirements to be adopted for electric utility and generation infrastructure.
One of the highest-profile consequences of last year’s event was the run-up on the price of natural gas, which directly affects the price of electricity. Some customers in retail choice areas were directly exposed to those prices. Has that been addressed?
Harvey: In certain retail markets not served by co-ops or public power providers, there is retail choice. During the 2021 freeze, certain providers indexed retail rates to $9,000 per megawatt-hour of electricity, and that led to enormous bills for some consumers. That practice has now been prohibited. The legislature also took steps to ensure that retail choice providers have a higher standard of accountability. Further, the maximum wholesale price has been reduced by the PUC to $5,000, so prices will not rise to the level seen last February.
What do consumers need to know about the changing nature of electric markets and how they can affect reliability?
Harvey: Extreme operating events like the 2021 cold snap underscore the importance of maintaining diversified “all options” generation portfolios that provide service and pricing flexibility.
We support an all-of-the-above energy strategy that allows the evolution of our market design to make sure that with that growth of renewables, that conventional thermal dispatchable generation still has a place in Texas to back that up.
Hawaii Co-op Among the First to Use Drones to Install Bird Diverters
PublishedJanuary 31, 2022
Author
Cathy Cash
A Hawaiian electric cooperative is upping its conservation game as a pioneer of specialized drones to deploy bird flight diverters on its power lines that span remote and dramatically rugged terrain.
Kaua‘i Island Utility Cooperative is placing hundreds of advanced diverters along 740 spans of power line throughout the island’s dense tropical rainforests, jagged mountain peaks and steep valleys.
“When complete, we will have installed tens of thousands of diverters using drones,” said Beth Tokioka, communications manager for the Lihue-based co-op.
“Some areas where diverters were needed were in mountainous or forested areas where use of bucket trucks was not possible. Drones were the only way we could access these lines safely. They were an extremely efficient tool for completing these installations.”
Historically, utilities have used helicopters or large bucket trucks for such remote installations, but an upcoming report from NRECA finds that cost and safety factors are driving a trend toward the use of unmanned aerial vehicles for these jobs.
“The use of unmanned aerial vehicles offers a new way to install certain types of overhead marking devices over more traditional approaches,” notes the report, “New Trends in Avian Protection.”
“UAV-supported line marking can reduce costs and increase safety. NRECA recommends cooperatives discuss these options with qualified developers, other utility users, and qualified contractors before pursuing one option or one vendor to best fit the cooperative’s needs and budgets.”
KIUC has been testing different types of technologies and devices to minimize bird strikes for more than a decade. Diverters were first used on a small scale to test their efficacy. About two years ago, the co-op started working with new data on where strikes were most frequently occurring, which allowed for a more strategic installation, Tokioka said.
“This project is also proving to be very effective in our effort to minimize bird strikes with power lines,” she said. “Any cooperatives facing the same challenge with difficult terrain should consider the use of drones as a safe and efficient installation method.”
KIUC is using a combination of passive reflective and LED diverters. Each is effective at keeping specific avian species away, including three species of endangered seabirds and five species of threatened and endangered waterbirds.
“Reflective diverters are small devices that glow in the dark,” said John Cox, KIUC’s transmission and distribution manager. “LED diverters use a small solar panel that charges during the day and produces light that’s visible to birds throughout the evening.”
The co-op plans to continue using drones to install and maintain its diverters.
“KIUC has a responsibility to protect our natural environment,” Tokioka said. “We’re in the process of developing a longer-term Habitat Conservation Plan that will formalize current minimization activities in relation to requirements of the federal and state endangered species regulations.”
Co-op Demo of Sensor Technology Reduces Wildfire Risk, Improves Reliability
PublishedJanuary 25, 2022
Author
Derrill Holly
An electric cooperative in Texas is going all-in on a promising new grid sensor after extensive collaboration with the state’s pre-eminent research university showed the devices improve reliability and can even help head off wildfires.
In 2017, engineers at Texas A&M University approached Navasota-based MidSouth Electric Cooperative about testing their experimental distribution fault anticipation sensors, which the university spent more than a decade developing.
DFAs are installed at a substation and continuously monitor a circuit for faults or potential arcing events. Signals from the sensors can notify operations crews before a fault occurs. That provides operators with the options of shutting down or rerouting power before an arc can damage a circuit or send sparks and molten metal to forest floors where they can ignite dry vegetation.
“By detecting problems as they develop, we can anticipate failures and avoid some outages, failures on local conductors and unsafe conditions like phase slapping that occur on galloping lines during windy conditions,” said Carl Benner, a research engineer on the Texas A&M team that developed the technology. “Some of those conditions are known to increase fire ignition risks.”
MidSouth agreed to try the devices out at substations in and around the Sam Houston National Forest. After these tests showed positive results, the co-op committed to install them at 10 additional substations per year. By the end of this year, all 60 of MidSouth’s substations will host the technology.
“We have been able to detect a failing switch in a substation and make repairs with no members out of service before catastrophic failure, which could take a complete substation offline,” said Robert Taylor, an engineering specialist with MidSouth. “Our reliability is improved by being able to head off some of the controllable problems that start small and escalate with time that we wouldn’t otherwise know about until failure occurred.”
When potential problems are detected by a DFA unit, operations crews analyze the cause and, depending on the data, will send personnel to examine the problem feeder. Taylor says they’ve been able to troubleshoot multiple issues before a fault or dangerous arcing.
“We detected, found and reported a loose clamp in the forest that was arcing before any outages, a fire or complaints from members occurred,” he said.
Co-op officials say DFA technology improves their ability to monitor the overall health of their distribution network because it detects problems that other systems are not designed to report. They are now using it in conjunction with their automated metering infrastructure and supervisory control and data acquisition components to get better quality information about events occurring across their system.
“The primary benefit of implementing DFA technology is wildfire and outage mitigation which is significant for the co-op, our members and the whole community,” said Kerry Kelton, MidSouth’s CEO and general manager. “Building relationships with universities like Texas A&M helps propel our use of new and emerging technologies while also reaching the next generation of potential co-op employees.”
DOE Awards NRECA $5 Million to Continue Grid Cybersecurity Work
PublishedOctober 28, 2021
Author
Cathy Cash
NRECA is receiving $5 million from the U.S. Department of Energy to continue its work in developing and deploying sophisticated cybersecurity tools and tactics for the electric utility industry.
The funds come from the Electricity Subsector Industrial Control Systems Cybersecurity Initiative following the administration’s 100-day action plan to secure the U.S. energy grid.
NRECA CEO Jim Matheson said the Oct. 27 announcement from DOE underscores how government partnerships, information sharing, technology development and coordination with the industry “are essential to strengthening electric sector cyber defenses.”
“Electric co-ops are appreciative of this funding that will help support the deployment of advanced technologies to stay ahead of cyberthreats,” he said.
NRECA has partnered with DOE on several cybersecurity projects, including Essence 2.0, a tool that instantly alerts utilities of possible network intrusions, allowing administrators to lock out bad actors and warn other grid operators in real time.
“Real-time visibility into what’s happening across several different systems is important to strengthen our cybersecurity capabilities and identify attacks in their infancy,” Matheson said.
NRECA also partnered with DOE on the Rural Cooperative Cybersecurity Capabilities (RC3) program, which offers co-ops cybersecurity training, risk assessments, tabletop exercises, workshops and more.
“DOE’s trusted partnerships across the electricity complex are integral to ensuring and maintaining a reliable flow of energy across the country,” said Puesh Kumar, acting principal deputy assistant secretary for DOE’s Office of Cybersecurity, Energy Security and Emergency Response.
“As we continue supporting the 100-day plan and taking action to protect and defend our critical infrastructure, we want to gain greater cyberthreat visibility and develop longstanding relationships with the public utilities that power our homes and businesses.”
DOE also awarded $5 million for this initiative to the American Public Power Association.
Along Those Lines: Amid Rise in EVs, New Cybersecurity Considerations Emerge
PublishedOctober 19, 2021
Author
NRECA
Second in a two-part series for Cybersecurity Awareness Month: The proliferation of electric vehicles into the U.S. market is only expected to accelerate in the coming decades as more and more car manufacturers expand their fleets into the EV space. But as utilities, including electric cooperatives, and other interests work to build EV infrastructure that can keep pace with the expected demand, this growing web of connected charging stations will create a host of new cybersecurity vulnerabilities.
To learn more about what those vulnerabilities are and how to mitigate them, we’re joined by Shannon Murry with the FBI’s Cyber Division along with Brian Sloboda, NRECA consumer solutions director and the association’s point person on EVs.
Check out part 1 of our October cybersecurity series, in which cyber experts from the FBI and NRECA explain how co-ops can avoid becoming victims of ransomware and what they should do if they’re attacked.
Along Those Lines: How Can Electric Co-ops Avoid Becoming Victims of Ransomware?
PublishedOctober 11, 2021
Author
NRECA
First in a two-part series for Cybersecurity Awareness Month: Ransomware became a household word earlier this year when the Colonial Pipeline, a major fuel delivery source on the East Coast, was shut down for several days after hackers attacked the company’s billing system.
These highly disruptive and costly network intrusions are on the rise in the United States and globally, and businesses across the spectrum are being targeted. How can electric cooperatives avoid becoming victims of this sophisticated malware? And what should they do if they are attacked?
To answer those and other questions, we’re joined by Ryan Newlon, NRECA’s principal for cybersecurity solutions, and Dave Eisenreich, a special agent with the FBI in the Cyber Division and that group’s liaison to the energy sector.
Check out part 2 of our October cybersecurity series, in which cyber experts from the FBI and NRECA discuss the cyber vulnerabilities that come with the rise in electric vehicles and how to mitigate them.
Along Those Lines: Understanding Essence, a Co-op-Created Cyber-Defense System
PublishedAugust 24, 2021
Author
NRECA
Cybersecurity has been an ongoing priority for electric cooperatives for decades. But in recent years, as electric utilities have deployed new connected technologies to monitor and maintain the grid, the need for strong cybersecurity on the operations technology side has grown exponentially.
To help co-ops with a solution that’s customized to their specific needs, NRECA worked with co-ops and other partners to develop Essence, a tool that began as an innovative way to quickly identify anomalies on downline systems and has evolved to become a robust method for detection, visualization and reporting of potential cyberattacks. In this episode, we’re joined by Emma Stewart, NRECA’s chief scientist, to learn more about this unique tool.
NRECA Cybersecurity Technology Sees Rapid Adoption During 100-Day Federal Initiative
PublishedJuly 29, 2021
Author
Media Relations
ARLINGTON, Va. – As the Biden Administration’s 100-day electric sector cybersecurity initiative concludes, an additional 52 electric cooperatives have committed to use NRECA’s Essence technology to share their anonymized cybersecurity and threat data with trusted government partners. This expands the commitment among electric cooperatives to join the public-private effort to enhance national cyberthreat detection, mitigation, and forensic capabilities.
As part of the 100-day initiative, NRECA and the Electric Subsector Coordinating Council (ESCC) have consulted with DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) to inform future recommendations for protecting the U.S. electric system from persistent and sophisticated cyberthreats.
Fifty-seven electric co-ops will deploy the government-approved Essence 2.0 technology and anonymously share their security and threat data with trusted partners. Six other cooperatives will use another technology platform for a similar purpose.
“Information sharing, technology development and coordination among industry and government partners are essential for strengthening electric sector cyber defenses,” said NRECA CEO Jim Matheson. “Real-time visibility into what’s happening across several different systems is important as the government and private sector work together to minimize blind spots and identify attacks in their infancy.”
NRECA will continue engaging in the ongoing conversation about cybersecurity across the electric sector while also working with electric cooperatives and other stakeholders to expand the adoption of technologies like Essence highlighted during the 100-day initiative.
Essence 2.0 is an anomaly-detection platform that uses operational technology sensors to identify and warn of possible network breaches in real time. NRECA received $6 million from DOE last fall to further develop the technology and was recently awarded $3.9 million from DOE’s Pacific Northwest National Laboratory to expand the program.
