COLUMBUS, Ohio—It sounded ominous.
As "Special Report" flashed on the screens, the audience in the convention center heard over the speakers that there was a local electric co-op with virtually all of its 30,000 meters in the dark "after a systemwide outage."
Then Patrick Higgins came to the podium, introduced himself as a co-op spokesman, and announced that "at 6 a.m. today, our cooperative experienced a critical equipment failure caused by a cyberattack, resulting in an outage affecting most of our members."
"At this point we know that critical equipment has been damaged and will need to be replaced before we can restore power."
Higgins was then peppered with questions from a group of "reporters" asking everything from when the power will return, to who was behind the attack, to whether members' data was compromised.
Now picture yourself in Higgins' spot. Not enviable.
Higgins is really communications director at
Ohio's Electric Cooperatives, and the "reporters" were NRECA staff. But this exercise at the Regions 1 & 4 meeting was held to bring home several points to co-op leaders in attendance.
"How would each of you have answered those questions?" asked Stephen Bell, NRECA's director of media and public relations. "If a similar event happens at your co-op, how would you respond to the intense scrutiny from the media, from your members and from other stakeholders like your local legislators?"
Bell stressed that the time to develop a crisis communications plan is now, before something happens. It should cover a wide range of possibilities, including a cyberattack.
Of course, you never want to have to implement that plan, and Bridgette Bourge urged co-ops to take the "simple steps to help minimize the likelihood, or the impact of something actually happening."
That starts with "better cyber hygiene," said Bourge, NRECA's legislative affairs director. It means recognizing that "cybersecurity is everyone's responsibility, not just the IT staff," she said, offering examples.
"A strong cyber hygiene program should teach your staff to utilize unique passwords. The longer and more complex, the better," said Bourge. There should also be multifactor authentication, which, along with a unique username and password, has a third option, such as a code number sent by text to a pre-registered cellphone.
Bourge also stressed the need to make co-op staff aware of phishing attempts and educate them on spotting suspicious emails.
The Crisis Communications Toolkit from NRECA can help your co-op develop a crisis communications plan.
NRECA's Rural Cooperative Cybersecurity Capabilities (RC3) Program is designed to support co-ops as they work to improve their cyber and physical security.