ELECTRIC, GAS,& WATER UTILITY CYBERSECURITY MATTERS NOW MORE THAN EVER

CENTRAL ALABAMA ELECTRIC COOPERATIVE

ARE YOU PROTECTING THE BIGGEST MACHINE ON THE PLANET — OUR ELECTRIC, GAS, AND WATER INFRASTRUCTURE — WITH BEST-IN-CLASS CYBERSECURITY FOR ITS NETWORKS, APPLICATIONS, AND DATA? RAPID THREAT DETECTION & RAPID INCIDENT RESPONSEImmediately detecting and automatically isolating cyber threats saves utility personnel precious time. Central Alabama Electric Cooperative (CAEC) and a growing number of other utilities selected SEDC’s Managed Security Services (MSS) for plenty of reasons.

CYBERSECURITY FOR MORE DYNAMIC & DEMANDING GRID OPERATIONSThe utility cybersecurity landscape is an ever-changing one. Utilities have to deal with more demanding consumer-members, savvier hackers, and with everyone having more data at their fingertips. As Greg Gray, VP of Technical Services at SEDC, says, “Utilities are running leaner and smarter, while dealing with a more dynamic cybersecurity landscape. SEDC will continue providing innovative and best-in-class MSS offerings, just as we’ve been innovating and leading with our enterprise software to utilities for more than 40 years.”

CAEC became a subscriber to SEDC’s MSS shortly after SEDC formed its partnership with AT&T Cybersecurity in 2015. Scott Lee, the Director of Information Systems at CAEC, says, “We selected a team of leaders, a team that combines SEDC’s utility enterprise software know-how and MSS expertise with the top-rated network and enabling technology of AT&T Cybersecurity.” CAEC was very pleased with how well SEDC’s MSS recently prevented a potential cyber intrusion, and how SEDC’s dedicated Security Operations Center (SOC) team quickly helped locate its source.

HOW SEDC’S MSS THREAT DETECTION & INCIDENT RESPONSE TOOLS SAVE YOU PRECIOUS TIMEBeyond the huge time savings you get with cyber intrusion avoidance, on-going time savings come with SEDC’s centralizing of data associated with threat detection and incident response. SEDC MSS rely on the proven depth and strength of the AT&T Cybersecurity platform.

As Gray says, “AT&T Cybersecurity’s technology, including USM Anywhere, is particularly exciting since the platform monitors all of a utility’s on-premise and cloud-based assets.” The platform also supports integrations with popular firewall vendors, including SonicWall, Palo Alto Networks, and Fortinet. SEDC is also a Carbon Black Partner and when a utility combines SEDC MSS powered by the USM platform with Carbon Black they can automatically isolate infected endpoints whenever the SEDC MSS detects a threat.

HOW QUICK RESPONSE FROM SEDC’S MSS HELPED CAEC LEARN A KEY CYBERSECURITY LESSONA contractor working in a remote server room at CAEC triggered a cybersecurity alert, when they tried to send an email to a co-worker using their PC. The SEDC Security Operation Center (SOC) notified Scott Lee, Director of Information Systems at CAEC, about suspicious traffic on their network. Lee says, “SEDC gave us the machine’s IP address and MAC address. After some sleuthing we located it at a remote site.” Charles Solomon, Manager of Information Systems at CAEC, says, “SEDC notified us about the malicious traffic right away. They helped us track it down before any harm was done.” Soon, Lee and Solomon were on the phone with the contractor, who was very apologetic. Formal debriefs and process-related documentation followed. And CAEC put stronger preventive measures in place.

Now, CAEC issues laptops to vendors who come on-site, and blocks and flags unauthorized machines trying to gain network access. Charles Solomon, the Manager of Information Systems at CAEC, says, “It involved an honest mistake but it could have had serious impacts if SEDC hadn’t instantly detected it and helped us locate the source.” Lee says they are all grateful for the improvements prompted by the event, and looking on the lighter side of it, he says, “The contractor got a free virus scan!”

DO YOU HAVE AN AROUND-THE-CLOCK SECURITY TEAM?Through the partnership with AT&T Cybersecurity, SEDC offers the following Managed Security System services:

Asset Discovery Finds all your network assets before the cyber criminals do.

Vulnerability Assessment Identifies your “At-Risk” network systems.

Intrusion Detection Pinpoints suspicious behavior & potentially exposed systems.

Security Information & Event Management (SIEM) Detects abnormalities and takes appropriate action.

Log Management Compares and analyzes security event data across your network.

SMARTER UTILITIES NEED SMARTER SECURITYHow can utilities ensure they’re taking the right cybersecurity steps? It is helpful to view how different cybersecurity vulnerabilities are associated with different trends in the utility industry.

UTILITY INDUSTRY TREND EXAMPLES RELATED UTILITY CYBERSECURITY ISSUES

Moving from a centralized grid to a more dynamic and data-driven decentralized grid

• Rooftop Solar• Electric Vehicles• Energy Storage• Wind & Utility-Owned Central

Solar

• New communications and control systems add new nodes for attack

• Damage from breaches increases when more real-time data is needed to operate and maintain grid reliability

New service offerings and deeper engagement with utility consumer/members

• Connected Home• Alexa / Google Assistant• Home Energy Networks• NEST Thermostats • Mobile Apps (e.g. Pre-pay,

outage)• Real-time pricing / Demand

Response• Closer customer engagement

via text, voicemail, email alerts, etc.

• Higher expectations of 24/7 connected customers will drive need for 100% network uptime for utility apps

• Breaches of customer financial and usage data expose utilities to greater liability and reputational losses

• The ongoing growth in the use of social media continues to increase the extent of potential damage to a utility’s reputation if it suffers a cybersecurity breach

Cloud-based applications and cloud-based data

• Amazon Web Services, Azure, Snowflake, G-Suite, Office 365, OneDrive, etc.

• Big Data and Advanced Analytics

• New platforms create new vulnerabilities which must be addressed with the right cybersecurity tools

• Monitoring network traffic both on premise and in the cloud require ongoing updates and the best tools, policies, and training to ensure a cyber-aware culture

WHAT CYBERSECURITY QUESTIONS IS YOUR UTILITY ASKING?Does your utility have a cloud-based backup network system? SEDC’s feet are on the ground, but our vision extends to the cloud, and provides concrete benefits today.

Do you have all the high-availability, redundancy and security your utility’s applications and data need? SEDC has a fully redundant, federated server in the cloud with Amazon Web Services, for high-availability, backup,

and security.

Do you have an around-the-clock security team? If not, consider SEDC’s MSS for 24/7/365 monitoring of your network and infrastructure from our dedicated Security Operations Center (SOC).

Can I use SEDC’s MSS as a stand-alone product?

SEDC’s MSS is available to non-SEDC utilities and SEDC’s MSS protects all of a utility’s applications, data, network and IT infrastructure, not just the SEDC enterprise solutions.

Will you make SEDC MSS an extension of your utility’s security operations? Your turn to answer!

ABOUT SEDCFor over four decades, SEDC has been a leader in the development of innovative utility software solutions. We’re committed to providing our users with CIS/Billing, Accounting, Engineering and Operations applications configured to meet their needs. Our all-in-one solutions are cost-effective and customizable – and backed by our team of expert designers and dedicated support staff that is second to none in terms of developing cutting-edge technologies and building lasting relationships.

ABOUT AT&T CYBERSECURITYTo learn more about AT&T Cybersecurity, please visit www.att.com/security

CONTACT USEmail us at CRI@sedata.com.

SEDATA.COM