“As this groundbreaking technology is rapidly deployed, it will work in unison with a growing suite of platforms to pilot a heightened sense of awareness and cyber-readiness,” said Matheson. “We look forward to continuing this meaningful partnership with the federal government to meet our shared objective of enhancing cybersecurity in the electric sector.”
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $12 billion annually in their communities.
Co-ops Aid in Rollout of Standardized Outage Map for First Responders and Public Safety
PublishedJune 25, 2021
Author
Derrill Holly
A group of electric cooperatives and other utilities are working with government researchers to improve power outage reporting by standardizing the way information is captured and displayed when major service disruptions occur.
NRECA, National Information Solutions Cooperative and several co-ops and public power districts are supporting development and deployment of the Outage Data Initiative Nationwide system, or ODIN. Widespread use of the technology could improve emergency operations response with more effective communications presented with standardized data.
“About 4,000 electric utilities in the United States now produce outage information developed in several different formats,” said Tony Thomas, a senior principal engineer with NRECA’s Business and Technology Strategies department. “ODIN is a single-pane data solution for public safety and emergency management personnel so that coordinating responses won’t require rotating through multiple screens and websites to get real-time status views from multiple utilities serving a threatened area or region.”
Researchers at Oak Ridge National Laboratory and the Department of Energy have been working on ODIN for about six years. Several co-ops and public power districts were involved in development and beta-testing for the interface that’s designed to pull data from existing outage management systems.
The system, now available for deployment and use, provides details by county, postal code or geo-position, including data on repair and restoration estimates. ODIN was developed using NRECA’s MultiSpeak® standard. MultiSpeak, a software system that facilitates secure data-sharing, is used by most co-ops, other utilities, universities and the Department of Defense.
“It takes about 30 minutes to set it up so a member’s outage management system can provide data to the ODIN system,” said Todd Eisenhauer, vice president of quality and process assurance at NISC. “The local, state and federal agencies accessing the data get timely information to assist with evacuations, incident response and logistics planning during recovery periods.”
Eisenhauer said many NISC members are already providing data collected through their outage management systems to their statewide associations, state public utility commissions and other users, and inclusion in DOE’s ODIN portal is an easily added option.
Use of the ODIN system is expected to gain momentum during the current wildfire and hurricane seasons. The interface also has communications potential for polar vortex events, spring floods affecting broad areas, and demand incidents prompting emergency conservation or grid management measures.
“ODIN is designed to provide first responders and incident management teams with national or regional views that can be drilled down to focus on local conditions,” said Thomas. “Users will be able to quickly determine whether power is on or off in specific areas and if transmission and distribution lines are energized or not.”
Knowing that information on a real-time basis enhances safety for firefighters and emergency service crews. It also can help with management of evacuation routes and the location of relief services. The technology could prove essential against cyberattacks that might affect electricity service over broad areas of the country.
“ODIN is taking this to a higher level for all utility parties involved and aligning the data for various key stakeholders,” said Eisenhauer. “This will be useful whether displaced residents are looking for the locations of heating centers during widespread freeze events or essential services when service disruptions occur during wildfire events. Standardization of how the information is presented enhances its value for all users involved in managing event response.”
Along Those Lines: Lessons Learned From the Texas Power Crisis
PublishedMay 25, 2021
Author
NRECA
An unprecedented Arctic blast and winter storm that hit the Midwest and the South in February caused widespread power supply issues, rolling blackouts and sustained outages. The event impacted multiple states, but Texas was hit the worst with several days of outages, crippling power supply shortages and nearly 200 deaths attributed to the storm. What happened in Texas, and why was it so much worse there?
Hear from Mike Williams, CEO of Texas Electric Cooperatives, as well as Mark Jones, a Rice University fellow who was part of a University of Houston research team that surveyed Texas power consumers in the immediate aftermath of the storm.
NRECA Bringing Co-op Perspective to Biden’s 100-Day Cybersecurity Initiative
PublishedMay 10, 2021
Author
Cathy Cash
NRECA is working with an industry group and the Biden administration on a voluntary 100-day initiative to enhance national cyberthreat detection, mitigation and forensic capabilities.
Led by the White House National Security Council with support from the Department of Energy and the Department of Homeland Security, the initiative’s first focus is on the industrial controls and operational technology systems of electric utilities with more than 50,000 customers.
“Federal agencies cite the need for enhanced cybersecurity technology options, driven by the growing risk to control systems and concern about the potential for adversaries to compromise systems essential to our daily lives,” said NRECA CEO Jim Matheson.
“Through NRECA’s role in the Electricity Subsector Coordinating Council, we are working closely with the federal government as it implements this initiative, including providing input on how the government can provide assistance to electric cooperatives to meet the objectives of enhancing cybersecurity in the electric sector.”
The ESCC is a CEO-led organization that serves as the principal liaison between electric utilities and the federal government to prepare for, and respond to, national-level disasters or threats to critical infrastructure.
NRECA wants to ensure co-ops have a way to voluntarily engage in the 100-day initiative and is advocating for federal financial incentives to help utilities strengthen their cyber defenses through advanced sensors and software.
One technology that is being considered with this initiative is Essence, which was developed by NRECA with exactly these issues in mind. This sophisticated anomaly-detection tool can identify and warn of possible network breaches in real time. NRECA received $6 million from DOE last fall to further develop this groundbreaking cybersecurity tool and was awarded $3.9 million this week from the DOE’s Pacific Northwest National Laboratory to expand the program. A large-scale co-op pilot is underway.
“With cost-effective technologies like Essence, co-ops can gain a level of monitoring and situational awareness that can improve the sector’s common operating picture,” said Bridgette Bourge, NRECA legislative director.
“If this initiative includes financial assistance for not-for-profit electric entities, we could greatly improve the industry and government’s ability to quickly identify trends or concerning activity around our critical infrastructure and respond,” Bourge said.
NRECA Awarded $3.9 Million for Cybersecurity Information Sharing Partnership
PublishedMay 10, 2021
Author
Media Relations
ARLINGTON, Va. – The National Rural Electric Cooperative Association has been awarded $3.9 million from the U.S. Department of Energy’s Pacific Northwest National Laboratory (PNNL) to expand the association’s Essence cybersecurity program. The award is the next step in a pilot partnership to expand cybersecurity information sharing and readiness announced by DOE last year.
“Partnerships like this are vital as we work to keep the electric grid secure and reliable,” said NRECA CEO Jim Matheson. “As threats and threat actors evolve, electric cooperatives consistently work to improve their defense capabilities. Collaboration and cooperation are two strengths that co-ops draw on as they work together to implement cybersecurity solutions. America’s electric cooperatives look forward to working with DOE and PNNL in this expanded opportunity and we look forward to bringing our cooperative approach to this partnership.”
The two-year, $3.9 million award will support the deployment of Essence, an information and operational technology sensor platform created by NRECA with advanced capabilities to detect industrial control system anomalies and threats with speed and precision. As part of the deployment process, Essence systems will be the first ones to connect to PNNL’s Cybersecurity Risk Information Sharing Program (CRISP), which leverages DOE resources to analyze, and distribute actionable threat information to the energy sector.
Essence and CRISP will work in unison to pilot a heightened state of awareness, information sharing, and cyber-readiness between the electric sector and the federal government. These award funds build on a powerful and growing suite of NRECA’s cyber resources developed to support the electric industry’s work to stay ahead of evolving cyberthreats.
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $12 billion annually in their communities.
Essence 2.0 is a proven, industry-ready solution to enhance America’s cybersecurity posture. The technology is used by cybersecurity teams and operating engineers to protect key systems against unknown, emerging threats.
Essence 2.0 has been developed in collaboration with the U.S. Department of Energy and NRECA’s development partners.
New technology developed to rapidly identify and defend against emerging cybersecurity threats is being demonstrated at a growing number of electric cooperatives nationwide.
The technology is being developed by NRECA and its partners through a cooperative agreement with the U.S. Department of Energy. Essence 2.0 monitors for cyberthreats and instantly provides key indicators to utility experts to defend systems against emerging threats. Using a set of algorithms, Essence 2.0 continuously assesses power grids for anything out of the ordinary. When unusual circumstances are detected, the technology provides real-time indicators, which allows for informed decision making to counter the threat.
“We are choosing partner electric cooperatives to help demonstrate and advance the capabilities of this platform,” said Emma Stewart, chief scientist at NRECA. “Being able to identify emerging threats in real time is the most important element of this approach so that electric cooperatives and other users can adapt quickly—not weeks later—to protect their systems.
“Our goal is to gain the most coverage from this technology for protecting the nation’s electric system and providing real-time situational awareness of the grid,” Stewart said. “Essence 2.0 can be used by cybersecurity teams and operating engineers to protect key systems against unknown, emerging threats. No other tool combines this capability for IT and OT collaboration with an awareness on both cyber and physical elements of the power grid.”
In 2020, DOE awarded NRECA $6 million to demonstrate that Essence 2.0 is an affordable resource for utilities to protect their operational technology (OT) and information technology (IT) against cyberthreats. NRECA has implemented the technology at a strategic set of electric co-op partners and seeks to expand its use to 55 additional co-ops under the DOE award. The expanded deployments are scheduled to begin this year.
Don Bowman, vice president of engineering and operations at Wake Electric Membership Corp. in North Carolina, says the meld of informational and operational technologies “focuses on the data points that matter in a timeframe that allows us to act quickly—protecting our infrastructure from dangers on the network.”
“Knowing all of the actors in our networks, and recognizing the data flowing from point to point, gives us confidence to use new technology to deliver reliability and affordability to our member-customers,” he said.
As the Essence 2.0 platform capabilities continue to mature, NRECA and co-op partners are transitioning the research to have broader industry impact, says Doug Lambert, NRECA’s senior principal for grid solutions. “We are coordinating with DOE to support situational awareness on the electric grid and advance research that is forging commercial partnerships with industry for long-term sustainability.”
Essence 2.0 research is focused on advancing and integrating two technologies developed by NRECA and its technology partners—a “cybersecurity-collect-communicate-collaborate” (C4) platform and a real-time anomaly detection capability called GridState. Both technologies were proven effective against cyber and physical attacks in the Rapid Attack Detection, Isolation and Characterization System program using live environments sponsored by the Defense Advanced Research Projects Agency.
Essence 2.0 provides shared security resources to community-owned co-ops and other small utilities as part of a comprehensive strategy to ensure protection of the electric grid.
Texas Legislators Grill Utility Execs on Power Outages
PublishedMarch 3, 2021
Author
Derrill Holly
More than two dozen utility executives, including leaders of two electric cooperatives, testified at two marathon hearings in the Texas legislature last week to examine what went wrong during a February cold snap that paralyzed the state’s electric grid and left millions without power for days.
Residents of hundreds of Texas communities are still struggling to recover two weeks after one of the longest and most widespread power outages in the state’s history, and lawmakers are demanding assurances that the problems never happen again.
“This is the largest train wreck in the history of deregulated electricity,” said state Sen. Brandon Creighton of Conroe.
During the Feb. 13-19 event, Texas’ electric grid was impaired by the loss of generation from wind and solar energy, coal, natural gas and nuclear sources. Just under half of the state’s electric generation sources were offline at one point during the week.
“When you lose almost half your generation, you are going to have a problem,” Bill Magness, president and CEO of the Electric Reliability Council of Texas, told a state Senate committee last Thursday.
ERCOT is the grid operator overseeing the generation and transmission assets of dozens of utilities in the state, including electric co-ops. Collectively, those utilities serve 26 million Texans in 70% of the state’s territory. Of the 620 generation units on the ERCOT system, at least 185 reported problems.
A combination of ice storms, subfreezing temperatures, mechanical failures, fuel challenges, stakeholder miscommunications and unprecedented demand compromised grid stability and left 4 million consumers without power. Had demand been allowed to outpace the available generation, damage to power plants, substations and other assets would have been extensive.
“We never want to black out the system, so that’s the problem, and there’s nobody that wants to solve it more than me,” Magness said Feb. 25 during a grueling and often contentious 10-hour committee hearing.
