How robust are your cooperative’s cybersecurity defenses? It’s a question that can be hard to answer, particularly for smaller utilities.
There are many tools that can help assess an organization’s cybersecurity posture, but “the biggest need we have is for a cybersecurity guide that is scaled to utilities of our size,” says Mark Hayden, CEO of Missoula Electric Cooperative, a Montana co-op that serves about 14,500 meters.
To fill this gap, NRECA’s Rural Cooperative Cybersecurity Capabilities (RC3) Program is developing a self-assessment tool specifically designed for small- and mid-sized utilities with few or no IT employees.
The tool, which is in field testing at cooperatives around the country, is designed to be done as a cross-departmental team exercise. The process walks the organization through a series of questions about their cyber capabilities and practices, and assigns a ranking based on the maturity of the utility’s program.
“The cross-department engagement was awesome,” says Kirk Garrett, vice president of safety and loss control at Laurens Electric Cooperative in South Carolina, one of the field test participants.
“It absolutely made sense for the non-IT people to be there,” agreed Matt Stanley, vice president of finance and accounting at Laurens Electric.
“Going through the self-assessment will give co-ops a baseline for their current capabilities, identify priorities for improvement, and help them document their progress over time,” says Cynthia Hsu, NRECA’s cybersecurity program manager and head of the RC3 project.
The RC3 team will make changes to the tool based on recommendations from the field tests, and a final version is scheduled to be released to all cooperatives in 2018.
Cybersecurity Insert Featured Stories
Main Story: Cyber Cooperation
Defense in Depth: Who Should have Access?
Human Resources’ Role in Cybersecurity
Defending Your Co-op’s Network: Options and Resources to Help
Taking Stock: A New Tool to Assess Cybersecurity