On any given day, federal agencies push out multiple cybersecurity alerts to those who run the electric grid and other critical infrastructure. The ability to synthesize and send such critical information the other way, back to government authorities, has been lacking until now.

NRECA and its member cooperatives are developing a Threat Analysis Center (TAC) to help electric co-ops detect potential hacks in their operating systems and alert federal agencies in real time to credible threats.

The system will help spot hackers at the national level, cut off an infiltration and limit damage, said Will Hutton, cybersecurity principal at NRECA.

“We will push really urgent and important threats from federal authorities and help co-ops test for the presence or absence of a threat,” he said. “And we will apply information from the co-ops to see how widespread the problem is.”

Quick access to analyzed cybersecurity reports from electric co-ops will help the Electricity Information Sharing and Analysis Center (E-ISAC) and the Department of Energy identify and map out energy sector cyberattacks. This will improve understanding the immediate threat environment, including the ability to determine if an attack is nationwide or centered on infrastructure in one region.

“It is important that that information flow back to us so when E-ISAC calls and says, ‘How widespread is this problem?’ we will have an answer,” said Hutton.

Here’s how it works: An electric cooperative joins the TAC and commits to outfit its system with a continuous monitoring platform that can quickly determine if an anomaly has occurred in its operational systems. The TAC will push out “rules” or short software programs for co-ops to test their systems for new or old hacks. The TAC will notify the co-op and E-ISAC of any legitimate threats.

“We are very much breaking the old pattern of being reactive,” Hutton said. “Once machine-to-machine communication happens between co-ops and the TAC, we can immediately look for new threats and back test old data for previous indicators of compromise.”

Timely information from a wide swath of data points is key to a strong cyber defense, said Hutton, who likens it to a community watch.

“The more eyes looking out for your property or, in this case, your network, the safer you’ll be from cyber mischief,” he said.

TAC will be headquartered in Arlington, Virginia, and made up of co-op and NRECA employees located throughout the country in regional or state centers.

So far, 65 electric co-ops have installed Essence or another continuous monitoring platform to join the TAC and another 48 have signed agreements to do so.

“We’re trying to get tools into the hands of more people,” said Hutton. “The more co-ops participate, the more effective the program is. And if we can catch cyberthreats earlier, interrupt them and remove them, even for a handful of co-ops, that could be a savings in millions of dollars.”

NRECA’s Business and Technology Strategies group, which will run the center, expects to have it up and running 24/7 by the end of this year.

Explore NRECA’s resources on cybersecurity.