How is Your Local Electric Cooperative Handling Cybersecurity?

Cybersecurity has become a top priority for many industries due to the increase in threats from destructive attackers. The electric industry is no different, and at Lake Region Electric Cooperative, (LREC), we are taking every precaution. 

“As a member-owned cooperative, we take protecting our members’ data very seriously,” states CEO Tim Thompson. Thompson further notes that with cyber threats constantly evolving, LREC continues to invest in the tools that support the security of our business, as well as in the education necessary to stay informed about best security practices. 

“As technology advances, so does the threat of a cybersecurity attack,” says Dylan Aafedt, Vice President of Business Solutions. “At Lake Region Electric Cooperative, we are hyperaware of these threats and maintain strict protocols for our network.”  

On a local level, LREC deploys various tools and software to protect our networks. This includes monitoring our network traffic 24/7 for any unusual activity, with server log files continually being scanned for patterns of brute force attacks or suspicious activity. On a regular basis, LREC conducts network penetration testing, which is the process of identifying all the assets active on a network and searching them for vulnerabilities.

“At LREC, we continually work to strengthen our network to help protect us from cyberattacks,” states Chad Sletmoen, LREC’s IT generalist. “This same approach is also taken with our employees through cyber security training.”

Throughout the entire organization at LREC, security best practices are a high priority. Everyone at LREC attends annual cybersecurity awareness training, with our IT team regularly attending further in-depth training and round-table discussions with other organizations inside and outside of the utility industry. LREC conducts monthly phishing email tests for all employees to keep awareness high. In addition, LREC uses multi-factor authentication, which requires employees to use two verification factors to gain access to their accounts.

These mandatory minimum standards for cybersecurity are not only set for LREC, but also for our wholesale power provider Great River Energy (GRE), who is a critical infrastructure company. GRE makes significant investments to protect their systems and information from ransomware attempts, phishing schemes, unauthorized access and other cybersecurity threats. 

By subscribing to early warning mechanisms that detect nation-state threats and participating in the sharing of intelligence information, GRE ensures they have information pertinent to cyber and physical security. GRE utilizes programs and organizations like the Cybersecurity Risk Information Sharing Program (CRISP) to guarantee they are at the highest level of cybersecurity. 

“Our participation in the Department of Energy’s Cybersecurity Risk Information Sharing Program gives us advantage over other utilities or non-utility entities,” says Marc Child, GRE information security program manager. “Working together in the program, we can detect early signs of surveillance or malicious actions by nation-states.”

CRISP is one of many tools and programs GRE utilizes to keep their network systems free of malicious cyber activity. GRE states that in today’s reality, no one is immune from a cyberattack, but through a well-known framework, best-in-class technology, comprehensive response procedures, strong industry partnerships and well-trained employees, you can build a solid cybersecurity posture to protect yourself against even the most sophisticated cybersecurity threats.

While GRE has received no indications of activity on GRE’s system, Child states that “It’s imperative we all do our part to ensure the security of our cyber assets.” 

Thompson agrees with Child’s statement, further adding “we must do better than our best to ensure our members have the power they rely on every day.” 

As a member of LREC, you can have confidence in your cooperative’s commitment to keep our nation’s electric grid secure and protect your personal information. If you have more questions about LREC and GRE’s cybersecurity response, please reach out to our team by visiting www.lrec.coop or calling (800) 552-7658.