Guarding the grid
by Luann Dart
|As a cybersecurity specialist at Minnkota Power Cooperative, Justin Haar helps guard the electric power grid from hackers.|
Justin Haar is one of the guardians of the cyberspace galaxy at Minnkota Power Cooperative. The team defends against cyberattacks on the internet highway, as malicious hackers continually try to find an offramp into the cooperative’s systems.
As a cybersecurity specialist at Minnkota Power Cooperative, Haar is just one defender of electric cooperative consumers, keeping them safe from cyber threats to their electrical power grid.
While cybersecurity is a challenging concept to describe, Haar simplifies it: “It’s the job of trying to ensure that computers are only used by the people who should use them in the way they are intended to be used. It gets down to protecting people from the malicious actors that are out there.”
Daniel Graham, chief security/compliance officer at Basin Electric Power Cooperative, describes cybersecurity as a triad composed of confidentiality, integrity and availability.
“Confidentiality is making sure that only people who are supposed to see the information can see it, integrity is what you put down is not altered along the way and availability is that it’s available when you need it,” he says.
North Dakota’s electric cooperatives continually monitor their systems for cybersecurity threats, as nearly every aspect of today’s business is tied to the internet in some way.
Electric generation and transmission cooperatives like Minnkota Power Cooperative, based in Grand Forks, and Basin Electric Power Cooperative, headquartered in Bismarck, provide power to the distribution electric cooperatives, which then flow power to the end consumer.
Minnkota provides wholesale electric energy to 11 member-owner distribution cooperatives in eastern North Dakota and northwestern Minnesota. Basin Electric Power Cooperative is a generation and transmission cooperative owned by 131 member cooperative systems across nine states.
“Our focus is making sure our system is protected so we can continue providing power to our members,” Graham says.
All pieces of the puzzle
The pieces of cybersecurity form a triangle, made up of people, process and technology, Haar explains.
“I always view technology as the smallest end of that triangle. It’s 10% of the challenge. If you have the technology set up right, it’s working and it’s going to continue to work. It’s the people and the processes that really drive an organization and can introduce those security threats,” he says.
Threats, he says, are more likely to come from hackers trying to trick employees into providing information to access the system.
“They can’t get around our technology easily, but if they can get a person on the inside to let them in, they don’t have to worry about the technology, because they’re already past it,” Haar says.
So, electric cooperative employees are trained and educated to identify what’s safe and not safe and to “think twice before clicking,” Haar says.
“Helping people understand why it’s important and generate buy-in with them, so they want to protect the cooperative and the organization and they want to make sure that we are safe and secure,” he describes.
That triangle helps “detect, deter, prevent and recover from cyberattacks,” Graham says.
The energy sector sees many types of hackers trying to infiltrate a system. One is the foreign country or entity working on behalf of a foreign country. “Their interests are in gaining access to things that could cause disruption or reduce reliability of the grid,” Haar says.
A more common type are those trying to trick the organization into giving away money, such as installing ransomware on a computer or impersonating a CEO asking the company to wire money.
New safeguards added
But electric cooperatives have safeguards in place, such as a new system developed by the National Rural Electric Cooperative Association in collaboration with the U.S. Department of Energy and two development partners. The system uses sophisticated real-time anomaly detection to identify and warn of possible network breaches.
“It gives us a greater insight or view into what is happening in our control network, so we can avoid issues,” Haar says. “I think it’s a game-changer, because it’s a space that’s hard to get visibility in using our traditional IT tools. It is designed by people who really understand energy transmission and distribution.”
The cooperatives also keep the business system separate from the electric grid system, so even a business disruption will not disrupt power.
“Such separation allows us to continue to generate and transmit energy reliably, even in the event of disruption to other areas of the cooperative,” Haar says.
The COVID-19 pandemic brought an entirely new set of challenges for cooperatives, as employees began working remotely, and requiring remote access, Haar says.
“That meant we had to have more access to our system than we previously did, and that introduced a lot of challenges,” Haar says. But the challenge made the cooperatives more nimble and even identified better ways to operate.
What keeps Haar awake at night are visions of black swans, those unexpected events that cannot be anticipated. He points to large-scale blackouts in Ukraine’s power grid in 2015, caused by a cyberattack.
“I worry about those big unexpected things, which are entirely outside the cooperative’s control, but could still significantly impact the cooperative,” he says.
“You prepare to respond and be agile and deal with it,” he says.
Generation and transmission cooperatives also follow rules and guidance on how to structure and protect systems.
“The first NERC Critical Infrastructure Protection standards went into effect in 2008, and since then several new versions have added requirements and broadened the number of regulated entities and assets. These standards are enforced nationwide through recurring audits conducted by six regional entities. Noncompliance subjects utilities to potential million-dollar fines per day, per violation,” according to a story in the “Minnkota Current.”
The Critical Infrastructure Protection standards provide baseline security expectations for the electric industry, and is just one piece of the cybersecurity work by the electric cooperatives.
“The goal is to be a secure and highly effective reliable organization,” Haar says. “If we achieve that goal, we will also ensure we are compliant with NERC CIP.”
“We understand our core mission is to make sure the lights are on when you need the lights to be on. The work we are doing in the cybersecurity space is aimed entirely at helping support that,” Haar says. “We’re doing everything we can to ensure protection of our systems, so if the worst happens, the lights stay on.”