NRECA's Rural Cooperative Cybersecurity Capabilities (RC3) Program is designed to support cooperatives as they work to improve the cyber and physical security of their organizations. The RC3 program is funded as a collaborative partnership between NRECA and the U.S. Department of Energy's Office of Electricity Delivery and Energy Reliability, under Award Number DE-OE0000807.
RC3 is focused on developing tools and resources appropriate for small- and mid-sized cooperatives that lack the resources to employ significant information technology staff. The RC3 program also provides collaboration, education, and training opportunities that are available to all cooperatives. Tools, products, and resources developed in the RC3 program are available to all cooperatives through this website.
The following are some key offerings from the RC3 Program. NRECA frequently will post updates and additional resources here.
RC3 Cybersecurity Summits
As part of the RC3 program, NRECA has been holding a series of free Cybersecurity Summits around the country for members. The more than 200 people who attended the 2017 Summits gave the sessions high marks, appreciating learning about cybersecurity opportunities and challenges, and interacting with co-op peers. For 2018/2019, we are adding optional half-day classes the day prior to the Summits, for an enhanced learning opportunity.
ANY member can attend!
The summits are not highly technical; no cybersecurity experience is necessary. In fact, we encourage cooperative staff from all departments to attend because today, everyone has a role in cybersecurity. Past attendees have held roles in co-op leadership, engineering, operations, telecommunications, finance, economic analysis, member services, procurement, and various other areas.
Classes Added to 2018/2019 Summits
In addition to the full-day summits, we are also offering two optional half-day classes the day before. One class is targeted to those unfamiliar with cybersecurity or who would like a refresher. The other is designed for those with cybersecurity experience, or who may oversee contracting with third-party providers.
Dates, Locations, and Details
Five summits are planned for 2018-2019. Six summits were offered in 2017 and the related materials and presentations are available to members in the archive below:
RC3 Cybersecurity Self-Assessment Research Program - NEW TOOLKIT NOW AVAILABLE!
Through the RC3 Self-Assessment Research Program, NRECA worked with cooperatives to test a new cybersecurity self-assessment tool. The tool, developed by NRECA, will help cooperatives understand their cybersecurity posture. Results of the self-assessment can be used by the cooperative to prioritize mitigation actions and develop a cybersecurity action plan for their organizations.
Lessons learned during the testing and deployment of the tool with the research program co-ops were used to make improvements to the self-assessment tool. The following report shares some of these lessons learned:
At the 2018 CEO Close-up Conference, six CEOs/GMs from cooperatives participating in the RC3 Self-Assessment Program participated on a panel discussion and subsequent table discussions about cybersecurity. Read what they had to say about cybersecurity and the RC3 Self-Assessment Tool:
RC3 Tabletop Exercise Toolkit (TTX Toolkit) – Coming soon!
A tabletop exercise (TTX) for cybersecurity provides a structured opportunity to test an organization's ability to assess and respond to a potentially damaging cyber incident. Through funding from the U.S. Department of Energy, NRECA and cybersecurity consultant Delta Risk, LLC designed the RC3 cybersecurity Tabletop Exercise Toolkit (TTX Toolkit) for distribution cooperatives with a range of in-house information technology (IT) and cybersecurity capabilities. The TTX Toolkit offers co-ops opportunities to enhance cybersecurity preparedness by providing relevant scenarios with real world implications. With the Toolkit, cooperatives can run tabletop exercises with staff from different departments in the cooperative, to raise cybersecurity awareness and preparedness, and to emphasize that cybersecurity is everyone's responsibility – not just IT's. The TTX Toolkit will be available in the Spring of 2019. Visit here often for updates.
- Factsheet (Summary)
- FAQ (Detailed Information)
- Link to TTX Toolkit Download – coming soon!
- Contact for questions: Adaora Ifebigh, Project Manager R&D Engagements, Adaora.Ifebigh@nreca.coop
RC3 Cybersecurity Learning Opportunities
Creating training and learning opportunities is a key component of the RC3 program, including:
Summits: See above
Creating New Cybersecurity Courses Addressing Co-op Needs: In 2017, the RC3 program offered two new courses at Co-op U. One covered issues associated with managing cybersecurity risk in purchasing decisions, and the second course focused on how to procure and manage cybersecurity vulnerability assessment providers. Additional cybersecurity courses will be offered in 2018 and will be announced on this website.
RC3 SANS Voucher Program for Cybersecurity Training:
Thanks to funding from the U.S.
Department of Energy, for a limited time NRECA’s Rural
Cooperative Cybersecurity Capabilities (RC3) program is able to offer
high-quality cybersecurity online training to electric cooperative employees at
no cost. Forty-one (41) cooperatives participated in the initial offering
in early 2018 and another thirty-six (36) cooperatives participated in the
second round of RC3 SANS Voucher Program. NRECA is now opening an opportunity
for a third group to take part in this program. This opportunity is limited in
availability and timeframe, and interested cooperatives must submit an
application for consideration by June 9th.
Guidebooks and Resources
The RC3 program is developing a series of resources to provide cooperatives guidance in addressing their cybersecurity needs:
RC3 Cybersecurity Guidebook Series: Like safety, cybersecurity is a responsibility of everyone at a cooperative. However, each job role in a co-op may have unique cybersecurity responsibilities. RC3 is developing a series of seven cybersecurity guidebooks to provide information pertinent to specific job roles within a cooperative. The first guidebook, focused on staff that have responsibilities in communications, member services and public relations, is expected to be released by June 2018. The second guidebook will focus on cybersecurity issues relevant to attorneys and legal staff that work with cooperatives.
Managed Cybersecurity Service Providers Catalogue: To aid NRECA members that may be looking to
outsource cybersecurity work, NRECA worked with the American Public Power
Association on a joint project with PreScouter Inc. to develop a catalogue of
managed security service providers that offer commercial off-the-shelf
solutions. NRECA service and associate members who provide cybersecurity
products and services are listed in this report as well.
Improving Cybersecurity Information Sharing in the Co-op Community
Receiving timely alerts on cybersecurity threats and implementing mitigation actions quickly are two key components for protecting cooperatives from cyber incidents. The RC3 program provides training and resources to increase awareness and access to existing organizations that provide threat alerts, and supports research and development projects that will improve the cooperative community's capabilities to respond to threats. In addition, the RC3 program is working to help cooperatives understand what information to share, with whom, and when. NRECA will publish its first case study on cybersecurity information sharing challenges and solutions in spring 2018.
Contact for Questions