Mike Couick
Before a severe storm crosses our state line, electric cooperatives here have already prepared for its arrival. They’ve tracked its movements, reserved line crews and stocked their trucks with equipment and materials to rebuild lines and restore power as quickly as possible.
If you ask any line superintendent, they’ll tell you much of that preparation happens before a storm is even assigned a name, with efforts like rights-of-way maintenance, system upgrades and the ability to reroute power around downed circuits.
When Winter Storm Izzy’s ice and wind caused thousands to lose power in January, Blue Ridge Electric Cooperative member Hal Stone could appreciate more than most the role that preparation, resources and collaboration played in getting it back on. As an information security expert with 28 years of experience, the Pickens resident has kept a watchful eye out for threats that can harm infrastructure and take out vital services, and he is helping South Carolina’s electric cooperatives protect themselves and their members from the gathering storm of cyberattacks.
Businesses, governments and utilities have all been victims of cybercrimes like ransomware, data theft and cyberespionage. The ransomware attack on Colonial Pipeline last May had a widespread impact, creating a gasoline shortage and confirming the vulnerability of our critical infrastructure.
Cybercriminals certainly don’t discriminate based on the size of the targets.. In November, Delta-Montrose Electric Association, a Colorado cooperative serving about 35,000 meters, was hit by a malicious cyberattack that took down internal systems like payment processing and billing for over a month. Fortunately, neither the cooperative’s distribution grid nor sensitive member data was breached, but such a threat looms over energy companies, big and small.
Information technology has been a driving force in the evolution of energy delivery. Cooperatives have built smart systems that can predict interruptions, locate trouble and prevent widespread outages. In many cases, members are able to connect and engage with these systems, allowing them to receive in-depth energy data and pay remotely. This evolution toward interconnectivity is necessary but brings the risks of cyberattacks.
Electric cooperatives recognize that they need to be as prepared for these kinds of attacks as they are for severe weather. Cyberattacks are just as inevitable as weather events, but their impact can be managed. According to Stone, mitigating that risk requires an investment in incident planning, security technology, personnel training, and resource sharing.
The cooperative model is well suited for this venture. Although electric cooperatives are autonomous organizations, the standard of cooperation provides a crucial network of support. That kind of partnership will be necessary if and when a cooperative system is compromised by a cyberattack. South Carolina’s cooperatives have already established a cybersecurity task force—made up of information technology and systems security professionals like Stone—to share the latest information and best practices about keeping their co-ops safe.
Cooperatives prioritize safety and reliability, so protection of their systems is nothing new. Co-ops have built firewalls that act as a barrier between their internal network and the public internet. Member and energy data is mirrored to remote servers in the event that the local data is breached. Cooperatives have strict policies on how their employees engage with the network, and the co-ops train them on how to avoid threats like phishing and spyware.
For decades, electric cooperatives have improved equipment, developed practices and upgraded materials primarily to prevent and restore outages created by environmental elements. It’s that devotion to the mission of providing safe and reliable power that is helping cooperatives face this new digital-age challenge.
Whether it’s a hurricane or a hack, I’m thankful cooperatives are looking out for their members and for the next threat to that mission.