Cooperatives Participate in October Cybersecurity Awareness

October, along with being Co-op Month, is also Cybersecurity Awareness Month (CSAM), a topic important to co-ops’ future technology planning. The federal government’s Cybersecurity and Infrastructure Security Agency (CISA) established the observance in 2004 to call attention to what is still a growing problem worldwide. For the third straight year, NRTC is a Cybersecurity Awareness Champion and supporting CISA’s efforts.

Watch NRTC’s social media channels for announcements of CSAM activities throughout October.

CISA works with private industry each year to emphasize particular cybersecurity themes. This year, those themes include:

• Enabling multi-factor authentication (two-step process to access information)
• Using strong passwords and a password manager
• Updating software
• Recognizing and reporting phishing.

NRECA also has a number of activities planned during CSAM. Among them is an “Along Those Lines” podcast to be posted later this month. On Nov. 8-9 (slightly after Cybersecurity Awareness Month), NRECA will hold its 2022 Co-op Cyber Tech conference in Washington, DC.

To kick things off, NRECA Chief Scientist Emma Stewart appeared on a panel yesterday hosted by Women in Cybersecurity. “Complacency [with cybersecurity] is what I think is the biggest threat to our grid right now,” she said. “If we stop thinking about it because we think we’ve already succeeded, then were stuck,” she said.

Rural cooperatives are especially affected by certain challenges, such as maintaining a workforce that is trained to deal with cyber threats. She noted that cyber threats are hitting as new technologies and services are appearing in rural areas, such as distributed energy resources (DERs). “All of these things are together, not separate. I work with co-ops a lot and there’s not necessarily enough staff to do all of these things at the same time,” Stewart said. Co-ops will have to either retrain people who have no background in cybersecurity or go out and find people with cybersecurity skills.

Fellow panelist Cheri Caddy, senior advisor in the Office of the National Cyber Director, expanded on the DERs issue, which potentially increases the number of points where hackers can inject malware into the millions.

“It gets down to the consumer level where you have solar panels on your rooftop and maybe an EV charging port in your garage. It’s part of this emerging internet of things where we’re building all these additional digital assets and connecting them,” she said. “For any kind of technological change, we have to be mindful of the cybersecurity implications. Are we ready? Well, the future is now and it’s happening whether we’re ready or not.”

Congress in the Infrastructure Investment and Jobs Act last year appropriated $21 million for the new National Cyber Director, a position it created within the Executive Office of the President. Since then, it has been developing a cybersecurity strategy.

Two of the four outcomes the office hopes to achieve are to “improve public-private collaboration by tackling cyber challenges across sectors” and to “increase present and future resilience by ensuring the nation’s workforce, technologies, and organizations are fit for today and future-proofed for tomorrow,” according to a recent report (PDF) by the Government Accountability Office (GAO).

The office is looking at programs to encourage public/private collaboration of security technologies and to ensure that qualified workers are in place throughout the public and private sectors. “The federal government needs to fully develop and implement a comprehensive national strategy in order to have a clear roadmap for overcoming the cyber challenges facing our nation,” GAO concluded.