NRECA's Rural Cooperative Cybersecurity Capabilities (RC3) Program is designed to support cooperatives as they work to improve the cyber and physical security of their organizations. The RC3 program is funded as a collaborative partnership between NRECA and the U.S. Department of Energy's Office of Electricity Delivery and Energy Reliability, under Award Number DE-OE0000807.

RC3 is focused on developing tools and resources appropriate for small- and mid-sized cooperatives that lack the resources to employ significant information technology staff. The RC3 program also provides collaboration, education, and training opportunities that are available to all cooperatives. Tools, products, and resources developed in the RC3 program are available to all cooperatives through this website.

The following are some key offerings from the RC3 Program. NRECA frequently will post updates and additional resources here.

RC3 Cybersecurity Summits

As part of the RC3 program, NRECA has been holding a series of Cybersecurity Summits around the country. These summits bring co-ops together to hear from industry experts on cybersecurity and learn from each other in peer-to-peer discussions. Input from attendees also helps shape RC3 program directions to ensure our efforts are on target with co-op cybersecurity needs. The summits are not technical in nature and no cybersecurity experience is necessary to attend. Attendees have given the summits high marks, noting that they raise co-op awareness and understanding of the challenges and opportunities around cybersecurity. In particular, attendees have appreciated the opportunity to interact with other cooperatives to discuss cybersecurity.

Six summits were offered in 2017 and more are planned for 2018:

RC3 Cybersecurity Self-Assessment Research Program

Through the RC3 Self-Assessment Research Program, NRECA is working with cooperatives to test a new cybersecurity self-assessment tool. The tool, developed by NRECA, will help cooperatives understand their cybersecurity posture. Results of the self-assessment can be used by the cooperative to prioritize mitigation actions and develop a cybersecurity action plan for their organizations.

Lessons learned during the testing and deployment of the tool with the research program co-ops will be used to make improvements to the self-assessment tool. Once finalized, the RC3 self-assessment tool will be released for the use and benefit of the cooperative community as a whole.

At the 2018 CEO Close-up Conference, six CEOs/GMs from cooperatives participating in the RC3 Self-Assessment Program participated on a panel discussion and subsequent table discussions about cybersecurity. Read what they had to say about cybersecurity and the RC3 Self-Assessment Tool:

Tech Advisory: RC3 Self-Assessments - What CEOs and GMs Have to Say about Cybersecurity

RC3 Cybersecurity Learning Opportunities

Creating training and learning opportunities is a key component of the RC3 program, including:

  • Summits: See above

  • Creating New Cybersecurity Courses Addressing Co-op Needs: In 2017, the RC3 program offered two new courses at Co-op U. One covered issues associated with managing cybersecurity risk in purchasing decisions, and the second course focused on how to procure and manage cybersecurity vulnerability assessment providers. Additional cybersecurity courses will be offered in 2018 and will be announced on this website.

  • RC3 SANS Voucher Program for Cybersecurity Training: NRECA’s RC3 Program has secured an opportunity for member cooperatives to take up to three SANS online cybersecurity courses for FREE. SANS is a world-renowned cybersecurity training, certification and research company, and the available courses can benefit any co-op, regardless of size or IT resources. This opportunity is limited in availability and timeframe, and interested cooperatives must submit an application for consideration by March 31.

Guidebooks and Resources

The RC3 program is developing a series of resources to provide cooperatives guidance in addressing their cybersecurity needs:

  • RC3 Cybersecurity Guidebook Series: Like safety, cybersecurity is a responsibility of everyone at a cooperative. However, each job role in a co-op may have unique cybersecurity responsibilities. RC3 is developing a series of seven cybersecurity guidebooks to provide information pertinent to specific job roles within a cooperative. The first guidebook, focused on staff that have responsibilities in communications, member services and public relations, is expected to be released by June 2018. The second guidebook will focus on cybersecurity issues relevant to attorneys and legal staff that work with cooperatives.

  • Managed Cybersecurity Service Providers Catalogue: To aid NRECA members that may be looking to outsource cybersecurity work, NRECA worked with the American Public Power Association on a joint project with PreScouter Inc. to develop a catalogue of managed security service providers that offer commercial off-the-shelf solutions. NRECA service and associate members who provide cybersecurity products and services are listed in a separate addendum.

Improving Cybersecurity Information Sharing in the Co-op Community

Receiving timely alerts on cybersecurity threats and implementing mitigation actions quickly are two key components for protecting cooperatives from cyber incidents. The RC3 program provides training and resources to increase awareness and access to existing organizations that provide threat alerts, and supports research and development projects that will improve the cooperative community's capabilities to respond to threats. In addition, the RC3 program is working to help cooperatives understand what information to share, with whom, and when. NRECA will publish its first case study on cybersecurity information sharing challenges and solutions in spring 2018.

Contact for Questions