During the emergency, ERCOT called on transmission operators to implement controlled outages to prevent catastrophic failures.
“Even though we had sufficient generation to meet the needs of our members, we had to shed load like any other transmission provider,” said Mike Kezar, CEO of South Texas Electric Cooperative, a G&T owned by eight distribution co-ops.
STEC’s five power plants, two wind farms and a pair of hydroelectric facilities, owned or under contract, performed well throughout the emergency, he said. But the G&T’s transmission was still subject to ERCOT-ordered cyclical power interruptions, which averaged 3.5 hours each.
The loss of generation, particularly from natural gas pipeline failures and curtailments of industrial generation sources, prompted ERCOT to activate a $9,000-per-megawatt-hour price cap mandated by the Texas Public Utility Commission. The typical cost of power on the ERCOT grid is around $26 per MWh.
Similar control measures have been used previously for short periods of time to help manage peak summer demand costs, but extended application of the capped rate is unprecedented.
A $2.1 billion February power bill forced Waco-based Brazos Electric Power Cooperative to file Chapter 11 bankruptcy on March 1, citing the need to insulate its 16 distribution co-ops and their members from “unaffordable electric bills,” said CEO Clifton Karnei in a statement.
“This court-supervised process will provide us with the protections and mechanism to protect and preserve our assets and operations and satisfy obligations to our creditors,” he said.
Amarillo-based Golden Spread Electric Cooperative belongs to both ERCOT and the Southwest Power Pool and saw costs balloon in both power markets during the cold weather event.
“Estimates are that the power bill for the month of February 2021 will exceed the cost of power paid in previous years,” said D’Ann Allen, the G&T’s manager of member relations. “Whatever Golden Spread’s share of that expense is will be high and, unfortunately, borne by our members.”
Allen said the co-op is working with its board to determine how to soften the blow for member co-ops. “More than likely, it will take years,” she said.
Some Texas co-ops are adopting measures to ease the impact on consumers, including suspending late fees and disconnects for non-payment, relaxing deposit requirements, offering deferred payment plans and delaying planned electricity rate changes that were scheduled to go into effect this spring.
NRECA Earns $6 Million DOE Grant to Boost Electric Co-op Cybersecurity Readiness
PublishedSeptember 25, 2020
Author
Media Relations
ARLINGTON,
Va. – The Department
of Energy today awarded the National Rural Electric Cooperative Association a
$6 million grant to expand ongoing research and development into electric co-op
cybersecurity tools.
Known as
Essence 2.0, the three-year project will deploy a revolutionary cyber
monitoring tool to NRECA’s member cooperatives. Essence 2.0 enables machine-to-machine
learning and is designed to quickly detect and share information about anomalies
in utility network traffic that may be the result of a cyber breach. The
technology also provides specific information that allows for isolation and
definition of the breach characteristics for sharing with others in the
industry to determine if a breach is a larger, coordinated attack by
adversaries.
“As cyber threats
and threat actors continue to evolve, so must electric co-ops’ capability to
defend against them,” said NRECA CEO Jim Matheson. “Maintaining the security
and resilience of the grid, and protecting consumer data, requires a flexible
approach that draws on a variety of tools, resources and options. The Department
of Energy recognizes the importance of this tool to our sector’s cyber
readiness. We believe it will be a valuable resource in our members’ cache of
cybersecurity preparedness resources.”
The Essence
2.0 project builds on NRECA’s existing cyber readiness and prevention tools and
will be deployed to electric cooperatives early next year. Click
here for more information and background about the award.
The National Rural Electric Cooperative Association is the national trade association representing nearly 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $12 billion annually in their communities.
Along Those Lines: How Co-ops Come Together to Recover from Storms
PublishedJune 9, 2020
Author
NRECA
Electric cooperatives across the South have already seen massive storm damage across their systems, and the 2020 hurricane season is just now getting started. When outages are too much for one co-op to handle, neighboring co-ops from within their state and across state lines are quick to lend a helping hand to get power back up and running quickly and safely.
Martha Duggan, who oversees NRECA’s state and national coordination initiatives, and Michael Kelley, safety and loss director at the Alabama Rural Electric Association of Cooperatives, talk us through how co-op mutual aid is coordinated and what it looks like on the ground, even with the added challenges of a global pandemic.
Co-op Community Loses Cybersecurity Leader; Szamrej Urged Collaboration
PublishedOctober 29, 2019
Author
Cathy Cash
Jacek Szamrej, a leader in cybersecurity for electric cooperatives and utilities large and small, most recently as vice president at SEDC, died Oct. 13 from a heart attack. He was 61.
Szamrej joined Atlanta-based SEDC in 2016 and helped
launch its Cyber Resilience Initiative. In announcing his hire, SEDC President and CEO RB
Sloan said Szamrej “really brings a holistic approach to cybersecurity.”
“He has left an enduring mark on SEDC, on the NRECA
community, and on utilities everywhere. His mentorship and his love of sharing
knowledge ensure that his work in cybersecurity will continue to grow and
benefit us all for decades to come,” SEDC said in a statement marking Szamrej’s
passing. SEDC provides utilities with software solutions for billing,
accounting, engineering, cybersecurity and operations.
Prior to SEDC, Szamrej devoted 13 years to building cyber defenses at Vermont Electric Cooperative, where he expanded his expertise in IT, utilities, network and communications technologies.
Born in Torun, Poland, Szamrej took his
first U.S. job as an electrical engineer at the cooperative in Johnson,
Vermont, in 2003 after decades of acclaimed work in computer models at the
University of Warsaw.
Known for his wit and humor, Szamrej joked in a 2017
interview about which was more difficult, the move from Poland to Vermont or
from Vermont to Atlanta.
Szamrej offered a simple truism for improving cybersecurity that
he found rooted in the spirit of co-ops: “The bad guys are
collaborating; we need to collaborate too for good defense.”
He also emphasized the importance of creating a “culture
of cybersecurity” built on three key pillars: a well-trained staff, sound policies
and the latest tools.
“People, processes and technologies,” he said.
Before leaving Vermont Electric, Szamrej worked for three years to put together a full-scale physical and cyber management drill sponsored by the U.S. Northern Command of the National Guard. The exercise involved 20 co-op staffers, the Guard and state emergency officials tackling natural disasters as well as cyber and grid attacks.
“He was visionary and insightful. Jacek had a great sense of humor and he got things to happen,” said Cynthia Hsu, NRECA Business & Technology Strategies principal for cybersecurity solutions. “His passing is a great loss for the co-op community.”
Along Those Lines: Co-ops’ Role in Protecting the Electric Grid
PublishedOctober 15, 2019
Author
NRECA
October is National Cybersecurity Awareness Month, so Season 2 of Along
Those Lines kicks off with a look at co-ops’ role in protecting the national
electric grid.
The grid plays an essential role in the lives of all Americans, and a
strong emphasis on cybersecurity is vital to keeping it safe. Electric co-ops,
which control 42% of America’s electric lines spread over 56% of the country’s
landmass, do their part by training staff and partnering with national
organizations to maximize their cyberpreparedness.
In this episode, you’ll hear from Co-Mo Electric Cooperative’s Ryan Newlon, who’s also a member of the Missouri National Guard. He’s been working with the Guard on two projects that focus on understanding real-life threats and defense strategies for cybersecurity. We’re also joined by NRECA’s Barry Lawson to discuss how the association and its member co-ops work with key government agencies on cybersecurity.
‘A New Intensity’: NRECA’s Essence Tool Endures Strenuous Test to Guard Grid
PublishedJanuary 8, 2019
Author
Cathy Cash
It was the perfect setup—remote, rustic and with a real electric grid ripped by sabotage.
The question for NRECA was how Essence, a tool it developed to monitor the grid, would facilitate a so-called black-start, restoring power amid a ruined transmission network where cyber mayhem lurks.
To find out, NRECA’s chief scientist, Craig Miller, and senior research engineer Stan McHann, along with other electric utility technology experts, participated in a drill organized by the Defense Advanced Research Projects Agency (DARPA) on Plum Island, New York.
The 840-acre island, about three miles off Long Island’s coast, has its own utilities and a dozen high-voltage substations. It holds shuttered federal defense facilities dating back 100 years and a mid-century laboratory to test diseases in farm animals.
“It was not a tabletop exercise. It was a physical problem with small substations and utility control centers. We needed to restore power to them and synchronize them to the grid,” said Miller.
DARPA created Rapid Attack Detection, Isolation and Characterization Systems (RADICS) to explore ways to resolve prolonged outages wrought by disasters like earthquakes, floods, fires, hurricanes or cyberattacks, where networks are destroyed and utility crews are gone.
November’s RADICS exercise was a key test of the technology.
“DARPA is very interested in Essence as part of the solution to deal with catastrophic failure of the grid across a large region of the country,” said Miller. “This exercise focused on how Essence can help restore a massive outage.”
Essence provides a constant monitor of activity on the electric grid. Sensors gather thousands of data points. Anything abnormal shows up quickly.
“Essence tells us what’s up and what’s not and what’s behaving accurately or atypically. It monitors voltage for stability and the physics of the grid. Malware could show up and it detects it instantly on the network,” he said.
NRECA plans to release Essence to potential commercialization customers for evaluation in April, Miller said. Before that, adjustments will be made to make the tool more “utility-friendly” by delivering only the most salient information to utility staff, enabling them to respond faster to grid incidents.
Battling Under a New Intensity
NRECA has been working with electric co-ops in developing Essence to provide “situational awareness on both the electrical- and the cyber-front of the grid,” Miller said. Through tests with co-ops, the tool has prevented cyberattacks, overloading of transformers and possible fires.
That’s what co-ops face every day—the reality of keeping the lights on while keeping threats at bay.
NRECA has been involved in each of RADICS’s four exercises, but Miller said the recent Plum Island test brought “a new intensity.”
“It tasked us with learning what the utility people want to know and when. There were no coffee breaks. You did not get lunch. You were under pressure,” he said.
Pummeled with wind and rain, McHann, the only member of the NRECA team on Plum Island, arrived by ferry and hiked the island to install Essence equipment on substations and do local analysis of devices and sensors. He had to pack enough gear and food in case inclement weather kept him on the test site overnight.
On top of the sheer physical reconstruction of the grid, participants also had to battle cyberattacks that pushed misinformation and fouled communications.
“Whatever DARPA threw at us, we had to keep that critical asset electrified,” said McHann. “Our job is to take those hard problems and break them down and design technology to solve them. It was not a simulated environment. It was a very real environment.”
As part of the exercise, one goal was to maintain power to a building that had previously been used for government research. “The building had been abandoned and sealed for over 50 years. Our job was to ‘restore power’ to it,” said Miller, who worked from a control center in Long Island.
Red, yellow and green air dancers, often seen flailing at car dealerships, puddled beside buildings targeted for power restoration. “When power came on, they stood up,” said Miller. “It was fun.”
Government and Industry Cybersecurity Experts Agree That Partnerships Are Key to Protecting Grid
PublishedOctober 8, 2018
Author
Cathy Cash
The nation’s top cybersecurity watchdog and industry experts concur: When it comes to protecting the electric grid from cyberthreats, public-private partnerships are vital.
“We can all agree our nation’s security depends on safe, reliable energy infrastructure,” said Jeff Baumgartner, senior adviser at the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). “It is critical that we out-innovate our adversaries.”
Baumgartner addressed an Oct. 1 congressional staff briefing on Capitol Hill organized by NRECA, the American Public Power Association and the Edison Electric Institute to kick off National Cyber Security Awareness Month.
DOE has a multiyear plan for CESER to heighten cybersecurity for grid resilience along with research and development and demonstration of technologies involving the department’s national laboratories, universities and industry, Baumgartner said.
A panel of cybersecurity experts emphasized the importance of the federal government working with utilities and the value of sharing information.
“Collaboration is king to protecting our nation from the variety of threats we now face,” said Ron Keen, a senior adviser at the Department of Homeland Security. “Whatever the threat of tomorrow is, we must begin preparing today, and we must do it together.”
