As you encourage your customers to stay cyber safe during Cybersecurity Awareness Month, it is a good time to also assess your utility’s cybersecurity posture and capabilities.
As part of our nation's critical infrastructure, public power utilities have information technology systems as well as operational technology systems on which they and their communities rely. Critical infrastructure must be protected against many different types of threats, both physical and cyber. There are many different types of bad actors threatening utility cybersecurity: “hacktivists,” cybercriminals, cyberterrorists, nation-state actors, and others. Their goals may include sending a message, stealing money or intellectual property, causing panic, and threatening national security. It isn’t always about whether a bad actor is attacking you directly – which, as a critical infrastructure owner, you very well may be an intended target at times – but also about the lowest hanging fruit. Perpetrators of cyber attacks can, and do, conduct automated attacks looking for those who haven’t installed the latest patches, who have open ports on the internet, who are using default passwords on components, or who have poor cyber hygiene and click suspicious or bad links that are scattershot out.
Your customers expect reliable service and strengthening your cyber posture is a crucial step in ensuring the systems you rely upon are available when you and your customers need them. Assessing your cybersecurity posture includes everything from looking at how your IT and OT systems do or don’t interact, how much information you receive from vendors, the confidence you have in all the components coming from your supply chains, and how you train your staff to be cybersecure as they work within these environments.
Resources to Help You
To help you prepare for mitigating and responding to these threats, APPA stays connected with various industry and government partners and curates tools and resources on cybersecurity. Our upcoming Cybersecurity Resource Guide for Public Power links to a variety of organizations and tools that can help you on your cybersecurity journey based on the National Institute for Standards and Technology’s Cybersecurity Framework. Watch for an announcement soon about the release of the new guide.
Some of these resources and tools include those that help you:
Assess and improve your posture
- Axio 360 for Public Power
- Cybersecurity Capability Maturity Model (C2M2)
- Public Power Cybersecurity Roadmap
- Cybersecurity and Infrastructure Security Agency’s evaluation tools and assessments
Stay informed/Stay connected
- Sign up for alerts from E-ISAC and/or MS-ISAC.
- Join our Cybersecurity Defense Community.
- Ask questions and get the latest threat updates relevant to public power on our security listserv.
- Provide input on APPA’s cyber initiatives, including commenting on our activities under cooperative agreements with the Department of Energy, by joining the Cybersecurity Defense Community (email [email protected]) .
Prepare your response
- Bring one of our cybersecurity training courses to your staff.
- Practice using our tabletop exercise in a box and participate in our future cyber exercises.
- Download our Cyber Incident Response Playbook.
- Consider joining the cyber mutual assistance network.
During these unstable geopolitical times we live in, it’s more important than ever to be hyper-vigilant. Thank you for all you do to keep our nation’s critical infrastructure — and your communities — protected. Let us know how else APPA can support your utility in strengthening your cybersecurity practices and posture – email our team at [email protected].
This is the second part of our blog series for Cybersecurity Awareness Month. Read the first part, Championing Cybersecurity Awareness, for guidance and resources for sharing cybersecurity tips with your customers.