As electric cooperatives strengthen their cybersecurity defenses, they must be willing to share the lessons they’ve learned from cyberthreats and attacks, NRECA President Chris Christensen told co-op leaders Wednesday at NRECA’s Regional Meetings 1&4 in Indianapolis.
“Co-ops need to be willing to share the details of what happened if they experience ransomware or other cybersecurity threats,” he said. “We need to share not only the near-misses but also the hits. I know it’s hard to share the details of what could be some of your co-op’s most difficult days. But it is worth it if you can help your fellow co-ops avoid reputational, financial and operational damage.”
Specifically, co-ops need to share information about cyberthreats and cyberattacks with NRECA, the cooperative network, and relevant industry groups such as the North American Electric Reliability Corp.’s Electricity Information Sharing and Analysis Center, Christensen said.
“There was a time when many of us believed electric co-ops weren’t big enough to be the target of a cyberattack,” he said. “Now, most of us know better. It’s no longer a matter of ‘if it will happen,’ but ‘when it will happen.’ And we have got to be prepared.”
NRECA is helping to lead cybersecurity efforts for the electric cooperative network, Christensen said.
“They’re advocating for us in Washington,” he said. “And they’re leveraging research and partnerships to create products and services that offer co-ops tools and training to improve their cybersecurity posture…It’s up to us to use those tools and to leverage our network to learn from each other.”
Christensen, a director at NorVal Electric Cooperative in Glasgow, Montana, said Montana’s co-ops have benefited from a similar collaborative approach when it comes to lineworker safety.
“It took a change in culture, but Montana’s lineworkers readily share near-misses with every other co-op in the state,” he said “Near-misses are shared with all co-ops as soon as they happen, and they are highlighted again in our quarterly safety newsletter to managers, board members and line personnel. We decided that the potential discomfort or embarrassment of revealing a mistake is well worth sharing if it can save another person from injury or worse.”
The same holds true when it comes to cybersecurity, Christensen said.
“Everyone is at risk, and no one is perfect,” he said. “But together we can build a stronger, more secure network.”