“Cybersecurity is a shared responsibility between industry and government,” said Puesh Kumar, DOE director of preparedness and exercises. “We see this as a public-private partnership.”
Fritz Hertz, director of legislative and regulatory affairs at the North American Electric Reliability Corp. (NERC), noted that only the electricity sector is subject to mandatory cybersecurity standards. NERC’s critical infrastructure protection, or CIP, standards cover generation and transmission cooperatives among other entities that interact with the electric grid.
Ben Waldrep, senior vice president and chief security officer at Duke Power, underscored the importance of tabletop exercises and cyberthreat simulations. Owners and operators of the bulk power system participate in NERC cybersecurity drills dubbed GridEx. To keep up with cybersecurity, utilities and other parties involved with the bulk electric power system “must drill, drill, drill,” he said, and “follow up on tests.”
Public-private partnership efforts in the electric utility industry are strongly supported by the Electricity Subsector Coordinating Council (ESCC). Electric cooperatives are members of the 31-seat ESCC, the principal liaison between the power sector and leaders in the federal government.
Additionally, generation and transmission co-ops participate in the Electricity Information Sharing and Analysis Center (E-ISAC), which is part of NERC. The E-ISAC in its information-sharing role provides further support of the public-private partnerships.
RC3 Leverages ‘Cooperation Among Co-ops’ to Confront Cybersecurity Challenges
PublishedOctober 2, 2018
Author
Sydney Covitz
Cybersecurity is a never-ending battle, with online criminals constantly adapting their tactics to outsmart the latest patch or protocol.
Fortunately, electric cooperatives have a partner in the fight: NRECA’s Rural Cooperative Cybersecurity Capabilities Program (RC3).
RC3, now entering its third and final year of funding from the U.S. Department of Energy, is aimed at helping co-ops create a culture of cybersecurity with resources, tools and trainings tailored to their unique needs.
“Size, location, access to cybersecurity experts, these are all critical issues for electric cooperatives confronting cybersecurity challenges,” said Cynthia Hsu, NRECA cybersecurity program manager and RC3 lead. “One way cooperatives can balance the scales is through our commitment as co-ops to help one another. The RC3 program is designed to facilitate and build on our cooperative culture.”
Since its inception in 2016, RC3 has provided cybersecurity training to more than 200 leaders at 36 co-ops through the RC3 Self-Assessment Research Program. These cooperatives have in turn helped the RC3 team build a self-assessment toolkit for all NRECA members to use.
In 2017, RC3 held six cybersecurity summits around the country where co-op staff exchanged experiences and knowledge. Nearly 200 attendees from 152 co-ops participated. RC3 also is providing vouchers to 40 co-ops for training at the SANS Institute, a nationally recognized information security educator.
“Bringing co-ops together to talk about the difficulties they face and creative solutions they use has been a key to the success of the RC3 effort,” Hsu said. “There’s really no substitute for one-on-one interactions. And the feedback for summits was so overwhelmingly positive we are organizing another series of five summits.”
In addition, the RC3 team is writing a series of seven cybersecurity guidebooks to help co-ops understand the unique cybersecurity responsibilities associated with each job role, such as communications and member services, human resources and benefits administration, finance and billing, and attorneys and legal staff.
“Cybersecurity is not just an IT problem,” said Hsu. “Every staff member in a co-op has a responsibility and opportunity to help defend their cooperative.”
Hsu says since the launch of RC3, she’s seen a steady elevation of the issue of cybersecurity among electric cooperatives. “People have begun to understand that there’s no such thing as too small or too remote,” says Hsu.
“Like safety, cooperatives are interested in building a culture of security. Our job in the RC3 program is to help them along the way, providing training, tools and resources to build stronger cybersecurity programs.”
“Our federal partners are making the first commitments to creating a true coordinated multisector response to the growing cyber threat, bringing together electric utilities, telecom, and the financial services sector through unprecedented cooperation.”
DHS, the FBI and the Energy, Defense and Treasury departments launched the center during the National Cybersecurity Summit in New York City on July 31. Highley, co-chair of the Electric Subsector Coordinating Council, participated in a CEO roundtable at the event. The ESCC is the principal liaison between the federal government and the electric utility sector leadership for coordinating preparation to national disasters or threats to critical infrastructure.
The federal agencies committed to “work together, along with CEOs from each sector, to share threat information and to coordinate response across sectors in the event of a physical or cyber event,” Highley said in an interview following the summit.
He said that the federal effort is a welcome development, but that electric cooperatives must continue to enhance their own resources and build a dedicated defense.
“Our partnership with these federal agencies is one way to leverage our resources, but we cannot rely on that alone,” Highley said. “Our members expect us to keep their power reliable and affordable. A cyberattack hurts both of those objectives.”
He noted the electric utility sector is held in high regard by the federal agencies for its cybersecurity practices, but he cautioned that now is not the time to ease up.
“We were told a number of times by both DHS and DOE leadership that the electric sector has been the model sector in terms of CEO engagement, public/private coordination and development of standards and best practices,” Highley said. “That said, there is still much more we can do.
“The enemy is continually testing our critical infrastructure and looking for any gap. They would delight in compromising even the smallest utility systems.”
Among other requests, the ESCC and industry leaders have asked the federal government for timelier processing of classified clearances for key personnel and more cost-effective cyber-solutions for small utilities such as municipals and co-ops, Highley said.
“We need insight from our federal partners on the classified threats they see developing, and we need to share information with them about the threats we are seeing to help us both connect the dots, anticipate and deflect the next wave of cyberattacks.”
GridEx Gives Co-ops Chance to Flex Cybersecurity Muscles
It's never too early to plan for an attack
PublishedApril 25, 2018
Author
Cathy Cash
A cyberattack on the electric grid, widespread misinformation on social media, isolated blackouts, communications failures and active shooters.
Is it ever too early to plan for the barrage of emergencies?
The answer is a resounding “no” from electric co-op veterans of GridEx IV.
“GridEx focuses attention on continuous improvement to our cyber- and physical security efforts as we strive for operational excellence,” said Mike Kraft, senior engineer at Basin Electric Power Cooperative in Bismarck, North Dakota.
The biennial exercise organized by the North American Electric Reliability Corporation (NERC) gives utilities large and small the opportunity to flex their security muscles under extreme simulated emergencies.
“The lessons learned from GridEx assist Basin Electric in protecting our critical infrastructure. This helps us provide reliable power to our members,” said Kraft.
About 6,500 individuals and 450 organizations across industry, law enforcement and government agencies participated in the simulation exercise last November. NERC recently released a report with details and findings from the exercise.
Twenty-six G&Ts and 24 distribution cooperatives participated in GridEx IV. Co-op participation has grown significantly. In 2015, a total of 18 G&Ts and distribution co-ops took part in GridEx III.
“We do internal drills several times a year, but GridEx gives us the opportunity to participate in an exercise of this magnitude with large-scale coordination of entities,” said David Revill, vice president, power technology at Georgia System Operations Corporation (GSOC) in Tucker, Georgia. “We take cyber- and physical security extremely seriously, and believe that practice makes perfect.”
Tri-State Generation & Transmission also conducts “several internal and external exercises to validate and improve our processes,” said David W. Sayles Jr., business resiliency manager for G&T in Westminster, Colorado. “GridEx IV reinforced the importance of coordinating with external partners during a cascading coordinated national attack scenario.”
GridEx V is slated for Nov. 13-14, 2019.
Putting Communications to the Test
GSOC has participated in all four NERC GridEx drills. Basin Electric took part in GridEx III and GridEx IV. Each year the exercise creates more challenging scenarios, forcing participants to strengthen their security strategies.
Brian Haggard, GSOC’s lead planner for GridEx IV, noted that the exercise “really put communication and coordination methods to the test.”
GridEx IV emphasized social media, where the public and the utility try to communicate as malevolent actors use the platform to spread false messages to trigger mayhem.
“Spending time on social media may not be what you think of as work, but, when responding to a cybersecurity event, both internal and external communications are essential,” said Haggard.
Kraft urged co-ops to “identify who needs to know what, when do they need to know it, and how the communication will occur.”
“Communications are a key component to success during a crisis,” he said. “Recognize that and have a plan to deal with communication barriers.”
The co-ops plan to tweak their internal drills using lessons learned from the NERC exercise.
“Adversaries keep changing their methods,” said Haggard. “We need to evolve with them.”
Defending co-ops starts now
GridEx participants said keeping their co-ops safe doesn’t end with this exercise, and they encouraged other co-ops to get involved as soon as possible.
Tri-State G&T first got involved as an observing organization during GridEx III.
“That prepared us for full participation in GridEx IV,” said Sayles. “Observing the exercise helped us set meaningful objectives and identify the Tri-State departments to participate in 2017.”
Co-ops that have never participated should use the NERC report “as a punch list against their cybersecurity strategy,” said Kraft. Basin Electric invited member co-ops to be observers during the recent GridEx.
GSOC’s Revill noted that there is a “significant investment” of time involved in planning and participating in the two-day exercise. But co-ops can tailor their participation to fit their organization, he said. “Whether you’re a large or small co-op, there’s something for you in this exercise.”
How the Federal Spending Bill Helps Electric Co-ops
PublishedMarch 23, 2018
Author
Michael W. Kahn
A $1.3 trillion spending bill that includes a number of electric cooperative priorities passed Congress and was signed into law by President Trump on March 23.
“This bill strengthens programs that are essential to the economic health of rural America while also emphasizing the need to continue pursuing innovative solutions to future energy and economic needs,” NRECA CEO Jim Matheson said of the measure, which keeps the federal government running through Sept. 30, the end of fiscal 2018.
One key provision provides a boost to electric co-ops that want to bring broadband to their members. The bill authorizes $600 million for the Agriculture Department to make loans and grants for rural broadband, which Matheson called “a positive step towards connecting the rural economy and closing the digital divide.”
“High costs and low population density remain the biggest obstacles to expanding rural broadband access,” said Matheson.
Other provisions benefiting electric co-op operations include $5.5 billion for the Agriculture Department’s electric loan program. Co-ops that borrow to make infrastructure improvements repay the government with interest.
There’s also funding for cybersecurity research and development—a key ingredient as co-ops work to stay ahead of evolving cyber threats. The Cybersecurity for Energy Delivery Systems (CEDS), from which NRECA currently receives funding for the Rural Cooperative Cybersecurity Capabilities Program (RC3), went from $62 million to $75 million.
LIHEAP, the Low Income Home Energy Assistance Program, will receive $3.64 billion, up from the current $3.39 billion. The increase follows the annual LIHEAP Action Day on March 13, which NRECA supported, and the March 16 release of a bipartisan letter, signed by 171 House members, urging “no less than $4.7 billion” in LIHEAP funding for fiscal 2019.
Cybersecurity Responsibility Belongs to Every Co-op Employee
PublishedMarch 12, 2018
Author
Magen Howard
NASHVILLE, Tenn.—If there’s one thing Cynthia Hsu wants co-ops to know, it’s that cybersecurity is everyone’s job.
“I guarantee you, every single person has a role to play,” said Hsu, cybersecurity program manager in NRECA’s Business and Technology Strategies unit, at a breakout session during the association’s 2018 annual meeting.
Hsu spearheads NRECA’s Rural Cooperative Cybersecurity Capabilities Program, known as RC3.
“This is a program focused on what a lot of the co-ops are facing, which is very limited IT staff and, for some, no IT staff at all,” she said. “How do we build tools to help those co-ops improve their cybersecurity?”
Thanks to a $7.5 million grant from the U.S. Department of Energy, Hsu and her team have developed a soon-to-be-released self-assessment toolkit to help co-ops begin or enhance their cybersecurity efforts. The toolkit starts with a self-assessment “maturity model,” which is a list of questions guiding co-op staff from the CEO’s office and each department to help them identify their current cybersecurity capabilities.
“The best way to start is understanding what you’re good at now, and where you can improve,” Hsu said.
