Reducing Cyber Risk: Where to Start

By Nathan Mitchell, senior director of electric reliability standards and security, American Public Power Association
Contributed Story. Originally appeared in the November-December 2015 issue of Public Power

Innovation opens doors for opportunity. But it also opens new doors to risk. As those who would like to harm the electric grid find new and better ways to infiltrate the system, the industry must step up to the plate to make sure bad actors don’t get in. APPA recently held a webinar on cybersecurity challenges — part of a seven-part series on cybersecurity topics. Brad Luna, senior vice president of sales for n-Dimension Solutions in Dallas, Texas, laid out these basic steps to reduce cyber risk.

1. Monitor network for threats It’s essential to identify a person or a team to be responsible for monitoring beyond a firewall. Common things to look for include malicious behavior and misconfigured systems.
2. Perform vulnerability assessments This goes beyond monitoring. Your utility has to systematically seek out “open windows” through which bad-actors can get to your secure information. This includes threats facing desktops, servers and other IT systems.
3. Watch for network configuration errors This often time comes down to your IT staff keeping on top of best practices and system updates (while handling other company issues).
4. Ensure IT has the necessary knowledge Your IT professionals either need to be cybersecurity experts themselves or have access to experts. This often requires outside help.
5. Establish policies and procedures In most cases, this is your first step toward success. Before you can successfully defend your utility from intrusion, you need to lay down the cybersecurity ground rules.
6. Conduct awareness training Once you have in place policies and procedures regarding information security, you need to engage staff and get buy-in by delivering training.

Heartland recognizes the importance of protecting your data and has partnered with Helix Security to help you cover each of these steps and more. Helix has a proven reputation and can provide your utility with the resources needed to prevent a cyber attack.

For more information on cyber-readiness, check out APPA’s series of seven webinars on cybersecurity for electric utilities. Learn how to protect your utility, customers, community, and the electric grid from potentially damaging interruptions. Register online at www.publicpower.org.