Each month, we ask a panel of electric cooperative leaders a question about an important industry issue or trend.

How do Cyber Champions apply the cooperative model to cybersecurity?

Answer: I am proud to represent EnergyUnited and serve as a member of the Cyber Champion team. This effort reinforces our ongoing commitment to strengthen cybersecurity across our cooperative network, protect service reliability and secure our members’ data. Historically, electric cooperatives have leveraged the cooperative model to meet our communities’ greatest needs. When a major storm impacts our communities, we see linemen across the nation jump into action to complete the hard work that is required to restore service to cooperative members. While the cooperative model is most visible from an operational perspective during major storms, cyber champions offer their expertise to produce positive cybersecurity outcomes across our cooperative community that will ultimately protect critical services and data. This collaboration, highlighted by our participation in initiatives like NRECA’s 20 Co-op Cyber Goals, increases cybersecurity awareness, knowledge and focus as we reinforce our commitment to protecting member data while exceeding service expectations. As this program continues to evolve, I look forward to further applying the cooperative model to advance this important mission.

Answer: One of our greatest principles is cooperation among cooperatives; I think it’s what makes us truly unique. In the cooperative utility space, this means sharing knowledge, resources, expertise and lessons learned to improve the collective security posture of all cooperatives. Cyberthreats don’t recognize organizational boundaries. Cyber Champions understand that defending one cooperative helps defend the entire network of cooperatives and the communities they serve. Peer-to-peer information sharing, joint cybersecurity training, collaborative incident response planning and coordinated tabletop exercises are all ways in which I have seen this approach play out. Mature cooperatives often mentor smaller or resource-constrained cooperatives by sharing best practices, tools and technical expertise. We also encourage transparency and trust, recognizing that openly discussing cyber incidents helps others prepare and avoid similar threats. The cooperative model also promotes cost-effective cybersecurity solutions through shared services, group purchasing and partnering with state and federal agencies. Cyber Champions apply the cooperative model by fostering a culture of collaboration, resilience and shared responsibility, ensuring that cybersecurity becomes a community effort focused on protecting critical infrastructure and the members who depend on it every day.

Answer: Cybersecurity is one area where the cooperative model gives us a real advantage. Threat actors collaborate constantly, share information quickly and adapt in real time. If cooperatives try to defend themselves alone, we will always be reacting instead of preparing. To stay ahead, cybersecurity requires us to evolve from a reactive mindset into a proactive one. As a Cyber Champion, I believe cybersecurity works best when cooperatives apply the same principles that built our industry in the first place: education, trust and cooperation among cooperatives. Not every co-op has the staffing or resources of a large utility, but together we create a network of shared experience and support that strengthens everyone involved. For me, it starts with relationships. Technology matters, but trust between cooperatives matters just as much. When co-ops are willing to share lessons learned, discuss incidents openly and help each other improve, one cooperative’s experience can help prevent another’s outage or security event. The threat landscape evolves daily, which is why initiatives like Cyber Champions and “No Co-op Left Behind” are so important. They help smaller cooperatives gain access to knowledge, training and partnerships they may not otherwise have, ensuring no co-op has to face today’s cybersecurity challenges alone. Cybersecurity is no longer just an IT responsibility. It is operational resilience, member trust and the protection of the critical infrastructure our rural communities depend on every day.

Answer: Cybersecurity is a pressing issue for anybody supporting critical infrastructure, but it can be difficult for a co-op, particularly a smaller co-op, to retain staff dedicated to securing their networks. Even if that task is delegated to a managed service provider, some degree of oversight is needed to ensure that the services provided meet the co-op’s needs, which brings you right back to needing somebody in-house with the background to provide that oversight. In Ohio, we’ve taken a page from our statewide safety program and cooperated in addressing those cybersecurity needs. In my role at OEC, I help our members through the RC3 cybersecurity self-assessment, run tabletops, lead trainings and help develop and update policies to address changing security threats. While no two co-ops are the same, a lot of the threats we face are, and it’s been valuable to avoid the duplicated effort inherent in going it alone. If one co-op wants additional training on IT/OT segmentation or a tabletop covering a ransomware attack, that same material will also be relevant to most of our members. IT managers usually feel overworked, and that only gets worse when you add security awareness training and assessments to their plate. Having a dedicated, centralized cybersecurity resource returns time to our IT managers while also improving the effort we’re able to devote to staying on top of security.

Answer: I apply the cooperative model to cybersecurity by treating it as a shared responsibility, not a siloed technical function. Just like our electric cooperatives exist to serve members through collaboration and mutual support, cybersecurity is strongest when it’s built on trust, transparency and cooperation, both inside a co-op and across the broader cooperative network. At my co-op, that starts internally. I focus on educating and empowering employees at every level, translating cyber risk into plain language and encouraging questions without fear of blame. When people feel ownership, cybersecurity becomes part of the culture, not just a checklist. I facilitate and encourage learning communities, peer discussions and shared problem-solving so employees learn from one another, not just from me. Externally, I practice “cooperation among cooperatives.” As a Cyber Champion, I actively share lessons learned, tools and resources with other co-ops, whether that’s through formal programs, regional conferences or informal conversations. If one of us learns something the hard way, we all benefit by passing that knowledge along. I also advocate for meeting co-ops where they are. The cooperative model recognizes that size, budget and maturity vary, so cybersecurity guidance has to be flexible and right-sized, not one-size-fits-all. By collaborating rather than competing, we strengthen collective resilience and help ensure that no cooperative is left behind.

Related Content

• 'No Co-op Is Left Behind': Cyber Champions Mobilize to Strengthen Grid Security