Free cybersecurity service helps local governments

Project Boundary Fence performs testing to determine cyber risk

Your city’s computer network is attacked multiple times a day. The question is not whether an attack will be successful, but when.

Online threats continue to increase each year. City governments and utilities need to accept the seriousness of cybersecurity. Never assume your system is safe.

Small utilities may find this difficult. Budget dollars are limited, and staff resources are thin. But a successful attack will be far more costly than prevention.

Free service offers cybersecurity testing for South Dakota cities

A new program developed at Dakota State University in Madison, SD can help. Project Boundary Fence (PBF) tests city and county networks in the state.

PBF offers penetration testing including a simulated system attack to determine weaknesses. The Consumer Protection Division of the Attorney General’s Office is funding the service to make it free to South Dakota municipalities and counties.

Dr. Ashley Podhradsky

“We are very thankful for the forward-thinking nature of the Attorney General’s Office. Consumer protection is working to not only respond to situations, but also prevent them. Our partnership with them started with our DigForCE Lab (digital forensics for law enforcement) and has grown to include this important new program,” said Dr. Ashley Podhradsky, Director of Research for the lab.

Austin Fritzmeier is a recent cyber operations graduate and penetration tester at DSU. He says the testing is like a burglar trying to break into a house via an unlocked window.

“You wouldn’t leave your house unlocked and unprotected,” said Fritzmeier. “Your computer network is no different. PBF helps find the unlocked windows of your system.”

There are different types of external testing, and each city can pick the one that best suits their needs.

Internal penetration tests involve connecting a device to the network. PBF runs scans from within the network as if a breach had already occurred and a hacker reached the utility’s secured digital assets.

A wireless assessment looks at the strength and security of a utility’s wireless network.

Most utilities unprepared for cyber attack

Many utilities believe they are ready to address cyber threats. Some think they don’t have anything useful for a hacker to steal. Both assumptions are wrong.

Ann Hyland

The utility sector becomes more vulnerable to cybersecurity threats with each passing day. This is true for all industries as everything becomes more digitized.

It is more important than ever for utilities and governments to prepare for a cyber-attack.

Heartland takes the cybersecurity of our municipal utilities seriously and works with industry partners to provide professional services to ensure your utility is secure.

“The testing offered by PBF is one piece of the puzzle,” said Heartland Chief Communications Officer Ann Hyland. “It is a great tool for utilities to kick off the process.”

Complementary services

PBF helps cities grasp their current security position, reduce cyber risk, and improve efficiencies. It focuses on individual goals of security assessments.

Their tools and techniques provide comprehensive security assessments. Cities will receive a final report outlining their findings.

“Every South Dakota city should take advantage of PBF,” Hyland said. “Valuable information provided free of charge is an easy decision.”

Click HERE to learn more about Project Boundary Fence.

Anatomy of a cyber attack

Source: American Public Power Association

Share this graphic to educate employees, customers or your board about cyber attacks

 

By hacking a susceptible system, a cyber criminal has the ability to steal, alter, expose, disable or destroy critical information. Learning how a cyber attack works is just one way to protect your system.

American Public Power Association produced the infographic below detailing the stages of a cyber attack and the associated terms. Arm your utility and community with knowledge by sharing this graphic with colleagues, customers, community leaders and friends.

Reducing Cyber Risk: Where to Start

By Nathan Mitchell, senior director of electric reliability standards and security, American Public Power Association
Contributed Story. Originally appeared in the November-December 2015 issue of Public Power

Innovation opens doors for opportunity. But it also opens new doors to risk. As those who would like to harm the electric grid find new and better ways to infiltrate the system, the industry must step up to the plate to make sure bad actors don’t get in. APPA recently held a webinar on cybersecurity challenges — part of a seven-part series on cybersecurity topics. Brad Luna, senior vice president of sales for n-Dimension Solutions in Dallas, Texas, laid out these basic steps to reduce cyber risk.

  1. Monitor network for threats It’s essential to identify a person or a team to be responsible for monitoring beyond a firewall. Common things to look for include malicious behavior and misconfigured systems.
  2. Perform vulnerability assessments This goes beyond monitoring. Your utility has to systematically seek out “open windows” through which bad-actors can get to your secure information. This includes threats facing desktops, servers and other IT systems.
  3. Watch for network configuration errors This often time comes down to your IT staff keeping on top of best practices and system updates (while handling other company issues).
  4. Ensure IT has the necessary knowledge Your IT professionals either need to be cybersecurity experts themselves or have access to experts. This often requires outside help.
  5. Establish policies and procedures In most cases, this is your first step toward success. Before you can successfully defend your utility from intrusion, you need to lay down the cybersecurity ground rules.
  6. Conduct awareness training Once you have in place policies and procedures regarding information security, you need to engage staff and get buy-in by delivering training.

Heartland recognizes the importance of protecting your data and has partnered with Helix Security to help you cover each of these steps and more. Helix has a proven reputation and can provide your utility with the resources needed to prevent a cyber attack.

For more information on cyber-readiness, check out APPA’s series of seven webinars on cybersecurity for electric utilities. Learn how to protect your utility, customers, community, and the electric grid from potentially damaging interruptions. Register online at www.publicpower.org.

16 Helix Web banner 2