Thirty-six co-ops field-tested the self-assessment maturity model via a day-and-a-half facilitated session. At the end of the session, the team gets “an understanding for themselves of what their role is,” Hsu said. Again, she reminded the audience, every employee has a role to play in protecting their co-op.
The self-assessment maturity model yields scores in five categories that co-ops can use as a benchmark to measure improvement.
“Our smallest co-op had seven staff and was able to make progress,” Hsu said. “It doesn’t always take a lot of money. Sometimes it just takes focus, and resources, in terms of time and governance.”
Another leg of RC3 is training. Hsu’s team has hosted six cybersecurity summits for co-op employees outside of IT—two were at national labs, two with academic institutions, and one with the American Public Power Association and the Electric Power Research Institute. The RC3 Program plans to hold five more summits in 2018.
Matheson: Co-ops Need More Cybersecurity R&D, Information-Sharing
NRECA CEO brings co-op message to Capitol Hill
PublishedMarch 2, 2018
Author
Cathy Cash
NRECA CEO Jim Matheson told U.S. senators examining cybersecurity that the electric power sector is well prepared to combat cyber threats, but said the federal government should pursue greater R&D for small and medium-sized utilities and improve information sharing to bolster the industry’s cyber defense.
“Protecting the electric grid from threats that could affect national security and public safety is a responsibility shared by both the government and the electric power sector,” Matheson told the Senate Energy and Natural Resources Committee at a March 1 hearing.
“Maintaining the resilience and security of the electric grid requires a flexible approach that draws on a variety of resources and options. As threats and threat actors continue to evolve, so must government and industry’s capability to defend against them.”
Matheson outlined ongoing cybersecurity measures by the electric sector, including participation in federal exercises such as the Department of Energy’s Clear Path and the North American Electric Reliability Corp.’s GridEx.
“The possibility of a cybersecurity attack impacting grid operations is something for which the electric sector has been preparing for years,” he said, noting the industry has bolstered its defenses by partnering with the DOE, national laboratories and other federal agencies on cybersecurity research.
Matheson pointed to the Rural Cooperative Cybersecurity Capabilities Program, or RC3, a cost-shared partnership between DOE and NRECA that has provided cybersecurity assessment and training to more than 150 member co-ops and developed resources for small and mid-sized utilities.
“It’s really a toolbox of different options they can use to identify vulnerabilities and risks and share best practices with each other,” Matheson said in response to a question by Sen. Joe Manchin, D-W.Va., about which cybersecurity efforts are working.
RC3 also involves a continuous improvement process. “We all know wherever we are today, we’ve got to get better by tomorrow,” said Matheson.
Sen. Steve Daines, R-Mont., praised electric co-ops as representing a “true cross section of our state” and for their efforts in cybersecurity.
“I do believe our rural co-ops are on the front line in defense of our grid, especially in rural states like Montana,” said Daines. “The co-ops you represent don’t have a lot of excess cash to spend on research or new expensive technologies. Further, there isn’t one single solution we know.”
Matheson agreed that America’s electric cooperatives face diverse circumstances when it comes to protecting against cyberthreats. About 120 co-ops that connect to the bulk electric system must comply with NERC reliability standards and audits to stem operational threats. Meanwhile, smaller distribution co-ops encounter hackers going after personal information.
“We try to create a peer-to-peer relationship where co-ops can compare, consolidate and share assets,” said Matheson. “We have a really coordinated effort to make sure we are sharing best practices with each other to take on the cybersecurity threat.”
Daines also asked about ways his Cyber SAFETY Act, which among other things provides liability protections for private-sector cybersecurity tools and services, might help electric co-ops.
Matheson said rural co-ops and the rest of the electric utility sector support the bill for removing impediments. “Efforts to produce more innovations in this area are something we strongly support and a step in the right direction,” he said.
NRECA CEO to Promote Electric Co-op Cybersecurity Efforts in Senate Testimony
PublishedFebruary 28, 2018
Author
twarren
Arlington, Va. – Tomorrow on Capitol Hill, NRECA CEO Jim Matheson will highlight electric co-op cybersecurity efforts and encourage Congress to continue supporting programs that strengthen cyber preparedness. Matheson will testify Thursday before the Senate Committee on Energy and Natural Resources at 10:00 a.m. in Room 366 of the Dirksen Senate Office Building.
“The possibility of a cybersecurity attack impacting grid operations is something for which the electric sector has been preparing for years,” Matheson said. “Maintaining the resilience and security of the electric grid requires a flexible approach that draws on a variety of resources and options. As threats and threat actors continue to evolve, so must government and industry’s capability to defend against them.”
Matheson will encourage Congress to continue funding cybersecurity research and development through the U.S Department of Energy. He will also ask the Committee to pursue legislation that provides for voluntary, enhanced FBI background checks to improve the ability of co-ops to prevent insider threats.
Electric co-ops are working in partnership with DOE through the Rural Cooperative Cybersecurity Capabilities (RC3) Program to promote cyber awareness at small and medium sized co-ops.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.
Request boosts cybersecurity and broadband, cuts PMAs, rural development, LIHEAP
PublishedFebruary 16, 2018
Author
Cathy Cash
President Trump’s budget proposal for fiscal 2019 would boost funds for rural broadband and grid cybersecurity but eliminate funding for the Rural Economic Development Loan and Grant program and LIHEAP, which helps low-income Americans pay to heat and cool their homes.
It also proposes to sell the transmission assets of the power marketing administrations.
“NRECA will respond to these budget proposals as we have in the past, by strongly supporting ideas that are in the best interest of electric cooperatives and vigorously opposing suggestions that negatively impact our members,” said Kirk Johnson, NRECA senior vice president, government relations.
“Through a lot of hard work, Congress has rejected proposals in the past to sell PMA assets and eliminate funding for rural development programs. We’re going to spend the next several months making sure that trend continues.”
The Feb. 12 proposal (PDF) outlines Trump’s ideas for deep budget cuts in FY19. It was developed before Congress passed the $300 billion deal Feb. 9 that increased spending for the next two years. The budget proposal included a brief “addendum” suggesting where the higher spending should occur.
The president’s FY19 plan maintains the USDA’s Rural Utilities Service electric program at $5.5 billion and includes $23.1 million for broadband loans and $30 million for broadband grants.
No funds are proposed for the Rural Business Cooperative Service, which includes REDLG and the Rural Cooperative Development Grant Program. Further, RUS would no longer provide interest payments to co-op borrowers on future deposits to their “cushion of credit” account. Congress already rejected similar suggestions from last year’s budget proposal.
Electric co-ops help meet their rural communities’ needs by obtaining loans from REDLG and then passing the money on to local businesses and projects, ranging from firetrucks to libraries to job-creating initiatives.
Trump also would abolish the Low Income Home Energy Assistance Program, which mostly serves the elderly, the disabled and low-income households with children. Congress funded LIHEAP at $3.4 billion last year. Many electric co-op members rely on the program during economic downturns or severe weather.
In a move opposed by electric co-ops, the budget recommends divesting the Tennessee Valley Authority, Bonneville Power Administration, Southwestern Power Administration and Western Area Power Administration of their transmission assets. The budget also would allow them to charge market-based rates, which could boost electricity bills for millions of co-op members and result in more volatile power prices.
To bolster cybersecurity and grid modernization, the proposed budget would apply $96 million to create the Office of Cybersecurity, Energy Security and Emergency Response at the Department of Energy. The Cybersecurity for Energy Delivery Systems office would see its budget double to $70 million. NRECA receives DOE funding for its Rural Cooperative Cybersecurity Capabilities Program (RC3).
The budget also seeks to ease access to federal lands and resources under the Department of the Interior by providing $1 billion for the Bureau of Reclamation. It further calls for streamlining the permitting and review process to facilitate infrastructure projects.
A proposed 30 percent cut in State Department development assistance programs also would result in a major setback for NRECA International electrification programs that bring power to developing countries.
Ed VanHoose was the IT guy. He did troubleshooting, scrubbed computers and immersed himself in cybersecurity at the Association of Illinois Electric Cooperatives as digital menaces emerged in 2007.
Then he took a major leap of faith.
“I believed in the co-op business model,” said VanHoose, who grew up on co-op lines in Illinois and Missouri. “It spoke to me greatly. I wanted to participate to the utmost. That meant going to the CEO role.”
VanHoose took the helm of Clay Electric Cooperative in Flora, Illinois, in 2014, after earning his cooperative leadership credentials through NRECA. Now he is encouraging cybersecurity professionals to join co-ops for fulfilling and exciting careers on the frontlines.
Recruiting the best and brightest for cybersecurity at co-ops can be challenging. Many IT professionals may not know about co-ops or falsely consider them too unsophisticated to offer a challenging environment.
Yet, as he speaks at colleges and other recruiting events about cybersecurity careers, VanHoose says he finds young people gravitating toward the co-op model.
“The key point is member-owned working directly for membership,” he said. “Millennials get a bad rap, but our business model appeals to them and is a great tool for recruitment. They want to work someplace where they earn a salary and have a mission. They can have both at a co-op.”
VanHoose recommends that co-ops looking to beef up their cybersecurity personnel start engaging at high school and community college levels for potential recruits. Have a presence at your closest large university, and be sure to join programs like the FBI InfraGard, in which businesses and government work in partnership, he says. Then, follow through by providing internships.
“These young people need to know we exist,” he said. “Co-ops participating in those circles will be exposed to the right people. You can’t just put an ad in the newspaper.”
At the statewide, he initiated an internship program along the IT and cybersecurity career paths. Because of that, VanHoose now knows professionals at the FBI, major universities and several software vendors in Illinois who started as interns for the AIEC.
VanHoose recalls his first connections to co-ops through their newsletters and statewide magazines. “I got to know the co-op, gave it a try, and this is how it worked out,” he said.
Now, he just wants others to have the same opportunities.
A forum hosted by NRECA hears why co-ops and members have roles to play
PublishedOctober 10, 2017
Author
Michael W. Kahn
If there’s one definitive truth about cybersecurity it’s this: We’re all in it together.
That was a common theme at the forum “Insights on Cybersecurity for Electric Utilities,” hosted by NRECA in collaboration with the National Cyber Security Alliance and Department of Homeland Security.
“Cybersecurity is a shared responsibility. It touches all of our lives, at home and at work,” said NRECA CEO Jim Matheson. “It is arguably one of the most complex and urgent issues that we face as an industry.”
“Information sharing between the government and the private sector is absolutely critical,” added Matheson, who serves on the Electricity Subsector Coordinating Council, the principal policy liaison between leaders of electric utilities and the federal government.
There was emphatic agreement on that point, including from Sabra Horne, the Department of Homeland Security’s director of stakeholder engagement and cyber infrastructure resilience. Horne stressed “bi-directional information sharing” as “very critical” when it comes to cybersecurity.
“We know many things within the government, but we certainly don’t know everything,” Horne told the Oct. 10 session at NRECA’s Arlington, Virginia, headquarters. “You all, being on the front lines, are able to see things that we can’t possibly know.”
Chris Butera encouraged reporting incidents through DHS’s Critical Information Sharing and Collaboration Program.
As director of DHS’s National Cybersecurity and Communications Integration Center Hunt and Incident Response Team, Butera sees a wide range of cybersecurity efforts at companies big and small. He believes that “the energy sector, as a whole, is probably ahead of some of the other sectors.”
“People have paid a lot more attention in this sector versus many other sectors,” said Butera.
That brought agreement from Puesh Kumar, director of infrastructure security and energy restoration at the Department of Energy, who went a step further.
“The electricity sector takes this threat very seriously, and I can see that because of the partnerships we have,” said Kumar. “They’ve invested billions of dollars to upgrade hardware, software, and implement security controls.”
Kumar acknowledged that while smaller utilities, such as many electric co-ops, are often more nimble, “We also recognize that a small utility may not have enough resources to implement a lot of changes. That’s certainly something that is on the top of our minds at DOE.”
Regardless of size, there’s no room for complacency. One concern raised by Cynthia Hsu, cybersecurity program manager at NRECA’s Business and Technology Strategies unit, is what consumers are doing at home—and maybe not telling the co-op.
