Electric co-ops innovate to secure their members’ digital data
Amidst continuing cyber threats from crafty computer hackers, electric coops are mounting sturdy defenses to safeguard their members’ digital data and ensure reliable power delivery.
One way co-ops are bulking up cyber security is with tools from the Cooperative Research Network (CRN), the research arm of the National Rural Electric Cooperative Association (NRECA). CRN’s “Guide to Developing a Risk Mitigation and Cyber Security Plan,” released in 2011 with funding from the U.S. Department of Energy (DOE), helps utilities of all types develop a process to shore up cyber defenses. Three innovations promise to these security efforts: pattern recognition software, an update of CRN’s revolutionary Guide, and securing data.
Most home and business computer networks use a firewall—a virtual barrier or hardware— to protect linked computers from hackers, viruses and other virtual invaders. Utilities also use firewalls, but sophisticated cyber threats make firewalls an aging technology.
“Firewalls are less able to provide the level of security we require,” shares CRN Program Manager Maurice Martin. “We want to make sure that our co-ops have the tools they need to work securely.” To meet the challenge, CRN is developing a way to replace firewalls with a security tool that monitors computer network traffic by memorizing the normal pattern of operation. When the system detects an abnormal pattern (a possible intrusion), it sounds an alarm.
A DOE grant of $3.6 million, with an additional $1.1 million from CRN and partner Honeywell Corp., funds the research. Allies such as Pacific Northwest National Laboratories, Carnegie Mellon University, and Cigital Inc. will work with CRN to develop the cyber security tool. “We’ll combine high-level functionality with an easy-to-use platform,” predicts Craig Miller, chief CRN scientist. “The system will simplify cyber security management for small utilities with limited resources.” All but one of Michigan’s nine electric distribution co-ops falls into the “small utility” category. The largest has over 101,000 members, and the smallest from about 4,000; the others range from 10,000 to 33,000. Evolving Guidance The CRN Guide, and an accompanying template, is being used
by utilities of all sizes—across America and in countries such as India and Italy—to craft cyber-security plans. The cooperatively developed resources are free to any utility and have been downloaded over 8,000 times.
“The content and ideas were important to share,” explains Martin. The Guide and tools were developed as part of a $68 million DOE grant three years ago. But responding to emerging cyber threats is not a one-time effort. It requires constant education, awareness and vigilance. New resources—products, services and educational tools—are on the way. Expected early this year, an updated Guide will work in harmony with new DOE cyber security initiatives. The DOE also has a Computational Sciences Center that performs world-class computational science research—a helpful tool for calculating cyber security risks and creating tools to thwart hackers.
Threats to security—online and to the power grid—are real. Hackers take pride in undermining computer systems and finding a system’s Achilles’ heel. But thanks to innovative “cloud” computing, utilities are discovering ways of working together to strengthen co-op security and upgrade IT architecture.
“NRECA turned to the Science Applications International Corp. (SAIC) for its solid understanding of the smart grid marketplace and how new technologies can be used to benefit the consumer member at the end of the line,” explains Martin.
That project aims to shore up technologies that capture, store and secure information, and will benefit both co-ops and their members. The SAIC is also producing a series of reports to help utilities fully implement smart grid technology and evaluate IT developments (cloud computing, new databases, and more) with an eye toward how such developments can support the co-ops and solve their needs. The goal is for SAIC to map out an “IT architecture” to explain how the tools work to maximize reliability, customer service, and cyber security.
All utilities are vulnerable to digital invasions, but a continually evolving set of cyber security resources and innovations should help keep co-ops and their members a step ahead of the “bad guys.” Forget calculators. The U.S. Department of Energy has a Computational Sciences Center that performs world-class computational science research—a helpful tool when calculating cyber security risks and creating tools to thwart would-be hackers.