Summary: NRECA’s Rural Cooperative Cybersecurity Capabilities Program (RC3) supports cooperatives as they work to improve the cyber and physical security of their organizations.
The Bottom Line: Cybersecurity challenges are increasing for all segments of American society and electric cooperatives are no exception.
• When integrating new software and hardware into existing systems, electric cooperatives often modify and extend their communications and operational networks. These changes offer significant benefits to a cooperative, but they can also create new vulnerabilities.
• Cyber attacks are becoming more sophisticated. The economic incentives for criminal attacks, such as ransomware, continue to drive malicious intrusion and data theft.
• Cyber incidents can result in lost productivity and potentially service disruption. All co-ops, regardless of size, need to take ongoing steps to ensure the security of their data and operational systems.
• RC3 is focused on developing cybersecurity tools and resources that are applicable for small- and mid-sized cooperatives that have few or no information technology staffers and limited access to cutting-edge cybersecurity service providers because of their location.
Background:
• In 2016, NRECA along with American Public Power Association (APPA) received funding through a collaborative partnership with the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) program. As a result of the funding, NRECA independently created RC3, but continues to collaborate closely with APPA on cybersecurity issues.
• The RC3 Program recognizes that cybersecurity is not an information technology challenge. Like safety, it is a team effort that requires directors, managers, and all the staff across the cooperative to be aware and vigilant to prevent and quickly mitigate incidents.
• The RC3 Program is dedicated to promoting a culture of security and resiliency within the electric cooperative community and has four main areas of focus: Advancing Cyber Resiliency and Security Assessments; Onsite Vulnerability Assessments; Extending and Integrating Technologies; and Information Sharing.
• There are many opportunities for cooperatives to participate in and benefit from the RC3 Program including four summits throughout 2017.
• As the RC3 Program produces new tools, educational materials, guidance publications, case studies, and summaries of research and lessons learned, these resources will be made available to all NRECA members on cooperative.com, our member website.
Credit: NRECA Business and Technology Strategies Unit, May 2017