“When it’s something that connects to the grid, the challenge from the utility perspective is how do we even know that it happened unless someone reports it to us, and how do we raise the awareness of all of our members in the community so that they understand the significance of their actions in terms of cybersecurity?” said Hsu.
And while cyber threats concern every sector, Acting Federal Trade Commission Chair Maureen Ohlhausen told co-op officials at the forum that “as electric cooperatives, you have great responsibilities—not only to protect the nation’s electric power grid, but to ensure that your members get the flow of energy that they need.”
“The rural areas you serve,” Ohlhausen said, “are part of the economic backbone of America.”
Protecting the nation’s complex, interconnected network of power plants, transmission lines and distribution facilities is a top priority for electric cooperatives and other segments of the electric power industry.
The electric power industry continuously monitors the electric grid and responds to events large and small. Consumers are rarely aware of these events because of system resilience supported by planning, coordination and response/recovery efforts. In rare cases where an event does impact electric service, industry resilience and preparedness ensures service is promptly restored in most cases.
A high level of resilience is built into the power supply system to protect against extreme weather events, vandalism and major equipment failure. This concept is often referred to as defense in depth, and is also used for cybersecurity. In general, this means that multiple layers of protection safeguard assets from cyber threats.
The possibility of a cybersecurity attack impacting grid operations is something for which the power sector has been preparing for years. These preparations include:
Implementing rigorous security standards and technology to protect systems,
Forging close partnerships to protect our systems and respond to incidents, and
Engaging in active information sharing about threats and vulnerabilities.
As threats and threat actors continue to evolve, so must the industry’s capability to defend against them. Maintaining the resilience and security of the electric grid requires a flexible approach that draws on a variety of tools, resources and options.
The protection and security of consumer-members’ assets is paramount for electric cooperatives. NRECA, its member cooperatives, industry partners and government agencies work closely to develop flexible, effective approaches to protecting the electric system. Electric cooperatives are taking the following steps to protect their critical assets:
Electricity Sector Cybersecurity Capability Maturity Model – Developed by the U.S. Department of Energy (DOE), this tool provides utilities the framework for performing a comprehensive self-assessment of their current cybersecurity plans and procedures. Electric cooperatives were among the first utilities to pilot and use the tool, which assists organizations in evaluating, prioritizing and improving their cybersecurity capabilities.
NRECA’s Guide to Developing a Cybersecurity and Risk Mitigation Plan and Template helps cooperatives improve their security posture while ensuring that security is not undermined as new smart grid components and technologies are integrated into the electric grid.
Rural Cooperative Cybersecurity Capabilities Program is an NRECA-led program aimed at helping small- and mid-sized cooperatives develop cyber resiliency and security programs. The program provides training and guidance to assist cooperatives in assessing their cybersecurity risks, and enhancing their cybersecurity capabilities to prevent and mitigate cyber incidents. While focused mainly on co-ops with smaller information technology staffs, these products and materials are available to help all cooperatives.
Cyber Mutual Assistance programs: Electric cooperatives and other utilities have a collaborative approach to emergency management and disaster recovery. Following a physical disaster, cooperatives rapidly deploy support staff and equipment to emergency and recovery zones to assist other cooperatives and utilities when needed. The Electricity Subsector Coordinating Council’s (ESCC’s) Cyber Mutual Assistance (CMA) program is a natural continuation of the electric power industry’s longstanding approach of sharing critical personnel and equipment when responding to emergencies.
Cybersecurity Research and Development: NRECA works with DOE, National Laboratories, the Department of Defense, research universities and industry partners to develop cybersecurity technologies that benefit electric utilities. Two technologies are currently in development.
Essence is a technology to monitor traffic on a utility network and flag anomalous activity that could indicate a security breach.
Simba is a technology to develop a rapid cybersecurity testing capability using software that can process a year’s worth of data in less than an hour. One of the primary research goals is to dramatically reduce the time it takes for utilities to detect cyber-threats.
Industry, Government Collaboration Enhances Grid Security
Electric cooperatives work closely within the electric industry and with federal agencies on matters of critical infrastructure protection, including sharing needed information about potential threats and vulnerabilities on the electric system.
NERC Standards: Approximately 60 generation and transmission cooperatives and 60 distribution cooperatives must comply with North American Electric Reliability Corporation’s (NERC’s) electric reliability and cybersecurity standards, based on the criticality of the assets they own and operate. These standards require the operators of power plants and transmission networks to establish plans, protocols and controls to safeguard physical and electronic access to these systems. NERC also has an alert system that provides the electric sector with timely and actionable information when a standard may not be the best method to address a particular event or topic.
The Electric Sector Coordinating Council allows the utility sector to work with federal government leadership to coordinate policy-level efforts to prevent, prepare for, and respond to national-level incidents affecting critical infrastructure. NRECA, other trade associations and industry work with government agencies to improve cybersecurity through the council. These efforts include planning and exercising coordinated responses, and ensuring that information about threats is communicated quickly among government and industry stakeholders.
The Electricity Information Sharing and Analysis Center, operated by NERC, collects and promptly disseminates threat indicators, analyses and warnings from a variety of private sector and government resources to assist electric sector participants in taking protective action. The center also manages the Cybersecurity Risk Information Sharing Program, a public-private partnership that shares actionable threat information. The program uses advanced data collection technologies, analysis and dissemination tools to identify threat patterns and trends across the electric power industry with near real-time exchange of information.
Top scientists and engineers are urging government and industry to work together to harden and reshape the nation’s power grid with a goal of adding resiliency and agility to survive and recover from natural and manmade threats.
“Increased collaboration between the government and power providers is essential as we consider opportunities to further protect the grid,” said Craig Miller, NRECA’s chief scientist. “Fortunately, that collaboration already exists on a number of levels, both within the electric sector and among industry and government agencies.”
Miller was among a panel of experts convened by the National Academies of Sciences, Engineering, and Medicine to conduct a study on behalf of the U.S. Department of Energy and make recommendations to improve grid security and assess potential vulnerabilities.
“Those include natural disasters, physical attack, and cyber attack,” said Miller. “The question we at the National Academy addressed is how to respond more effectively to failure when it does occur and restore power more quickly.”
The committee focused on reducing the nation’s vulnerability to large blackouts that extend over several states and last at least three days. The report called for improvements in the process of systematically envisioning and assessing long-term disruptions and developing strategies to mitigate damage and economic disruption and protect lives and property.
“Outages caused by natural disasters are more common than one might think,” said M. Granger Morgan, professor of engineering at Carnegie Mellon University, who chaired the committee. “While the U.S. has not been subject to a large physical assault or cyberattack, both pose serious and growing risks.”
The 297-page report recognized the work being done by co-ops to promote advancements in cybersecurity, noting that NRECA “is undertaking a range of research activities that adopt a longer-term perspective.”
It also outlined multi-tiered strategies for addressing potential problems, including more cooperation among stakeholder and stepped-up coordination on threat assessment, training and joint recovery planning.
“Too often in the past, the United States has made progress on the issue of resilience by ‘muddling through,’ ” the panel wrote, adding that such an approach is no longer tolerable.
The report envisions a broader role for DOE and calls for more coordination between the department and the Department of Homeland Security on identifying, upgrading and maintaining back-up assets.
“DOE should support a number of research, development, demonstration, and convening activities to improve the resilience of grid operations and recovery steps,” the report stated.
That begins with planning and preparation in advance of failure to address the threats we can expect such as local flooding in low-lying areas and the flexibility to respond when we are faced with unexpected challenges, said Miller.
Major emphasis was placed on the need for research involving both government and industry, including NRECA and its member cooperatives.
“Resilience continues through the life cycle of a disaster to learning from experience to respond better the next time,” Miller added. “Whether problems arise from sabotage or an electromagnetic pulse, we need responsive strategies.”
The Bottom Line: Cybersecurity challenges are increasing for all segments of American society and electric cooperatives are no exception.
• When integrating new software and hardware into existing systems, electric cooperatives often modify and extend their communications and operational networks. These changes offer significant benefits to a cooperative, but they can also create new vulnerabilities.
• Cyber attacks are becoming more sophisticated. The economic incentives for criminal attacks, such as ransomware, continue to drive malicious intrusion and data theft.
• Cyber incidents can result in lost productivity and potentially service disruption. All co-ops, regardless of size, need to take ongoing steps to ensure the security of their data and operational systems.
• RC3 is focused on developing cybersecurity tools and resources that are applicable for small- and mid-sized cooperatives that have few or no information technology staffers and limited access to cutting-edge cybersecurity service providers because of their location.
Background: • In 2016, NRECA along with American Public Power Association (APPA) received funding through a collaborative partnership with the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) program. As a result of the funding, NRECA independently created RC3, but continues to collaborate closely with APPA on cybersecurity issues.
• The RC3 Program recognizes that cybersecurity is not an information technology challenge. Like safety, it is a team effort that requires directors, managers, and all the staff across the cooperative to be aware and vigilant to prevent and quickly mitigate incidents.
• The RC3 Program is dedicated to promoting a culture of security and resiliency within the electric cooperative community and has four main areas of focus: Advancing Cyber Resiliency and Security Assessments; Onsite Vulnerability Assessments; Extending and Integrating Technologies; and Information Sharing.
• There are many opportunities for cooperatives to participate in and benefit from the RC3 Program including four summits throughout 2017.
• As the RC3 Program produces new tools, educational materials, guidance publications, case studies, and summaries of research and lessons learned, these resources will be made available to all NRECA members on cooperative.com, our member website.
Credit: NRECA Business and Technology Strategies Unit, May 2017
Energy Secretary recalls his co-op ties at annual NRECA Legislative Conference
PublishedApril 24, 2017
Author
Cathy Cash
Energy Secretary Rick Perry hailed America’s electric cooperatives for delivering affordable, reliable electricity across the country and encouraged them to advocate on their challenges, especially grid security.
“You are a unique group of people,” Perry said in his address to more than 2,100 co-op leaders gathered for NRECA’s Legislative Conference in Washington, D.C. “You need to be part of this conversation.”
Perry recalled the electrification of his home as a child in rural Texas and underscored the importance of using all domestic energy resources available to power America and ensure grid reliability.
“We want energy that is made in America, that is good for America and good for American jobs,” he said.
Perry said going forward, Department of Energy research will be conducted in areas that are “most promising,” adding that the department is “not going to have any sacred cows.” As governor of Texas, Perry oversaw the state’s nation-leading development of wind energy.
“We need to stop having an either-or debate about renewable energy and fossil fuels. We don’t need to choose,” he said. “We can have both. When we choose both, we get to assist in the development of both.”
Perry said President Trump is committed to an all-of-the-above energy strategy for America.
“The president made one request: Let’s not just make America energy independent. Let’s make American energy dominant,” he said.
The secretary singled out cybersecurity as a key concern and complemented NRECA’s Rural Cooperative Cybersecurity Capabilities Program.
Known as RC3, the program is part of a broader DOE initiative and will help provide rural co-ops with tools and resources to strengthen their cybersecurity efforts to protect the grid.
Perry also recognized the Electricity Subsector Coordinating Council as a resource for electric co-ops to address cybersecurity issues, calling it the “primary liaison between co-ops and the federal government.”
NRECA Announces Team for REACT Cybersecurity Project
PublishedFebruary 24, 2017
Author
Media Relations
ARLINGTON, Va. — The National Rural Electric Cooperative Association (NRECA) today announced a collaboration between N-Dimension Solutions, Inc., Milsoft Utility Solutions, and NRTC to develop “REACT”, a tool to rapidly detect cyberattacks and compromised utility systems.
REACT will advance the technologies of Essence, a prototype cybersecurity technology, with the Team’s existing commercial technologies in order to dramatically reduce the time it takes to detect a cybersecurity breach. REACT has the potential to benefit more than 3,000 utilities across the country.
“We are excited to work with NRECA and the rest of the REACT team to take our existing cybersecurity technology, enhance it, and create the next generation of cybersecurity solutions for utilities,” said Tom Ayers, President and CEO of N-Dimension.
