CEO’s Message – June 2024

What Does It Take To Secure Your Power Grid?

Over the last 3 years, the number of cyber attacks directed at the power grid and utility infrastructure has more than doubled. Cybersecurity has become perhaps the single most important security issue that we face at Columbia REA. We take steps to prepare for other threats like fire season, and in most cases can identify a potential incident ahead of time; the same with weather-related events and even peak-demand periods that may pose a threat to the steady delivery of electricity.

But cyber threats are out there 24/7/365, and entirely unpredictable…or worst case scenario, undetectable.

“That is definitely the nightmare situation,” says Brendan Johnson, Columbia REA Manager of Information Technology.

“It’s very rare that somebody just gets in through an open hole in your security somewhere. It’s almost always a human failure…somebody on the team clicks on something that somehow lets a bad actor into the system. Once inside, the bad guys can give themselves access to do whatever they want. And the biggest concern is that they’re inside poking around…waiting for the right opportunity to do us the most harm, and we don’t know it.”

“The number of attempts that we see every day is incredible. It’s literally constant… always happening,” adds Brendan.

“Our system blocks between 4,000 and 6,000 emails every day, and flags another 100 to 300 as potentially dangerous, and another 300 to 600 as just spam.”

The technology works, but as Brendan notes, it’s equally, if not more important, to make sure the staff also knows how to “flag” potentially harmful emails, phone calls, and even text messages.

“We take a comprehensive approach to cybersecurity that any high-tech, mission-critical, essential service industry would be required to have. We continually train and test our employees. We incorporate the same level of security requirements as hospitals and banks. These requirements are not utility-specific, it’s a much broader cybersecurity approach, and it is constantly evolving.”

Frequent updates, new version installs, and software licensing agreement renewals are part of our everyday lives now. Whether you work primarily on a laptop or desktop computer in the office, or a mobile phone or tablet out in the field, all of these devices, and the software that runs them, are potential entry points for bad actors. Ironically, the more that utilities integrate digital technology into daily operations, the more effort, expense, and resources need to be dedicated to maintaining system and informational integrity. Staying ahead of potential breaches requires continuous innovation as well as a commitment to continuous training and investment of resources.

Columbia REA was built on 3 simple ideas: commitment to safety, keeping your lights on, and keeping your rates as low as possible. Cybersecurity protects all 3 of these pillars, and we will continue to do whatever is required to protect your co-op.

Best,
Scott Peters, CEO