How To Prepare
Since April 2014, Sue Kelly has been president and CEO of the American Public Power Association – the voice of not-for-profit, community-owned utilities that power 2,000 towns and cities nationwide. Earlier, she was the senior vice president, policy analysis and general counsel. Under Kelly’s leadership, the association has advocated on wholesale electric market issues, worked to strengthen cybersecurity awareness and resources for utilities and raised the profile of public power in Washington, D.C.
My father was a career fighter pilot who flew P-47s during the Normandy invasion and the Battle of the Bulge. I had to always answer the phone saying "Colonel Kelly's quarters, Susan speaking." Growing up as an Air Force brat, I had certain values drilled into me. Be aware, take responsibility, work as a team, and be prepared. Today, these same values can help us all to combat the security threats facing our industry.
Rule #1: Be aware: The first rule of cybersecurity for electric utilities is to understand the nature of cyber threats and to acknowledge that no one is immune from attack. The enemy is often unknown but the threats are widespread.
Today, sophisticated cyber-attacks are directed not just at government and military installations, credit card systems of major retailers, or the infrastructure of large utilities. Hackers are waiting to get in wherever there are chinks in the armor.
More than half of all public power utilities serve fewer than five thousand people. These utilities may think they are too small to attract attention. But ransomware attacks have hit a number of small municipalities. And the very troubling cyber security incident in the Ukraine in December 2015 shows our adversaries can strike anywhere.