Understanding and Preparing for Cyber Threats

Brian Burnett

The cyberattack on the Colonial Pipeline in May resulted in gasoline shortages that affected North Carolinians and others in our region in a very real way. The incident brought high-profile attention to cybersecurity vulnerabilities in the nation’s energy infrastructure.

Cybersecurity has long been a top priority for North Carolina’s electric cooperatives, including the North Carolina Electric Membership Corporation (NCEMC), one of the largest generation and transmission electric co-ops in the nation. We take cybersecurity very seriously, and maintain a proactive philosophy in defense and response.

The technical environments used at NCEMC are divided into two different areas: Business Information Technology and Operational Technology. These two areas serve two very different functions.

The Business IT area supports what most people are familiar with for a normal business to function: the technology that supports areas like human resources, finance, training and email communications. Each of these areas uses computers and networks that need to be protected from cyberattacks, such as threats from phishing attempts, ransomware and other malware. An attack on the business environment — which is what happened in the case of the Colonial Pipeline — can impact day-to-day operations and delivery of service, both internally and externally.

Threats change every day, and a successful program must be monitored, reviewed and updated on an ongoing basis.

The Operational Technology area is what manages, monitors and operates the power generation, distribution and overall management of the power we all rely on. The technology that covers this area is very specialized and is set up a lot differently than a Business IT environment. However, this technology needs defense to ensure power service is not interrupted. Policymakers typically address the Operational Technology side when discussing cybersecurity — in fact, there is currently a national 100-day initiative in place to improve cybersecurity across the U.S. power grid.

When it comes to looking at potential cyber­attacks, NCEMC maintains the philosophy of “not if, but when” to be prepared for any scenario. Unfortunately, there is no way to completely secure any environment that is talking to the outside world via an internet connection, whether a personal connection at home or a business system. The approach must be that of robust, proactive defense, as well as a strong and regularly practiced response plan.

In following best practices, NCEMC has continued to build on the foundation of our cybersecurity program, focusing on improving response capabilities as well as updating policies and procedures, which also include considerations for any potential ransomware attack like the one that crippled the Colonial Pipeline. A critical part of developing a strong cybersecurity program is having the buy-in and support of senior leadership, which in many organizations is one of the biggest hurdles. Fortunately for NCEMC and North Carolina’s electric cooperatives, senior leadership is truly invested in the support of cybersecurity programs and doing what is best to assure the best possible security for our organizations and our service to members.

Cybersecurity is not a one-and-done solution. It is not a matter of implementing tools and processes and then walking away. Threats change every day, and a successful program must be monitored, reviewed and updated on an ongoing basis. North Carolina’s electric cooperatives are committed to meeting that requirement, and dedicated to providing secure, reliable service to the communities we serve.