Are You Resilient? The Cyber Resilience Initiative Provides Resources and Services to Help You Strengthen Your Cyber Posture
At our annual user conference in June we officially launched our Cyber Resilience Initiative (CRI), a program that will help you develop your cybersecurity preparedness through education, guidance, and assistance. The CEOs and General Managers attending the CEO Summit in early August also learned about CRI and the benefits of becoming more cyber resilient. At both events, we discussed the three main pillars of CRI: People, Processes, and Technology. By addressing each pillar, your utility can build better defenses and reduce your risk for cyber attack.
People
The weakest link to a good cyber-secured culture in any organization is the people who work there. It’s too easy for a busy individual to not think twice before opening an email attachment from a stranger’s email address. It’s common for emails to contain links and for the recipient to click on the link without checking that it’s legitimate. It’s almost the norm for people to write their passwords on a sticky note and leave it on the desk! We’re just too trusting, and cyber criminals feed on our trust.
How do you change this? Through dedicated Cyber Awareness Education.
The CRI team has joined with KnowBe4, a well-known leader in security awareness training, to offer our utilities exceptional training resources at an exceptional price. By offering the training under the SEDC umbrella, we have been able to negotiate reduced pricing for KnowBe4’s most extensive level of training, bringing your utility’s cost down to $10.50 per user for an annual subscription that runs from September 1, 2016 through August 31, 2017. Your utility can subscribe at any time during that period, but of course you’ll get the most benefit by subscribing and getting started as close to September 1 as possible. We recently hosted webinars detailing the training service. If you weren’t able to attend those webinars, we encourage you to watch the informational video available on the Latest News page in Members Only or the Bridge entitled “Cyber Awareness Education Webinar.” For details on signing your utility up for Cyber Awareness Education, contact [email protected].
Processes
A crucial step in strengthening your defenses is to refine your processes. At UC2016, the CRI team introduced the Information Security Program Library (ISPL), a “living document” that contains a set of policies and procedures that SEDC utilities can implement and adapt to their specific needs as well as a PCI Starter Kit that will help you start the compliance process. The ISPL is available for download from Members Only or the Bridge, and we encourage each utility to use these policies and procedures as templates to develop your own cyber-secured culture. The ISPL will be updated periodically as best practices evolve to meet the ever-changing onslaught of cyber threats, and any updates will be announced and made available through the CRI section of the Bridge.
The ISPL also provides guidelines and forms you can use to develop your utility’s cybersecurity policies, but the job doesn’t end there. To develop a comprehensive cyber-secured culture that involves all departments and addresses a range of possible scenarios, your utility should create a committee from across the organization to work together on developing your policies and procedures. The ISPL is a roadmap showing you how form the committee, how to develop your policies, and even how to implement them. To learn more about this process, take a few minutes to watch the “How to Use the Information Security Program Library and PCI Starter Kit” video offered on the Latest News page in Members Only or the Bridge. If you have further questions, please contact [email protected].
Technology
Think of technology as your fortress. It’s your castle’s moat, drawbridge, and tower, and it provides your first line of defense when cyber criminals come calling. Through the Cyber Resilience Initiative, in early 2017 SEDC will be offering Managed Security Services (MSS) to monitor your network 24/7 and, if necessary, manage cyber incidents. SEDC has partnered with AlienVault, a well-known and highly respected developer of commercial solutions to manage cyber attacks. Our dedicated Security Operations Center (SOC) is run by highly skilled security analysts with specialized training centered on cybersecurity. Under the SEDC umbrella, we’re able to negotiate better rates and share the expenses across our entire participating customer base, so utilities can obtain the AlienVault software at a lower cost and take advantage of our dedicated SOC analysts at a fraction of the cost of independently hiring or contracting with these highly-priced specialists. The SOC is owned and managed by SEDC, but it operates separately from our corporate networks, ensuring that undivided attention is devoted to the security and oversite of the information and infrastructures crucial to your operations.
