Cyber Security in Electric Coops

The bad guys are trying to get in to the Grid Operational Networks

We have to do the basic cyber security activities: identify, protect, detect, respond, and recover from cyber attacks

Rapid changes in 10 years - From Analog and Legacy Digital to advanced interconnected IP ICS/SCADA networks

What we the electric coops in East Texas are doing

The IP network presents new capabilities for reliability and performance and new challenges to ICS/SCADA network security. Sam Houston started a focus in cyber security in late 2016 to NERC CIP and NIST standards. adding Firewalls and Monitoring systems, adding Awareness Training with scada focus, conducting Phishing training campaigns.

Grid Network is different from Enterprise

Focus is on Safety of People, protecting Equipment and Systems

Drivers for Cyber Security Changes

• Threat landscape changes daily
• State Actors (Asia, Russia, China, others)
• Terror Organizations
• Criminal Businesses that Focus on stealing or extortion
• Hackivists motivated by a cause

The Coop approach we are using

• Basic cyber security activities : Identify, Protect, Detect, Respond, and Recover.
• Threat hunting and baseline documentation is becoming a larger focus
• The question is not IF but WHEN or HAVE they already gotten into the OT network
• NERC CIP compliance improves cyber security,  but needs more
• Threats are constantly evolving on a daily basis
• Threat hunting and behavior baselines are becoming more important
• Awareness Training has to be done
• Deploy firewalls to isolate critical systems at each substation.
• Preparing for medium NERC CIP standards at Control Center.