Podcast: Episode #26 - Terence Gill & Roger Simmons: Bringing Texas Utilities Together to Strengthen The Grid Through Collaboration

Terence's vast experience of 26 years encompasses the creation of monumental systems for powerhouses such as Lockheed Martin and BNY Mellon. In his current role, he collaborates closely with Roger and others to fortify Texas's cybersecurity framework, a critical initiative given today's digital climate. Roger's contributions to the cybersecurity landscape are equally notable. With an illustrious 18-year career, he's been at the forefront of defining the U.S. Department of Defense's cyber workforce parameters, showcasing his deep expertise and commitment to the field.

Texas Cybersecurity Outreach Program

Roger and Terence have become central figures in the Texas Cybersecurity Outreach Program, thanks to their wealth of experience. This program originates from Texas Senate Bill 936, which was passed in 2020. Recognizing the urgency for a cohesive collaboration, the Texas State Legislature empowered the Public Utility Commission to unify utilities throughout the state for better cybersecurity measures. Once Paragon Systems was awarded the contract in March 2020, Roger and Terence assumed pivotal roles in its execution.

New to Texas, they faced the formidable challenge of rallying utilities behind this innovative program and fostering trust. With resilience, and backed by the Public Utility Commission, they successfully on-boarded an array of utilities, spanning from investor-owned businesses to river authorities.

A distinctive element of the Outreach Program is its focus on Texas-specific challenges. Although other groups like ERCOT and E-ISAC operate, this program carves a unique space for Texas utilities, enhancing its significance in the cybersecurity arena.

Terence and Roger underline the importance of open communication within the program. They've strived to create an environment where utilities can transparently share their concerns. The program initially had to assure utilities of the confidentiality of shared information, emphasizing the importance of mutual trust and collaboration.

Pivoting based on feedback, Terence partners with a spectrum of experts to address the utilities' challenges, fostering a collaborative and educational environment. The emphasis is also on actionable strategies, as Roger recounted the success of virtual tabletop exercises that culminated in an in-person event at Texas A&M.

Both Roger and Terence praise the unique nature of the program, a government-backed initiative that underscores the crucial role of cybersecurity in Texas's electric utilities sector.

Cybersecurity Focuses: Strengthening Grid Resilience

For Roger, the cornerstones of solid cybersecurity lie in understanding and managing one's assets. Much like any industry, when it comes to the electric grid, one needs to be aware of the systems in place, their functions, and any unintended usage scenarios. This knowledge forms the foundation for a robust cybersecurity protocol. This year, the program's emphasis is on fostering comprehensive asset management.

Asset Management: Getting it Right

Roger and Terence laid out some insightful steps for approaching proper asset management:

1. Inward Reflection: Before delving into external solutions, understanding the organization's inventory is pivotal. This introspection involves assessing what systems are in place, their purpose, and possibly unintended use scenarios.
2. Break Down the Task: Roger emphasizes dividing the task into manageable sections, allowing for more efficient asset management. This way, rather than getting overwhelmed by the bigger picture, organizations can focus on prioritized sections, making the process more digestible.
3. Resource Allocation and Playbooks: Providing detailed steps, resources, and actionable strategies can aid in building asset management from the ground up. Furthermore, integrating asset management into incident response plans ensures that during a crisis, organizations can efficiently pinpoint and manage vulnerabilities.
4. Executive Buy-in: Terence highlights a crucial challenge many organizations face: securing commitment from top-level management for asset management initiatives. Without the C-suite's support, the necessary resources and attention may be lacking, leaving organizations vulnerable to threats.
5. Personnel as Assets: A novel idea that Roger introduces is viewing personnel as assets. Instead of solely focusing on systems and software, understanding the critical personnel responsible for these systems is vital. Recognizing the importance of these personnel in managing assets during a crisis and day-to-day operations can illuminate potential vulnerabilities.
6. Translating Technical Needs to Executives: One of the most pressing challenges is conveying the importance and intricacies of asset management to non-technical stakeholders. Creating an understanding of the risks and needs can pave the way for securing the required resources. In essence, for organizations, asset management isn't just about tallying up systems but understanding their intricate web, its management, and ensuring that all stakeholders, from the technical team to top-tier executives, are on the same page. The goal is clear: protect the organization from potential threats while ensuring optimal operation.
   

Getting Involved The Texas Cybersecurity Outreach Program

For those interested in joining the Texas Cybersecurity Outreach Program, you can contact Terence and Roger. Learn more or join by visiting https://dir.texas.gov/cybersecurity-outreach. Everyone in the area is encouraged to participate. Active engagement in security meetings, tabletop exercises, and training sessions is highly recommended. A distinguishing feature of this program is its dedication to continuous learning, ensuring that participants are always updated on the latest in cybersecurity.

Be sure to listen to the full podcast episode to get the full extent of Terence’s and Roger’s insights, straight from the source! It can be found here: https://podcasts.apple.com/us/podcast/the-protect-ot-cybersecurity-podcast/id1662081824?i=1000622507497.