A cyberattack on an electric cooperative’s IT or OT systems can be the digital equivalent of a bomb going off, compromising member data and putting critical hardware and software at risk or out of commission.

The key to heading off such an event, says Ryan Newlon, NRECA principal for cybersecurity solutions, is getting “left of boom”—taking steps before a cyberattack, both to reduce the chance of an attack and its impact, should one occur.

As part of NRECA’s Rural Cooperative Cybersecurity Capabilities (RC3) Program, Newlon has put together a web-based Cyber Incident Response Plan Development Workshop to guide co-ops through the essential steps:

• Know your environment. “Left of boom is about making sure your environment is safe and secure,” Newlon says. “And you can’t do that without knowing what’s in your environment, both IT and operational technology (OT).” That includes not only technology and software, he adds, but also personnel.

• Know your gaps. These are not just holes in system security, like, say, an older, unsecure printer connected to the internet, allowing access into your network. It’s also gaps in operating procedures that can make you vulnerable. “Do your IT personnel talk to your OT personnel?” Newlon says. “If you don’t have that communication, that’s a gap.”

• Have a plan. Even with the best precautions, a co-op can still end up dealing with a cyberattack. Knowing who will respond, what their roles are and the tools they have at hand is essential. “Figure out what your resources are before things hit the fan,” Newlon says, “because when cyber hits the fan, chaos ensues.”

• Backups. “Do them, test them,” Newlon says. It’s also important that your network backup is segmented, he adds, providing additional protection for key components.

• Train as you fight. Whether it’s “five people around a table” or participating in a larger event such as the Co-op Cyber Tech Conference, Nov. 8–9 in Washington, D.C., it’s necessary, Newlon says, to train facing real-world situations.