Since 2004, the President of the United States and Congress have declared October Cybersecurity Awareness Month, helping citizens protect themselves online as our technology and threats to that technology becomes more sophisticated and interwoven in our daily lives.
Cybersecurity is the art of protecting networks, devices, and data from unlawful access or criminal use, and providing confidentiality, integrity, and availability of information. As cybersecurity threats continue to grow at home and in the workplace, it's important to know the measures NIPCO has implemented to educate and protect its employees and our member cooperatives to safeguard against cyberattacks and maintain the safe and reliable delivery of power throughout western Iowa.
Electric co-ops are guided by seven cooperative principles. One of these principles, "Cooperation Among Cooperatives," has never been more critical as it pertains to protecting and defending our nation's electric grid from cyberattacks. As the grid evolves and new technologies emerge, this creates additional opportunities for threat actors to target our systems.
Electric cooperatives are coming together to fight back and add resiliency to the electric grid. When it comes to cybersecurity, cooperation among cooperatives happens in a multitude of ways.
NIPCO works closely with our member cooperatives, G&Ts across the US, the Iowa Association of Electric Cooperatives, and the National Rural Electric Cooperative Association (NRECA) to establish relationships, provide tools, and to share resources and training information to harden and improve the overall cyber landscape.
Steve Spieler, NIPCO's Chief Information Officer, believes that the first and best line of defense against cyber threats is human. Here, education is imperative. "NIPCO and many of our member cooperatives actively participate in ongoing educational programs and training," explained Spieler. "KnowB4 is the world's largest integrated platform for security awareness training. Employees of NIPCO and our member co-ops are provided with resources and tools to help identify the ways threat actors try to penetrate their organizations, such as social engineering, spearfishing, and ransomware attacks."
Spieler also leads NIPCO through regular training provided by NRECA's RC3 Program. The Rural Cooperative Cybersecurity Capabilities (RC3) Program has tools and resources that assist cooperatives in identifying weaknesses to cyberattacks and developing an incident response plan. NIPCO conducts periodic exercises among staff members to test these plans. "How we respond in these drills deepens our learning so we can improve our skillset in protecting our members and our infrastructure," Spieler said. "Information-sharing and networking across cooperatives in our system as well as nationally makes us all stronger and more cyber-aware." Spieler, along with IT Administrator Kyan Ludwig, provides IT (information technology) support services, upon request, to member co-ops that include:
Communicate with NIPCO Members about new technologies or settings to help them secure their hardware, software, and networks from hackers;
Help implement new hardware, software, or technologies;
Utilize NIPCO as a Help Desk to answer any members' questions on anything that is IT-related;
Provide another set of eyes to help troubleshoot any IT issues that they may have.
Spieler and Ludwig believe there is no silver bullet approach to protecting against cyber-attacks. "It's more like silver buckshot," says Ludwig. "It takes many levels of security, an ongoing commitment by every employee, and lots of training to stay one step ahead of hackers."
While Cybersecurity Awareness Month dedicates just thirty-one days to education and awareness, NIPCO, its member electric cooperatives, and local and national partners are equally committed to the other 334 days to advancing cybersecurity defenses to keep our systems secure.