Joe Trentacosta not only encourages a hack into Southern Maryland Electric Cooperative’s computer network—the co-op foots the bill for it.
And other co-ops would do well to follow suit, said Trentacosta, senior vice president and chief information officer at the Hughesville, Md.-based co-op.
That’s because a well-executed hack by a co-op contractor can expose system weaknesses before bad guys exploit them, he said during a presentation at the Regions 1 & 4 meeting.
“We get a third-party organization and we hire them to try to penetrate our network from the outside. They simulate what a hacker would do to get into our network,” said Trentacosta. “They give us a report that says, ‘Here’s where you can make some improvements on the network.’ ”
If that sounds proactive, it’s because imagination and activism are important tools in the war against never-ending permutations of cyber crime, according to Trentcosta and Barry Lawson, associate director, power delivery and reliability at NRECA.
During the Sept. 9 session on “Why Cyber Security Should Be on Your Board Agenda,” Lawson told participants they need to understand cyber crime isn’t just about a massive attack that brings the electric grid to its knees.
That kind of event is far less likely to occur than a robotic troll through the Internet that searches for security vulnerabilities to wring personal and financial information from a co-op, he said.
It’s often simply a money thing, Lawson said—the going rate for a credit card number or Social Security number on the black market is $20 to $40.
“Small and rural doesn’t exclude you,” Lawson said. “We’re all vulnerable. The question is what do we do about it?”
In addition to simulating a hack, Trentacosta had other suggestions for co-ops, based on SMECO’s information security program.
The co-op’s security compliance director speaks at least once a year at the annual safety meeting to keep the issue on the front burner. Computer-based training for employees on security issues also is a regular feature, he said.
Pay special attention to tablets and smartphones, since employees and members increasingly use them to access co-op computer systems. “You have to have a policy that addresses these devices,” Trentacosta said.