In addition to MSS, we are constantly researching and testing hardware components that can help secure your network. We currently are offering several Dell SonicWALL firewalls that can be a reliable first line of defense. If you’d like more information about the Dell SonicWALL firewalls, email our CRI team or contact our hardware sales team at [email protected] or 770-414-8400, Option 2, then Option 2 again.
As part of the UPN v37 software release cycle in 2017, we’ll be introducing additional technology solutions in the form of Point to Point Encryption (P2PE) and Tokenization. With P2PE, as soon as card data is entered, the information is encrypted. During the entire payment authorization transaction, the data is encrypted. When the final transaction information is stored in the SEDC payment gateway, the data is stored in a unique, equivalent “token” that cannot be exploited. Pricing for the P2PE program will be available late 2016/early 2017.
But please don’t wait for UPN v37 for encryption! P2PE is concerned with data in transit. You should be encrypting your entire database right now with Advanced Security, an inexpensive way to safeguard your SEDC databases in case of a data breach while still allowing complete operational access. Contact [email protected] to get Advanced Security installed at your utility.
For more information on any of the services, information, and assistance offered through the Cyber Resilience Initiative, please contact [email protected].
PCI DSS at Your Utility
New Contract Language to Address PCI Standards
During SEDC’s recent PCI audit for credit card processing, Sunera, a PCI Qualified Security Assessor, determined that SEDC’s credit card processing contract with our members was lacking language to address PCI standards. Effective immediately… Read Our PCI Update…
It’s Time to Get on the Bridge
The Bridge has officially launched! The “Members Only” section of our website is evolving, with the Bridge replacing Members Only by year end. Currently, we have migrated about half of our member utilities over to the Bridge, and we’re adding about 20 more utilities each week.
What’s Special about the Bridge?
Utility Site Admin. Each utility has an assigned site administrator who has the ability to create and remove their utility’s contacts in the Bridge, so users for your utility’s employees can be managed directly by your utility. Set up new users or remove users as needed.
Help Tickets. Your utility will be able to submit help tickets and then track ticket progress through the Bridge. When a help ticket is created, it’s sent directly to our support groups. You will receive updates on the case, and when a support representative updates the status of the ticket, you’ll automatically receive a notification. You can also opt in to receive notifications on items posted by SEDC support representatives in the Issue Forum, which is replacing the current “Customer Reported Issues” feature in Members Only.
Development Input. The Bridge is more than just a way to report and track issues; it’s a community centered around UPN users. Each utility will be able to submit development ideas and suggestions and open up dialog within the community about those ideas, allowing every utility to provide their own input and comments. Through “up and down” voting, each utility will be able to cast one up vote (“yes, we like this”) or one down vote (“no, this isn’t as important to us”) through their site admin. While the actual vote can only be cast by the Idea admin at each utility, we hope the process will encourage discussion both within the utility before votes are cast and between utilities through online comments during the voting process itself.
If your utility has not migrated over to the Bridge yet, contact Product Support and let them know you’re ready. For more details about the Bridge and the capabilities available to you once your utility is signed up, download the user conference presentation from the Documents page of the Members Only site.
Ribbon cutting ceremony for Tri-County EMC’s 4,200+ panel solar farm.
Solar Is Heating Up in Co-op Nation
“Community Solar” and “Cooperative Solar” Projects Are Popping Up Across the Country
According to the NRECA, member-owned electric co-ops have more than 550 megawatts of solar capacity either currently online or on the drawing board. Here in our home state of Georgia, the majority of co-ops offer a solar option to their consumers either through their own solar farm or through solar purchased as part of their wholesale power mix, and that trend is growing steadily across the country.
