This special interest group is a collective of human resources and talent folks in the power industry networking, sharing and learning from each another. 


Cybersecurity at Utilities: 2020

image credit: Image by Worcester Polytechnic Institute (, used with permission
Mike Ahern's picture
Director Worcester Polytechnic Institute

Mike Ahern leads WPI's Academic and Corporate Engagement Group.  Mike's focus areas include graduate education and professional development, especially in Electrical and Computer Engineering...

  • Member since 2016
  • 45 items added with 21,925 views
  • Apr 14, 2020

This item is part of the Cybersecurity for Utilities - Spring 2020 SPECIAL ISSUE, click here for more

WOW - COVID-19 shelter at home rules have sure increased our reliance on computer networks!

Utilities already depend on computer networks for business and operations.  With databases full of personally identifiable information (e.g. checking account information), utilities are an attractive target for hacker thieves.  Further, as operators of critical infrastructure, utilities are also attractive targets for potentially hostile nations seeking an advantage if there's a future conflict.  This part is not new.  What's new today is the massive increase in the use of the internet to work from home when possible.  This is likely to continue even after the world overcomes the novel corona virus.

Your access to Member Features is limited.

Working from home can introduce additional cybersecurity risk (e,g.loss of data).  To meet this increased cybersecurity risk, now is a good time to refresh people on basic cyber hygiene.  Leaders can remind people that most successful attacks start with phishing.  Employees should be alert to this risk and report potential phishing emails to network administrators so the originating IP address can be blocked.  Leaders should also make sure their organizations are up to date with software patches since attacker malware often exploits existing, unpatched vulnerabilities.  

These tactical actions are useful and important but the attackers will only get better so a lasting strategy is needed to reduce cyber risk over the long term.  In order for organizational defense to stay ahead of the attackers, I think utility organizations should strengthen their partnerships with educators.

- First, professional educators can help design training and professional development programs so that they produce lasting behavior changes. 

- Second, to build staff expertise in key disiciplines like computer and network security, utilties can continue to invest in their employee's education.  Many utilities have reimbursement programs; however, enhanced reimbursement can be targeted to successfully build critical skills.  

- Third, utilities should work to create and grow talent pipelines.  This can take the form of scholarships for service program where students are selected in return for a service commitment (like the U.S. Federal Government does).  Other forms include hosting seminars (e.g. pizza for students) to get to a dialogue with individual students about possible futures.

In any case, utilities will be better equiped to reduce cyber risks if they have educators on their team.



Matt Chester's picture
Matt Chester on Apr 14, 2020

Great points, Mike. Obviously on the technical side of cybersecurity, utilities (and all businesses) should have already been prepared and had protocols in place that would carry with them through the unexpected shift to working remotely. But the educational efforts can and likely should be ramped up these days as the weak links are so often the ones sitting in front of the monitor, not the hardware running it

Mike Ahern's picture
Thank Mike for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »