Cybersecurity is a never-ending battle, with online criminals constantly adapting their tactics to outsmart the latest patch or protocol.
Fortunately, electric cooperatives have a partner in the fight: NRECA’s Rural Cooperative Cybersecurity Capabilities Program (RC3).
RC3, now entering its third and final year of funding from the U.S. Department of Energy, is aimed at helping co-ops create a culture of cybersecurity with resources, tools and trainings tailored to their unique needs.
“Size, location, access to cybersecurity experts, these are all critical issues for electric cooperatives confronting cybersecurity challenges,” said Cynthia Hsu, NRECA cybersecurity program manager and RC3 lead. “One way cooperatives can balance the scales is through our commitment as co-ops to help one another. The RC3 program is designed to facilitate and build on our cooperative culture.”
Since its inception in 2016, RC3 has provided cybersecurity training to more than 200 leaders at 36 co-ops through the RC3 Self-Assessment Research Program. These cooperatives have in turn helped the RC3 team build a self-assessment toolkit for all NRECA members to use.
In 2017, RC3 held six cybersecurity summits around the country where co-op staff exchanged experiences and knowledge. Nearly 200 attendees from 152 co-ops participated. RC3 also is providing vouchers to 40 co-ops for training at the SANS Institute, a nationally recognized information security educator.
“Bringing co-ops together to talk about the difficulties they face and creative solutions they use has been a key to the success of the RC3 effort,” Hsu said. “There’s really no substitute for one-on-one interactions. And the feedback for summits was so overwhelmingly positive we are organizing another series of five summits.”
In addition, the RC3 team is writing a series of seven cybersecurity guidebooks to help co-ops understand the unique cybersecurity responsibilities associated with each job role, such as communications and member services, human resources and benefits administration, finance and billing, and attorneys and legal staff.
“Cybersecurity is not just an IT problem,” said Hsu. “Every staff member in a co-op has a responsibility and opportunity to help defend their cooperative.”
Hsu says since the launch of RC3, she’s seen a steady elevation of the issue of cybersecurity among electric cooperatives. “People have begun to understand that there’s no such thing as too small or too remote,” says Hsu.
“Like safety, cooperatives are interested in building a culture of security. Our job in the RC3 program is to help them along the way, providing training, tools and resources to build stronger cybersecurity programs.”