Steve Collier, Director of Smart Grid Strategies at Milsoft agreed. “This is an unprecedented project that will enable our customers to benefit from enhanced cybersecurity”.
As Doug Lambert, NRTC’s Director of Technical Solutions, explained, “This technology is cutting-edge. REACT will be faster and more responsive than any other product out in the market today.”
REACT is funded by a competitive grant from the U.S. Department of Energy’s Office of Electricity Delivery and Energy Reliability. The program is managed by NRECA’s Business and Technology Strategies (BTS) unit. BTS provides guidance to electric cooperatives to help them make sound decisions, embrace opportunities, solve industry challenges, and continue to provide affordable and reliable electrical power.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.
NRECA Encouraged by DOE’s Infrastructure Recommendations; Concerned About Cybersecurity Proposals
PublishedJanuary 6, 2017
Author
Media Relations
ARLINGTON, Va. – Speaking on behalf of America’s Electric Cooperatives, National Rural Electric Cooperative Association (NRECA) CEO Jim Matheson issued the following statement on the Department of Energy (DOE) Quadrennial Energy Review 1.2, the second installment of a comprehensive review of the nation’s energy landscape.
“America’s electric cooperatives appreciate the Department of Energy’s willingness to listen to stakeholders and take a fresh, open-minded and comprehensive look at the nation’s energy landscape.
“Electric cooperatives strongly agree that strengthening cybersecurity is a high priority. Electric cooperatives have made substantial progress advancing their cybersecurity capabilities. While physical and cyber threats are constantly changing, co-ops are united in a coordinated effort across the electric sector to protect the reliability of the electric grid from threats.
“NRECA supports the existing North American Electric Reliability Corp. standards-setting process. In the event of an emergency, DOE has new authority under the FAST Act to direct industry to put in place temporary measures. We are concerned by any recommendations that would alter or circumvent these existing and effective processes.
“We concur wholeheartedly with the view that both electricity and broadband are vital to securing the future of rural communities. We therefore echo the call to strengthen the rural electric grid and extend broadband to the thousands of communities still lacking access to high-speed internet.
“Also, more broadly, cooperatives are encouraged by the Department’s emphasis on leveraging the value of electricity to the economy. Thanks in no small part to DOE-sponsored research, automation, data analytics, energy storage, renewable resource development and efficiency have contributed to making the electric system a lot smarter. It is in the national interest to take advantage of these advances. With smart policies and smart investments, broader electrification of systems throughout the economy – public transportation, for example — could keep costs down, create jobs and help reduce emissions.”
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.
MYRTLE BEACH, S.C.—Joe Brannan, executive vice president and CEO of North Carolina’s Electric Cooperatives, recalled an urgent early morning call from his IT group. A cyber vulnerability had been discovered.
Joe Brannan of North Carolina's Electric Cooperatives says co-ops need a culture of cybersecurity. (Photo By: NCEC)
But because the cooperative has a policy in place to fast-track security responses and protect systems, the vulnerability was isolated quickly and no data was compromised.
“You can’t just patch systems in society today. You have to have a plan,” said Brannan. “You have to have a crisp assessment to make a decision.”
Cybersecurity as a means to keep electric cooperatives safe from attacks to steal critical data or take down power lines requires more than an IT department. It demands a culture.
Brannan advised participants that now is the time to raise awareness with their boards that a cybersecurity policy and mandatory training of all co-op staff are necessary.
Cybersecurity “has to be embedded in our culture,” said Brannan. “As personnel change, as processes change, do we really have it embedded in the co-op?”
Reasor agreed. IT plays a “critical role but that is only one party to the team in finding solutions,” he said. “CEOs can be slow on the uptake of what risks like this we face. We look to you to help us.”
Reasor, whose co-op is headquartered in Glen Allen, Virginia, outlined the work the utility industry, along with other industries and government agencies, is doing to try to identify these cybersecurity risks and exposure.
Couick underscored that boards must be apprised of cyber threats and encouraged to embrace technologies and processes to prevent them. Members will be patient with co-ops that charge ahead to address cybersecurity, but less so “if we pull back on the future,” he said.
“Cyber threats are like a Category 5 hurricane [forecast] that never goes away,” said Couick, who heads the statewide association in Cayce, South Carolina. “You don’t know when it’s going to hit and you don’t know where it’s going to hit.”
Hackers can hide inside a network on average for 140 days before detection, allowing them to cause profound damage, said Jim Spiers, NRECA vice president of Business and Technology Strategies.
With $7.5 million in support from the Department of Energy, NRECA plans to work with co-ops across the board over three years to identify the best practices, technologies and ideas to defend against cyber attacks, detect intrusions and recover from them.
“How can we thwart intrusions, shorten the 140 days if they occur and recover quickly?” Spiers asked the conference. “That needs to be part of the culture, part of everyone’s jobs. Just like safety.”
“We learn from each other,” Brannan added. “We can’t point to any one group and say, ‘IT, it’s your problem.’ ”
Vigilant Guard helps Vermont Electric Cooperative prepare for mudslides and cyber attacks
PublishedSeptember 19, 2016
Author
Cathy Cash
The Saturday began not unlike any other summer day at Vermont Electric Cooperative.
Then the military helicopter showed up.
That was just one unexpected event to unfold at the Johnson co-op throughout a full-scale physical and cyber management training exercise sponsored by the U.S. Northern Command of the National Guard.
Three years in the planning, Vigilant Guard 2016 involved 20 co-op personnel working with the National Guard and state emergency officials to test preparedness for both natural disasters and a cyber attack on the electric grid. Participants in the July 30-31 event met unprecedented challenges on various fronts.
Maj. Gen. Steven Cray, who arrived by helicopter and toured VEC’s control center with other military personnel, brought highly specific computer and cyber expertise and provided information and valuable feedback to VEC after the exercise, co-op officials said.
“Hearing the helicopter approach while we were working, watching it land here, and seeing Maj. Gen. Cray emerge sure added a level of realism to the exercise,” said Kris Smith, manager of SCADA and operations engineering at VEC.
Aftershocks of a mock earthquake caused a rockslide to shut down essential communications systems as VEC staff battled a cyber attack to the grid to prevent any interruption of electric service.
“Once the mock cyber attack was announced we invoked an operating procedure that had never been tested,” said Robert Stein, VEC manager of information technology.
In a field outside VEC headquarters, co-op staff manipulated the National Guard’s satellite link to pass data short-term in a pinch. All of this occurred while actual co-op crises erupted.
“We had to manage some real business emergencies concurrent with the drill, and that heightened our reactions to all that was happening,” said Stein. “It started to feel quite real at that point. We treated the drill with a serious tone, and it began to feel genuine.”
Where’s the cyber crook? Maybe in a basement apartment in the Ukraine. Maybe sipping an espresso at the coffee shop. Maybe at your co-op.
All of those are possibilities, says Barry Lawson; all of those and more, and that’s why electric cooperatives cannot afford to think they’re small fish in the cyber security pool.
“Small and rural does not exclude co-ops from paying attention to cyber security,” said Lawson, NRECA associate director for power delivery and reliability. “Cyber security is important to all co-ops.”
Grid-wide issues are beyond the reach of individual co-ops, whose vulnerabilities lie in other areas, primarily data about their members, Lawson said. An estimated 71 percent of security breaches are reported by small businesses.
For example, most co-ops have online bill paying capabilities. That opens up portals that crooks or hackers might be able to exploit by searching for personal data, Social Security numbers or credit card information. After all, a credit card number can go for $20 to $40 on the black market, Lawson said.
Or a lineman in the field might use a wi-fi signal to relay information back to headquarters—another possible source of trouble. “When you’re at Starbucks or anywhere else you hop on to a wi-fi signal, just remember that there are things you don’t know about that connection.”
It’s not an academic exercise, either, said David Revill, manager of cyber security operations for Tucker, Georgia-based Georgia Transmission Corp. An outside party sent emails to co-op officials from the gatrens.com domain—easily confused with the co-ops’s gatrans.com domain.
But the co-op has regularly conducted cyber training for employees, who picked up right away on the fake domain, enabling GTC to block it.
“This was a success story for us, but that’s not always how things are going to play out,” Revill said.
So what’s a co-op to do?
Train all your employees. That way, co-op employees know that cyber security is not just a responsibility for the IT department, Revill said. “Training and awareness are powerful,” he said. “We know how to do this already because risk management is key to our business every day. We just need to expand it.”
Have a plan. Co-ops have strategic plans and political plans; they should have a cyber security plan, adopted by the board and reviewed regularly, Lawson said. Someone should be in charge—a chief information officer, for example—with a top-down commitment to cyber security. “Everyone from the top of the co-op needs to walk the walk. If senior management doesn’t follow the proper procedures, it’ll be difficult to get other to buy into them,” Lawson said.
Pay a contractor to hack your system. A well-executed hack by a co-op contractor can expose system weaknesses before bad guys exploit them, said Joe Trentacosta, senior vice president and chief information officer at Southern Maryland Electric Cooperative in Hughesville, Maryland. “We get a third-party organization and we hire them to try to penetrate our network from the outside. They simulate what a hacker would do to get into our network,” he said. “They give us a report that says, ‘Here’s where you can make some improvements on the network.’ ”
Use all available tools. Cyber security might be tough for a small co-op to implement on its own. That’s OK. There is plenty of free info from NRECA and its units that can help pinpoint weaknesses and offer remedial action. “We’re all vulnerable,” Lawson said. “The question is what do we do about it?”
NRECA Wins DOE Grant to Advance Cybersecurity Solution to Market
PublishedAugust 18, 2016
Author
NRECA Media Relations
August 18, 2016 — The National Rural Electric Cooperative Association (NRECA) today announced that the Department of Energy (DOE) will be awarding funding to NRECA to advance “React,” a cybersecurity solution for utilities that monitors IT networks for near real-time detection of possible cyber intrusions.
React is one of twelve projects receiving grants from the Office of Electricity Delivery and Energy Reliability’s Cybersecurity of Energy Delivery Systems (CEDS) program at the DOE. React builds on a prototype solution, Essence, developed by NRECA in partnership with the Pacific Northwest National Laboratory, Honeywell and Carnegie Mellon University and also funded by the DOE.
React will develop a system for the rapid detection of cyber attacks and compromised systems, and support users in rapid remediation. Under this grant, the NRECA team will make this system available to utilities by incorporating it into commercially-available products. These products will significantly enhance the security of smaller utilities by performing valuable monitoring and analysis of the utilities’ IT system, alerting the utility to the possibility of intrusions.
“We built a powerful prototype in an earlier DOE project. It works. With this project we can work with commercial partners to take it to production. We plan to improve the security of thousands of utilities,” said Jim Spiers, senior vice-president of business and technology strategies at NRECA.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.
Highley Talks Electric Grid Protection with Senate Panel
PublishedJuly 12, 2016
Author
NRECA Media Relations
July 12, 2016—Owners and operators of the nation’s electric grid continuously strive to protect it from physical and cyber intrusions, an electric co-op official told Senate lawmakers today.
But the public may be getting a skewed picture of the extent of damage even major grid disruptions are likely to cause.
“Often news headlines about cyber or physical threats to the electric grid focus on far-fetched and sensational scenarios,” said Duane Highley, president and CEO of Arkansas Electric Cooperative Corporation. “While real threats to the grid exist, such worst-case scenarios rarely reflect the true threat environment.”
Highley made his remarks during a Senate Energy and Natural Resources subpanel hearing on guarding against energy disruptions, with a focus on the Securing Energy Infrastructure Act (S. 3018).
He spoke to Energy Subcommittee members about the power sector’s approach to grid security and steps Congress could take to support co-ops and other utilities in these efforts.
Highley said the electricity industry takes a “defense-in-depth” approach to critical infrastructure protection, which encompasses preparation, prevention, response and recovery from a wide variety of potential grid threats.
He also stressed the importance of partnerships and information sharing, noting that NRECA, cooperatives, industry partners and government agencies work closely together to develop effective approaches to protecting the bulk electric system.
