If there’s one definitive truth about cybersecurity it’s this: We’re all in it together.
That was a common theme at the forum “Insights on Cybersecurity for Electric Utilities,” hosted by NRECA in collaboration with the National Cyber Security Alliance and Department of Homeland Security.
“Cybersecurity is a shared responsibility. It touches all of our lives, at home and at work,” said NRECA CEO Jim Matheson. “It is arguably one of the most complex and urgent issues that we face as an industry.”
“Information sharing between the government and the private sector is absolutely critical,” added Matheson, who serves on the Electricity Subsector Coordinating Council, the principal policy liaison between leaders of electric utilities and the federal government.
There was emphatic agreement on that point, including from Sabra Horne, the Department of Homeland Security’s director of stakeholder engagement and cyber infrastructure resilience. Horne stressed “bi-directional information sharing” as “very critical” when it comes to cybersecurity.
“We know many things within the government, but we certainly don’t know everything,” Horne told the Oct. 10 session at NRECA’s Arlington, Virginia, headquarters. “You all, being on the front lines, are able to see things that we can’t possibly know.”
Chris Butera encouraged reporting incidents through DHS’s Critical Information Sharing and Collaboration Program.
As director of DHS’s National Cybersecurity and Communications Integration Center Hunt and Incident Response Team, Butera sees a wide range of cybersecurity efforts at companies big and small. He believes that “the energy sector, as a whole, is probably ahead of some of the other sectors.”
“People have paid a lot more attention in this sector versus many other sectors,” said Butera.
That brought agreement from Puesh Kumar, director of infrastructure security and energy restoration at the Department of Energy, who went a step further.
“The electricity sector takes this threat very seriously, and I can see that because of the partnerships we have,” said Kumar. “They’ve invested billions of dollars to upgrade hardware, software, and implement security controls.”
Kumar acknowledged that while smaller utilities, such as many electric co-ops, are often more nimble, “We also recognize that a small utility may not have enough resources to implement a lot of changes. That’s certainly something that is on the top of our minds at DOE.”
Regardless of size, there’s no room for complacency. One concern raised by Cynthia Hsu, cybersecurity program manager at NRECA’s Business and Technology Strategies unit, is what consumers are doing at home—and maybe not telling the co-op.
“When it’s something that connects to the grid, the challenge from the utility perspective is how do we even know that it happened unless someone reports it to us, and how do we raise the awareness of all of our members in the community so that they understand the significance of their actions in terms of cybersecurity?” said Hsu.
And while cyber threats concern every sector, Acting Federal Trade Commission Chair Maureen Ohlhausen told co-op officials at the forum that “as electric cooperatives, you have great responsibilities—not only to protect the nation’s electric power grid, but to ensure that your members get the flow of energy that they need.”
“The rural areas you serve,” Ohlhausen said, “are part of the economic backbone of America.”