The American Public Power Association has been awarded a $4 million grant from the Department of Energy through a cooperative agreement that APPA will use to help its member utilities bolster their cybersecurity defenses.
The cooperative agreement is with the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and funded by the Rural and Municipal Utility Cybersecurity (RMUC) Program. The RMUC program was established by the Infrastructure Investment and Jobs Act of 2021 to help electric cooperative, public power, and small investor-owned utilities protect against, detect, respond to, and recover from cybersecurity threats, and to increase their participation in cybersecurity threat information sharing programs.
“Cybersecurity remains front of mind for the public power community, regardless of the size of our member utilities,” said Scott Corwin, President and CEO of APPA.
“This agreement with DOE will help bolster the cybersecurity defenses of our members and is the latest example of successful collaboration between APPA, its members and the federal government,” he said.
As part of the RMUC program, the agreement focuses mostly on providing resources for small, resource-limited APPA member utilities (under 4,000 meters), including assessments and training, improving utility cyber incident response capabilities, increasing public power utility participation in information sharing and incident response organizations and developing new resources for members, such as guidebooks, training courses, and events.
This program is part of APPA’s ongoing efforts with the National Energy Technology Laboratory and CESER to improve the cybersecurity posture of its members, including existing cooperative agreements to deploy operational technology cybersecurity solutions.
This agreement focuses on providing opportunities and resources for eligible public power entities that have limited cybersecurity resources, own assets critical to the bulk power system, or serve military installations.
APPA will coordinate with state, local, tribal, and territorial eligible entities that own and operate electric utilities, as well as with joint action agencies.
Under this cooperative agreement, APPA will work to:
- Evaluate member cybersecurity capabilities and needs;
- Explore innovative training techniques and cybersecurity practice methods;
- Enhance internal capacity for cybersecurity and incident response;
- Increase participation in information sharing programs;
- Improve member cybersecurity incident preparedness and response knowledge and posture
Over the four-year program performance period, APPA will evaluate public power cybersecurity maturity, facilitate and support communities of practice such as the APPA Cybersecurity Defense Community, evaluate public power cybersecurity assessment, policy, and training opportunities and build capacity in the community by enhancing preparedness and response capabilities.
“Cybersecurity continues to be one of Public Power’s greatest threats,” said David Osburn, OMPA General Manager and APPA Board Chairman. “Grant opportunities like this are vital in assisting Public Power in our ongoing fight against cybercrimes. This is a great opportunity for the APPA membership to improve Public Power’s cybersecurity defenses, and I personally would like to encourage the membership to take advantage of this funding opportunity.”
“Hackers threaten the US power grid and critical infrastructure on a daily basis, and unfortunately many smaller utilities are still unprepared due to funding challenges and not having the internal resources to devote to this complex issue,” said Brian Chandler, General Manager for the City of Troy Utilities in Alabama.
“Through the diligent efforts of APPA staff, they were able to obtain yet another cooperative agreement for cyber security from the Department of Energy. This agreement will be very helpful for smaller APPA members who struggle with proper cyber security posture and resources,” he said.
“We have participated in previous agreements through APPA, and the benefits have been tremendous for us. We look forward to being involved in this latest DOE agreement as well,” Chandler said.
“Having strong cyber security programs is essential for any utility operating in today’s digital age and can be challenging for smaller members with limited resources and budget,” said Tom Kent, President and CEO of Nebraska Public Power District.
Along with his role at NPPD, Kent also serves as the APPA co-chair of the Electricity Subsector Coordinating Council.
“With the electric sector continuing to be in the bullseye for advanced persistent threat actors and others, this RMUC grant will provide another avenue to support APPA’s members who need additional help to put best practices in place to defend the nation’s electric grid,” he said.
"Cybersecurity stands as a paramount concern in our industry, escalating in significance with each passing day,” said Nick Lawler, P.E., General Manager of Massachusetts public power utility Littleton Electric Light and Water Departments.
“As the General Manager overseeing a medium-sized Municipal Light Plant, I confront numerous challenges, and safeguarding against cyber threats is undeniably among them,” he noted.
"Operating without an in-house IT team, we lean on Managed Service Providers and fellow professionals to navigate this peril,” Lawler said.
He noted that Littleton Electric Light and Water Departments has fortified its network with OT sensors, "expertly managed by Dragos, fortifying our defenses against external threats. Acknowledging that our efforts in this realm are ongoing, we remain steadfastly vigilant against cyber adversaries."
DOE and APPA's cybersecurity efforts offer reassurance, "allowing us all to rest a bit easier at night."
Along with his role at Littleton Electric Light and Water Departments, Lawler also serves on APPA’s Board of Directors and is APPA Board of Directors Chair-Elect.
For more information, please contact Chris Ching, Cybersecurity Specialist at APPA, at cching@publicpower.org.
