Jon Watkins distinctly recalls the day he learned how vulnerable his place of work was to a cyberattack.

“It was ugly sweater day,” said Watkins, manager of information services at Pioneer Electric Cooperative in Piqua, Ohio.

“When you have fun things going on, that’s when you would get hit with a cyberattack.”

Fortunately for Watkins and his nattily attired crew, the hack and the mayhem that followed were all pre-planned as part of a trial run of the RC3 Cybersecurity Tabletop Exercises (TTX) toolkit, NRECA’s latest effort to bolster cybersecurity at electric co-ops.

The toolkit, which will be accessible to all NRECA members by the end of August, allows co-ops with or without dedicated cybersecurity professionals to test themselves against cyberattacks, pinpoint their vulnerabilities and learn how to reduce their risks.

“This tabletop exercise is really a way to meet our members where they are with the cybersecurity capabilities they have and enable them to go to the next step,” said Cynthia Hsu, NRECA cybersecurity program manager and lead for the Rural Cooperative Cybersecurity Capabilities (RC3) Program.

Pioneer EC, Federated Rural Electric in Jackson, Minnesota, and Roanoke Electric Cooperative in Aulander, North Carolina, all beta-tested the toolkit, which includes a handbook, pre-drill exercises and a dozen cyberattack scenarios.

Prior to the exercise, RC3 specialists from NRECA evaluated actual cyber and physical vulnerabilities onsite and used the information to add real-life situations to the scenarios, including circumstances like over-reliance on one IT staff member or too much public access to co-op offices.

“The scenarios provided in the exercise enable staff to poke at their capabilities enough so they learn where the gaps are in their co-op’s cybersecurity,” Hsu said.

The toolkit lets co-ops stage a TTX without the need for an outside facilitator. That’s the role Watkins, a cybersecurity veteran, took at Pioneer.

The co-op had previously identified several of its own cyber risks. The exercise tested those risks and more.

“It gave a scenario that covered five different types of cybersecurity incidents in one massive event: insider malicious activity plus ransomware plus denial of service plus malware plus phishing,” said Watkins.

He said the exercise was “eye-opening” in how the co-op managed the need for a variety of simultaneous decisions to be made in a crisis setting, such as when and who should talk to the media.

“It drilled us down to be more intense in our focus and expanded my mindset with some plausible, real-world scenarios,” Watkins said.

His advice to other co-ops?

“Find out what you’re scared of, then find out your gaps,” he said. “Once you find those gaps, get a plan.”

The RC3 Cybersecurity Tabletop Exercises (TTX) toolkit will be available on by the end of August.