NRECA's Rural Cooperative Cybersecurity Capabilities (RC3) Program is designed to support cooperatives as they work to improve the cyber and physical security of their organizations. The RC3 program is funded as a collaborative partnership between NRECA and the U.S. Department of Energy's Office of Electricity Delivery and Energy Reliability, under Award Number DE-OE0000807.

RC3 is focused on developing tools and resources appropriate for small- and mid-sized cooperatives that lack the resources to employ significant information technology staff. The RC3 program also provides collaboration, education, and training opportunities that are available to all cooperatives. Tools, products, and resources developed in the RC3 program are available to all cooperatives through this website.

• RC3 At A Glance (August 2018)
• Tech Advisory: RC3 Overview (February 2017)
• Article: RC3 Leverages 'Cooperation Among Co-ops' to Confront Cybersecurity Challenges (October 2018)
• Cooperative Cybersecurity: Are you doing everything you can to keep your network safe? (August 2018)

The following are some key offerings from the RC3 Program. NRECA frequently will post updates and additional resources here.

RC3 Cybersecurity Summits

As part of the RC3 program, NRECA has been holding a series of free Cybersecurity Summits around the country for members. The more than 200 people who attended the 2017 Summits gave the sessions high marks, appreciating learning about cybersecurity opportunities and challenges, and interacting with co-op peers. For 2018/2019, we are adding optional half-day classes the day prior to the Summits, for an enhanced learning opportunity.

ANY member can attend!

The summits are not highly technical; no cybersecurity experience is necessary. In fact, we encourage cooperative staff from all departments to attend because today, everyone has a role in cybersecurity. Past attendees have held roles in co-op leadership, engineering, operations, telecommunications, finance, economic analysis, member services, procurement, and various other areas.

Classes Added to 2018/2019 Summits

In addition to the full-day summits, we are also offering two optional half-day classes the day before. One class is targeted to those unfamiliar with cybersecurity or who would like a refresher. The other is designed for those with cybersecurity experience, or who may oversee contracting with third-party providers.

Dates, Locations, and Details

Five summits are planned for 2018-2019. Six summits were offered in 2017 and the related materials and presentations are available to members in the archive below:

• 2018 / 2019 Summits and Classes
• 2017 Summits Archive
  

RC3 Cybersecurity Self-Assessment Research Program - NEW TOOLKIT NOW AVAILABLE!

Through the RC3 Self-Assessment Research Program, NRECA worked with cooperatives to test a new cybersecurity self-assessment tool. The tool, developed by NRECA, will help cooperatives understand their cybersecurity posture. Results of the self-assessment can be used by the cooperative to prioritize mitigation actions and develop a cybersecurity action plan for their organizations.

• The RC3 Cybersecurity Self-Assessment DIY Toolkit is now available to NRECA members.
• Fact Sheet on the Toolkit

Lessons learned during the testing and deployment of the tool with the research program co-ops were used to make improvements to the self-assessment tool. The following report shares some of these lessons learned:

• RC3 Self-Assessment Research Program Lessons Learned

At the 2018 CEO Close-up Conference, six CEOs/GMs from cooperatives participating in the RC3 Self-Assessment Program participated on a panel discussion and subsequent table discussions about cybersecurity. Read what they had to say about cybersecurity and the RC3 Self-Assessment Tool:

• Tech Advisory: RC3 Self-Assessments - What CEOs and GMs Have to Say about Cybersecurity
  

RC3 Cybersecurity Learning Opportunities

Creating training and learning opportunities is a key component of the RC3 program, including:

Summits: See above

Creating New Cybersecurity Courses Addressing Co-op Needs: In 2017, the RC3 program offered two new courses at Co-op U. One covered issues associated with managing cybersecurity risk in purchasing decisions, and the second course focused on how to procure and manage cybersecurity vulnerability assessment providers. Additional cybersecurity courses will be offered in 2018 and will be announced on this website.

RC3 SANS Voucher Program for Cybersecurity Training:

Thanks to funding from the U.S. Department of Energy, for a limited time NRECA’s Rural Cooperative Cybersecurity Capabilities (RC3) program is able to offer high-quality cybersecurity online training to electric cooperative employees at no cost. Forty-one (41) cooperatives participated through an initial offering in early 2018, and NRECA is now opening an opportunity for a second group to take part in the RC3 SANS Voucher Program. SANS is a world-renowned cybersecurity training, certification and research company, and the available courses can benefit any co-op, regardless of size or IT resources. This opportunity is limited in availability and timeframe, and interested cooperatives must submit an application for consideration by November 16.

• Advisory and FAQ
• Application for Participation

• Contact for questions: Lauren Khair, Senior Analyst, Economics & Industry, Lauren.Khair@nreca.coop

Guidebooks and Resources

The RC3 program is developing a series of resources to provide cooperatives guidance in addressing their cybersecurity needs:

• RC3 Cybersecurity Guidebook Series: Like safety, cybersecurity is a responsibility of everyone at a cooperative. However, each job role in a co-op may have unique cybersecurity responsibilities. RC3 is developing a series of seven cybersecurity guidebooks to provide information pertinent to specific job roles within a cooperative. The first guidebook, focused on staff that have responsibilities in communications, member services and public relations, is expected to be released by June 2018. The second guidebook will focus on cybersecurity issues relevant to attorneys and legal staff that work with cooperatives.
  

• Managed Cybersecurity Service Providers Catalogue: To aid NRECA members that may be looking to outsource cybersecurity work, NRECA worked with the American Public Power Association on a joint project with PreScouter Inc. to develop a catalogue of managed security service providers that offer commercial off-the-shelf solutions. NRECA service and associate members who provide cybersecurity products and services are listed in this report as well.
  

• Managed Cybersecurity Services Providers for Electric Utilities

Improving Cybersecurity Information Sharing in the Co-op Community

Receiving timely alerts on cybersecurity threats and implementing mitigation actions quickly are two key components for protecting cooperatives from cyber incidents. The RC3 program provides training and resources to increase awareness and access to existing organizations that provide threat alerts, and supports research and development projects that will improve the cooperative community's capabilities to respond to threats. In addition, the RC3 program is working to help cooperatives understand what information to share, with whom, and when. NRECA will publish its first case study on cybersecurity information sharing challenges and solutions in spring 2018.

Contact for Questions

• Cynthia Hsu, cybersecurity program manager, NRECA, cynthia.hsu@nreca.coop
• RC3 team at CyberSecurityRC3@nreca.coop