111 A SPIRIT OF INNOVATION CHAPTER FIVE PROTECTING AGAINST CYBERATTACKS Email Server Migration Failure. The subject line of the email was a bit confusing — but if it comes from an IT department, that’s to be expected, right? The email purportedly came from IT@nisc.co-op, which advised that the IT department “encountered an error with several email accounts.” But it reassuringly added, “We attempted to resolve this problem and believe we have fixed it. If your email has been working just fine, please let us know by going to this secure website and validate your email is working.” Busted! If you clicked on that link, there was a pop-up message saying you fell for a simulated phishing attack. If it had been real, your computer could have been compromised. The telltale clue: IT@nisc.co-op is a fake email address. Simulated phishing emails provide an opportunity for NISC’s cybersecurity team to educate employees. They are just one part of an extensivestrategyforprotectingNISC’snetworkandMemberandemployee data. NISC also provides a product called Cybersecurity Services™ to help Members protect the nation’s electric grid and telecom system. Employee education and training, offered to Members as CyberAcademy, raises awareness as cyber- attacks escalate worldwide. That includes simulated phishing tests. “Users are the first line of defense, but they’re also the weakest link in the defense. If one user clicks on something they’re not supposed to, that can compromise the system,” says Jeff Nelson, NISC General Counsel and Vice President of Information Security and Risk Management. Having a full spectrum of cybersecurity is crucial. NISC’s Cyber- Defense provides a managed firewall — a block against intrusion. CyberProtect identifies and blocks viruses that somehow penetrate the firewall. CyberScan constantly looks for network vulnerabilities — such as software that hasn’t been updated — so they can be fixed. CyberDetect looks for suspicious patterns of activity. For example, if someone logs onto a computer in Mandan, but at the same time is logged in from Phoenix, Arizona, that would create an alert of suspicious activity. Each element is important to preventing cyberattacks, says Bill Heinzen, Lead Information Security Consultant. “We have to make our proactive defenses as good as possible, but our reactive defense has to be just as good,” he says. “If we’re compromised, we need to know about it.” NISC provides other protections as well. The Cooperative Cloud stores data on servers controlled by NISC — not a third-party vendor — and encrypts sensitive information. “It was important to secure the data and be in control of where the data resides,” says Andrew Cooper, Technical Systems Engineer. The result: Comprehensive prevention against the ever-growing threat of cyberattack. Andrew Dubiel (left) and Jared Martin, members of the NISC cybersecurity team, review a map of cyber threats occurring around the world. NISC utilizes and provides a wide array of cybersecurity tools to its Members.