Highley co-chairs the Electricity Subsector Coordinating Council, which serves as the power sector’s main policy-level liaison to the federal government.
In closing, Highley thanked lawmakers for enacting legislation to bolster grid protection efforts last year and discussed additional ways legislators can help. He said that while government information provided to the industry about the December 2015 Ukraine event was very helpful, it could have been delivered in a more timely fashion.
And he called on Congress to consider legislation giving the Federal Bureau of Investigation the authority to assist the electricity industry upon request with fingerprint-based, criminal and terrorist database background checks for industry personnel that perform critical functions.
NRECA Receives Cybersecurity Award
In related news, the U.S. Department of Energy today announced $15 million in new funding for NRECA and the American Public Power Association (APPA) to strengthen cybersecurity and physical security at small and mid-sized utilities.
Over the next three years, NRECA will collaborate with APPA to develop security tools and educational resources, update guidelines and training materials. Cooperatives will assess their cybersecurity programs, identify and address priorities, test strengths and weakness of existing systems, integrate new technologies, and share information that will enable the utility sector as a whole to build on lessons learned.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.
NRECA Joins Forces with Department of Energy and Public Power to Improve Security and Resilience
PublishedJuly 12, 2016
Author
NRECA Media Relations
July 12, 2016 — The National Rural Electric Cooperative Association (NRECA) today announced that America’s electric cooperatives will be partnering with the Department of Energy (DOE) and the American Public Power Association (APPA) on a new $15 million initiative to strengthen protection of the nation’s electric grid from cyber and physical attack.
“Cooperatives well understand that no utility is immune from attack. We also understand that protecting the electric grid is a challenge the utility sector must solve. By collaborating with our partners, and giving the nation’s more than 900 co-ops access to advanced cyber security technology and training, we can lift all boats,” said NRECA Interim CEO Jeffrey Connor.
Over the next three years, NRECA will use the $7.5 million award to develop security tools, educational resources, updated guidelines and training materials. Continued investments in the people, processes and technology needed to secure critical infrastructure will strengthen the ability of NRECA’s members to meet rapidly changing cyber security threats.
Cooperatives will assess their cyber security programs, identify and address priorities, test strengths and weakness of existing systems, integrate new technologies, and share information that will enable the utility sector as a whole to build on lessons learned.
Together municipal public power providers and rural electric cooperatives serve approximately 26 percent of the nation’s electricity customers. Electric cooperatives, which collectively cover nearly 75 percent of the nation’s landmass, serve 42 million people in 47 states. The new effort will help co-ops work collaboratively with APPA members to build and enhance a culture of security, and simultaneously improve resiliency.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives.
Claverack Rural Electric Cooperative CEO Discusses Electricity Grid Protection with House Lawmakers
PublishedApril 14, 2016
Author
NRECA Media Relations
(WASHINGTON) — Claverack Rural Electric Cooperative President and CEO Bobbi Kilmer today told a House Transportation and Infrastructure subpanel that regardless of the cause of a power outage, restoring service as quickly and safely as possible requires advance planning and coordination across the public and private sectors.
Kilmer made her remarks (PDF) during a hearing of the Subcommittee on Economic Development, Public Buildings and Emergency Management on managing the aftermath of a cyber-attack or other disturbance to the electric grid. She spoke on behalf of Claverack, based in Wysox, Penn., and the National Rural Electric Cooperative Association (NRECA).
“Electric utilities, including co-ops, have spent decades creating redundancies to enhance their security measures, but threats to both physical and cyber security are evolving,” she told lawmakers. “In response, industry continues to work together along with federal, state, and local security and law enforcement agencies to enhance the security of its critical infrastructure.”
Kilmer noted that the Electric Sub-Sector Coordinating Council, the power sector’s principal liaison with the federal government, coordinates policy efforts to prevent, prepare for, and respond to incidents affecting critical infrastructure at the national level. At the local level, Claverack’s statewide association of electric co-ops joins forces with the Pennsylvania utility commission’s Critical Infrastructure Interdependency Working Group, which comprises all utilities and services that would be affected by a major event within the state.
In addition, Kilmer emphasized the importance of “knowing your community,” noting that her co-op’s employees live and work in the neighborhoods they serve. She also highlighted the importance of mutual assistance—agreements under which co-ops and other utilities lend crews or other resources to assist with another power provider’s restoration efforts. In preparation for Hurricane Sandy in 2012, Pennsylvania co-ops secured crews from as far away as Florida to help with recovery efforts. The vast majority of NRECA members participate in mutual assistance agreements.
Whether the issue at hand is a possible attack on the electric grid or the wrath of Mother Nature, Kilmer said the cooperative difference makes all the difference in planning for and responding to major service disruptions.
“Because we are owned by the members we serve, electric cooperatives reflect the values of our membership and are uniquely focused on providing reliable energy at the lowest reasonable cost,” she said. “When the lights do go out, our goal is to minimize any service disruption to our members and the communities in which they live.”
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.
NRECA Welcomes Passage of Omnibus Spending Bill, Including Provisions Important to America’s Electric Co-ops
PublishedDecember 18, 2015
Author
NRECA Media Relations
(ARLINGTON, Va.) — The National Rural Electric Cooperative Association (NRECA) today applauded congressional approval of the fiscal year 2016 omnibus appropriations bill, which includes several key provisions sought by electric co-ops.
“We are grateful to lawmakers for recognizing the importance of programs vital to America’s electric co-ops,” said NRECA Interim CEO Jeffrey Connor. “This bill contains a number of critical funding and policy provisions that will ultimately enable not-for-profit, member-owned electric cooperatives to continue providing 42 million Americans with affordable, safe and reliable electricity.”
NRECA supports funding provisions including:
U.S. Department of Agriculture (USDA): Co-ops maintain roughly half of the nation’s distribution lines, covering about 75 percent of the country’s land mass. “Electric co-ops depend on USDA Rural Utility Service (RUS) programs to helpfinance affordable electricity generation and distribution and to bring community improvements to rural America,” said Connor. NRECA applauds Congress for funding the RUS Electric Loan Program at a loan level of $5.5 billion, the Guaranteed Underwriter Program at $750 million, and the Rural Economic Development Loan & Grant Program at $33 million.
NRECA also appreciates new funding to implement energy efficiency improvements through the Rural Energy Savings Program. “Combined, these programs will enhance the economic viability of cooperatives and, more broadly, the communities we serve,” said Connor.
Cooperative Development Program (CDP): The bill funds the U.S. Agency for International Development’s CDP at $11 million in fiscal year 2016. CDP is a competitive grants program that supports cooperative development programs and projects overseas implemented by U.S. cooperative organizations. NRECA International has been a partner in this program for more than 50 years. “The cooperative business model is a proven way to lift communities out of poverty through their own self-reliance,” said Connor. “We are proud to have used this model to bring electricity to millions of people around the world through the CDP.”
Low-Income Home Energy Assistance Program (LIHEAP): Congress designated $3.39 billion for LIHEAP, a program administered by the U.S. Department of Health and Human Services to help families meet their energy costs. “LIHEAP makes a big difference to people struggling to make ends meet,” said Connor. “Electric co-ops know this first hand, because we serve 93 percent of the country’s persistent poverty counties.”
NRECA supports policy provisions including:
Cybersecurity Information Sharing Act (CISA): Electric co-ops applaud the successful inclusion and passage of cybersecurity legislation in the omnibus bill. “This bipartisan legislation enhances and encourages voluntary multi-directional cyber threat information sharing between the federal government and private entities, including electric co-ops,” said Connor. “The bill preserves existing communications channels and will help bolster our national security posture.”
“Cadillac Tax”: America’s electric co-ops provide health insurance benefits to more than 100,000 employees, retirees and their families who will be hurt by this 40-percent excise tax on “high-cost” health plans. “We applaud postponement of this unfair and burdensome tax, which will disproportionally impact rural communities where limited access makes the cost of health care much higher than in urban areas,” said Connor. “No co-op should be penalized for ‘doing the right thing’ by providing quality and affordable health care plans.”
Sage Grouse Protection: Co-ops welcome language to reinforce a decision by the U.S. Fish and Wildlife Service not to list the greater sage grouse as endangered or threatened under the Endangered Species Act. “Electric cooperatives across the country have worked to develop conservation plans for various species that will protect wildlife without imposing unnecessary financial burdens on their members,” said Connor.
Hydropower: NRECA is supportive of the Reclamation Safety of Dams provision shielding existing federal hydropower customers from bearing the costs of any potential expansion of reclamation dams for non-hydropower purposes. “The measure ensures that the additional costs of any such expansion will be allocated solely to the beneficiaries of the new construction and not to existing project beneficiaries like current hydro customers,” said Connor.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.
Electric Co-ops Participate in National Exercise to Bolster Preparedness for Potential Threats to Electric Grid
PublishedNovember 20, 2015
Author
NRECA Media Relations
(ARLINGTON, VA) — Electric co-ops were well-represented among the 350 organizations that participated this week in a two-day exercise to evaluate and help prepare for potential threats to the electric grid. The exercise, “GridEx III,” simulated physical and cyber attacks on the nation’s power systems, destruction of communication systems, and damage from explosive devices and shootings.
A total of 18 generation & transmission and distribution co-ops took part in the drill, which was spearheaded by the North American Electric Reliability Corporation (NERC). NERC said the exercise was designed to “enhance coordination of cyber and physical security resources and practices within the industry, as well as communication with government partners and other stakeholders, including those in Canada and Mexico.”
Duane Highley, president and CEO of Arkansas Electric Cooperative Corporation & Arkansas Electric Cooperatives, Inc., and vice chair of NERC’s Electric Subsector Coordinating Council, took part in the exercise and a related media teleconference. “Simulated exercises such as these allow co-ops to practice contingency and response plans, improve them, and hone our skills to be prepared for potential future events,” he said. “This also gives us the opportunity to improve our coordination capabilities with multiple industry sector partners at the local, state and federal levels.”
Over the last several years, co-ops have worked diligently with the NERC and federal agencies to strengthen reliability standards — including a significant set of cybersecurity standards — to maintain and protect the reliability of the bulk power system.
With funding from the U.S. Department of Energy, NRECA is producing a prototype security system that will rapidly identify network security threats and make it easier to keep networks safe. The Essence team includes Pacific Northwest National Lab, Honeywell and Carnegie Mellon University. The research project runs until March 2016.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.
Electric Co-ops Congratulate Senate on Approving Bill to Strengthen Cybersecurity
PublishedOctober 30, 2015
Author
NRECA Media Relations
(ARLINGTON, VA.) Following Senate passage of the Cybersecurity Information Sharing Act of 2015 (CISA) today, Kirk Johnson, senior vice-president of government relations at the National Rural Electric Cooperative Association, thanked Chairman Richard Burr and Vice Chair Diane Feinstein for bipartisan leadership on a bill to promote multidirectional voluntary information sharing by the government and businesses in response to cyber threats.
“Cooperatives are committed to providing reliable power at the lowest cost to their consumer members and protecting the reliability and security of the bulk power system. Robust, voluntary Information sharing between and among members of the electric sector and government agencies will be absolutely vital to electric utilities, including America’s electric cooperatives. We are grateful to Chairman Richard Burr and Vice Chair Diane Feinstein for their leadership in creating a foundation for effective cybersecurity that also, appropriately, protects individual privacy,” said Johnson.
“The sooner this bill becomes law, the better. We urge the Congress to move forward into conferencing their cybersecurity information sharing legislation and sending a bill to the President’s desk.”
NRECA works closely with its members to promote security and resilience against cyber-attacks.
Over the last several years, cooperatives have worked diligently with the North American Electric Reliability Corporation (NERC) and federal agencies to strengthen reliability standards — including a significant set of cybersecurity standards — to maintain and protect the reliability of the bulk power system.
With funding from the U.S. Department of Energy, NRECA is producing a prototype security system that will rapidly identify network security threats and make it easier to keep networks safe. The Essence team includes Pacific Northwest National Lab, Honeywell and Carnegie Mellon University. The research project runs until March 2016.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.