Corn Belt Power begins NRECA’s RC3 program

As the electric utility industry evolves, so do the threats that face it.

Jon Myer, one of Corn Belt Power’s information technology administrators, calls the cyber security threat one of the more dangerous the utility industry faces.

“It’s a very real threat,” he says. “It’s actualized all the time, specifically against electric utilities.”
This fall, Corn Belt Power and electric cooperatives across the state of Iowa began to take part in the National Rural Electric Cooperative Association’s Rural Cooperative Cybersecurity Capabilities Program (RC3).

NRECA began RC3 in July 2016 after receiving funding from the Department of Energy’s Office of Electricity Delivery and Energy Reliability. The program will offer online education, training materials and vulnerability assessment tools; reduced-cost access to cybersecurity training programs; and increased opportunities for information sharing and to participate in RC3’s cybersecurity research efforts.

Last year, the Iowa Association of Electric Cooperatives convened an RC3 committee. Iowa’s three generation and transmission cooperatives began the program’s self-assessment earlier this fall. 

“The program helps us identify our assets, detect threats and vulnerabilities and secure our physical security,” he said. “This program is going to allow us to be in line with industry standards and best practices.”

Identifying threats is just one piece of the RC3 project.

“We’re finding that we have a lot of the infrastructure in place, however, an organization's job is never finished when dealing with cyber threats,” Myer said. “Ultimately, we’re going to be able to protect our systems with enhanced firewalls. Corn Belt Power is going to be able to better detect potential threats and learn how to respond to those threats.”

In the early stages of the project, Myer says he and his Corn Belt Power IT colleagues Dennis Anderson, IT adminstrator, and Kevin Hapes, applications support specialist, are learning a lot.

“It’s been beneficial in showing us where we stand within the current threat landscape,” he said. “So far, it’s helped us develop a plan and a way forward.”

Collaboration with Corn Belt Power’s distribution member-cooperatives is key to the success of the program.

“We’ve been in open communication with our distribution systems on the process,” he said. “It’s mutually beneficial for us to establish secure connections within our own systems.”

Corn Belt Power will continue with its self-assessment before receiving its initial findings. Axio, an integrated cyber risk management company, has been contracted by Iowa’s electric cooperatives to facilitate the program.