SEDC was established in 1976, and over the years, has evolved into a company that provides all the innovative software solutions a utility needs to do business every single day. These solutions include CIS- Customer Information System, FIS – Financial Information System, GIS- Geographical Information System, IVR – Integrated Voice Response, Mobile Workforce Management, Mobile Applications, Advanced Data Analytics and much more. More recently, SEDC added Cyber Resilience Initiative (CRI) to their growing line-up of products and services.
Over the last couple of years, the number of cyber-attacks has dramatically increased, and SEDC believes that the primary focus of cybersecurity risk is in the data. This is primarily because distribution utilities information systems hold data that is sensitive, not only customer, but also vendor and employee data.
Providing Solutions for Cyber Security
To address this growing concern, SEDC created a Cyber Resilience Initiative to address three critical areas: People, Process and Technology.
SEDC believes the weakest point in any utility is its people. If a utility employee opens an unrecognized email or attachment, a risk is automatically created. This is where SEDC steps in with the first line of defense by partnering with an industry leading education firm to enable their utility customers to train employees how to spot all types of on-line risks including recognizing phishing attacks, and potentially malicious websites. The training is conducted in the form of targeted video clips and webinars, and is offered to everyone in the utility including family members. Cyber Awareness Education(CAE) helps utility employees to quickly recognize the risks and understand the impact to the utility.
Every utility has a safety and risk mitigation program, and that program should also include a strong cybersecurity posture. To help its customers understand how to respond to cyber threats, SEDC created an Information Security Program Library (ISPL). The ISPL is a 160+ page collection of cyber policies, procedures and guidelines that the utility can customize to their needs and then provide to their board, senior staff and all employees. One area SEDC highlights is the Acceptable Use Policy. This policy helps every utility employee understand the risk associated with email, internet, social media, and technology itself in relation to protecting the utilities data systems.
The utility’s information technology (IT) infrastructure and network form the framework upon which mission critical systems operate, and the utility’s customer satisfaction is dependent upon a reliable and responsive network. A cyber incident could affect critical and fundamental systems from engineering and operations to accounting, billing, phones and internet. Managed Security Services (MSS) are a vital part and the systematic approach to manage the utility’s security needs, and provide functionality required by PCI DSS. A growing number of utilities are investing in Managed Security Services (MSS) technology systems designed to help them quickly detect incoming cyber threats. SEDC’s MSS system collects
data from servers, workstations, and connected devices in the network environment. This information is monitored 24 X 7 by a team of Security Analysts and correlated for early detection. With intrusion monitoring and detection systems, SEDC believes the time lag between a data breach and detection can be greatly reduced. Managed Security Services allows the utility to focus on what they do best – providing reliable services to their customers.
Dealing with Risks
Jacek Szamrej, SEDC’s VP of Cybersecurity commented, “The combination of education, process and technology helps us to know what to do when something happens, and to do it quickly. The attacks are coming more frequent, and they’re getting stronger every time with higher difficulty in accurate detection. Utilities have to be at their best to make sure they can spot these intrusions quickly. When the intrusions get by the best defenses, they need procedures to know how to quickly stand back up.”
CyberSecurity Today and in the Future
By following the people, process, and technology philosophy, SEDC is building a business improvement model that helps utilities deal with cyber risk by prioritizing and focusing on critical areas.
In the early phases SEDC faced numerous challenges including the build out of their Security Operation Center (SOC), and hiring qualified security operations analysts. Through all the challenges, RB Sloan, CEO, was committed to delivering the solutions and services. SEDC’s customers needed to build and maintain a strong cyber culture. The SOC is a secure facility comprised of highly sophisticated equipment and software systems, and the analysts who monitor the network traffic have very specialized skills. SEDC has overcome these early challenges and has excelled in delivering sophisticated cybersecurity tools so their customers can focus on the mission of providing reliable energy services.
Meet the CEO and Vice President
Riley B. “RB” Sloan, CEO stepped into SEDC in 2013 after spending nearly 30+ years of experience working in and managing both cooperatives and municipal utility providers. He is trained as an electrical engineer and has earned an MBA at Queens University in Charlotte, North Carolina, and served in the North Carolina legislature. Prior to joining SEDC, he served as CEO of Pedernales EMC in Johnson City, Texas, the largest electric co-op in the United States.
Jacek Szamrej is Vice President of Cybersecurity at SEDC. He received a Master of Science in Electrical and Electronics Engineering from the Warsaw University of Technology. With his vast experience in utility systems and operations, he is the driving force behind the innovative cybersecurity tools at SEDC.
“For nearly four decades, SEDC has been a leader in the development of innovative utility software solutions.”