There is no denying that cybersecurity is a critical issue facing our country. This past year, we saw threats increase in frequency, scale and sophistication and bad actors’ relentlessness to exploit the global COVID-19 pandemic.
As an essential service provider and one of the largest grid operators, we recognize with great responsibility comes increased risk, so we remain laser-focused on protecting our teammates, assets and operations from cyber events. That remains job one for our cybersecurity team as we continue to modernize our grid and accelerate digital transformation across our company.
Duke Energy’s risk mitigation strategy is concentrated in three core areas: partnership and information sharing, multilayered defense approach, and robust physical and cyber security standards.
Duke Energy routinely collaborates and coordinates with peer utilities, industry partners, government agencies and security organizations to share intelligence, lessons learned and best practices.
On defense, the company has an incident response team and highly skilled cyber and physical security professionals devoted to this mission 24 hours a day. The cross-functional team identifies and mitigates security incidents and engages organizations across the company as well as local, state and federal agencies to respond quickly. And recognizing our job is never done, we continue to modernize our cyber defense tools and processes, including the implementation of advanced security measures for the operational technology found in our substations, power plants and grid modernization initiatives.
Lastly, the electric, nuclear power and natural gas sectors adhere to a range of mandatory regulations as well as enforceable cybersecurity standards and voluntary guidelines. But we go beyond what is required – we’re focused on exceeding these standards. To ensure we are adequately prepared to identify, protect, detect, respond and recover from the increasing threats to our critical infrastructure, we conduct multiple drills each year to test incident response plans and ensure employees understand their roles.
The company has a dedicated cybersecurity awareness team focused on educating employees on increasing threats – employing sophisticated test phishing emails, conducting annual cyber responsibility training, and creating seminars and video resources. All of this helps ensure that Duke Energy plays a leading role in the security of our nation’s grid and energy infrastructure.