When a Computer Hack is a Good Thing at Your Co-op

Joe Trentacosta not only encourages a hack into Southern Maryland Electric Cooperative’s computer network—the co-op foots the bill for it.

And other co-ops would do well to follow suit, said Trentacosta, senior vice president and chief information officer at the Hughesville, Md.-based co-op.

That’s because a well-executed hack by a co-op contractor can expose system weaknesses before bad guys exploit them, he said during a presentation at the Regions 1 & 4 meeting.

“We get a third-party organization and we hire them to try to penetrate our network from the outside. They simulate what a hacker would do to get into our network,” said Trentacosta. “They give us a report that says, ‘Here’s where you can make some improvements on the network.’ ”

If that sounds proactive, it’s because imagination and activism are important tools in the war against never-ending permutations of cyber crime, according to Trentcosta and Barry Lawson, associate director, power delivery and reliability at NRECA.

During the Sept. 9 session on “Why Cyber Security Should Be on Your Board Agenda,” Lawson told participants they need to understand cyber crime isn’t just about a massive attack that brings the electric grid to its knees.

That kind of event is far less likely to occur than a robotic troll through the Internet that searches for security vulnerabilities to wring personal and financial information from a co-op, he said.

It’s often simply a money thing, Lawson said—the going rate for a credit card number or Social Security number on the black market is $20 to $40.

“Small and rural doesn’t exclude you,” Lawson said. “We’re all vulnerable. The question is what do we do about it?”

In addition to simulating a hack, Trentacosta had other suggestions for co-ops, based on SMECO’s information security program.

The co-op’s security compliance director speaks at least once a year at the annual safety meeting to keep the issue on the front burner. Computer-based training for employees on security issues also is a regular feature, he said.

Pay special attention to tablets and smartphones, since employees and members increasingly use them to access co-op computer systems. “You have to have a policy that addresses these devices,” Trentacosta said.

Source: http://www.ect.coop/editors-pick/when-a-computer-hack-is-a-good-thing-at-your-co-op/85056

. . . . . . . .

Leave a Reply