The US National Rural Electric Cooperative Association (Nreca) has secured a US $4m grant from the Department of Energy (DOE) for a cybersecurity programme, as the cyberthreat against the industry increases.
Project Guardian, a four-year project authorised under the Infrastructure Investment and Jobs Act as part of the Rural and Municipal Utility Cybersecurity (RMUC) Program, will give Nreca’s 900 member co-ops new tools to detect, respond to and recover from cyber threats and attacks.
It will focus on four key areas: self-assessment, threat analysis, cyber champions and workforce development.
Nreca will revamp its cybersecurity self-assessment programme to help co-ops identify vulnerabilities and develop incident response plans, helping co-ops develop incident response plans and incorporate tailored cybersecurity tabletop exercises in their planning.
The apex’s Threat Analysis Center will disseminate programme content to the electric co-ops, including tabletop exercises, guidelines, on-ramp guides for TAC usage, threat advisories and other critical information, while regional “cyber champions” will be trained to amplify cybersecurity messaging and facilitate coordination during attacks.
Related: 60 US credit unions suffer outages after ransomware attack
The Project Guardian team will also work with the DOE’s National Laboratories to catalogue cybersecurity job roles and descriptions aligned with industry needs, helping co-ops secure and retain a robust cybersecurity workforce.
Nreca CEO Jim Matheson said: “As cyber threats evolve, so must electric co-op efforts to protect against them. Project Guardian will accelerate ongoing electric co-operative cybersecurity collaboration and, in partnership with DOE, help protect the electric grid from increasingly sophisticated cybersecurity threats and attacks.”
The announcement comes just over a year after Nreca launched its Essence service, an operations technology and cybersecurity monitoring solution that continuously monitors the operation of electric grids and other operational networks and instantly alerts operators to both physical and cyber anomalies.