At our annual user conference in June, Monroe, Georgia-based Walton EMC took the stage to discuss their approach to providing a cooperative solar solution for their members. Their case study presentation provided excellent insight into many of the key considerations that shaped their cooperative solar project, from building the site to marketing the program to their members. Walton EMC’s project has been so successful that they are now developing a second site with twice the production capacity. Once complete, Walton expects their two solar sites to produce approximately 7 million kilowatt-hours of solar electricity per year. If you weren’t able to attend UC2016 and see their presentation first hand, you can watch it in the Latest News section of Members Only and the Bridge.
In July, Tri-County EMC in Gray, Georgia, commissioned their first solar farm project, a 1 megawatt site that will supply their new “ourSolar” program. The site is a joint effort between three companies, with Tri-County EMC providing the land, Georgia Power owning and maintaining the solar arrays, and United Renewable Energy LLC (URE) providing Engineering, Procurement and Construction services. On July 21, Tri-County EMC was joined by representatives from Georgia Power and URE for a ribbon cutting ceremony as they officially announced commercial operation of the site, which will generate over 2.1 million kilowatt hours per year from its 4,200+ solar panels. Watch their video to learn how they introduced ourSolar to their members with a “no risk, no rooftop” message.
Tri-County EMC’s new solar farm covers 10 acres adjacent to the utility’s district office in Putnam County, Georgia.
Solar Billing Options Made Simple
When Walton EMC first began internal discussions about offering a cooperative solar option to their members, they reached out to us about their billing options. Everyone agreed that offering a renewable option from their own solar farm was the right path to take, but they didn’t want the billing process to become a burden on their employees. Our design and development group sat down with Walton and discussed their needs and what they would ultimately like to be able to do with their solar billing.
What came out of those discussions is a series of Location Contracts that address the different scenarios the utility may offer their consumers. For example, one contract type allows for the consumer to purchase a percentage of the monthly output of the solar farm; another contract type bills the consumer based on the number of “blocks” of solar the consumer “purchases;” and a third contract type is based on the actual solar usage per panel.
If you’re planning a cooperative solar project in the near future, talk to Billing Product Support about the different billing options to see which will work best for your utility. Whether you plan to offer solar to traditional accounts only or to prepaid customers as well, we have a billing solution ready for you. If you weren’t able to attend our “Billing Program: Solar and Net Metering” class at the user conference, be sure to download the course presentation from the Documents page of Members Only or the Bridge for more information.
Welcome New Territory Managers
Long-Time SEDC Users Join our TM Team
We’re excited to welcome Aundrea Johnson and Curt Arulf to our Territory Managers team. Both Aundrea and Curt have utility backgrounds, and each has an extensive background with SEDC and our software.
Curt has spent the past 21 years in engineering and operations for Electric Membership Cooperatives, including 6 years using the SEDC software suite at Habersham EMC in northeast Georgia. While he hesitates to call himself an “expert” with either Consumer Accounting or General Accounting, his role in operations at Habersham required him to know both systems in order to keep things running smoothly. As a Territory Manager, Curt will get to help other utilities keep things running smoothly, which is exactly what he likes to do. “I enjoy working with co-op people and teaching them new ways to look at doing their work,” he says. “It’s great when they have an ‘A ha!’ moment.”
Aundrea also brings a wealth of utility knowledge to the Territory Manager position, having spent over 17 years with Holston Electric Cooperative in Tennessee. Her area of expertise is accounting, but her heart is in customer service, which is one reason she loves working with cooperatives. “The people are amazing,” she states. “I feel like I have friends and family at every utility I visit, because we’re all working toward the same goal – providing the best service possible to our members.”
Loading up the van with donations from SEDC, Futura, and Arista employees.
We All Hurt When Disaster Strikes
DEMCO Employees Hit Hard by Louisiana Flooding
To hear people in Louisiana comparing their recent flooding with the aftermath of Hurricane Katrina puts the impact of the disaster in perspective. While the area didn’t have to deal with the utter devastation of a hurricane, the amount of flooding and the extent of the flood damage is something that Louisiana hasn’t had to deal with in a decade.
Jody Picou, a Louisiana native who joined Futura Systems after 8 years with DEMCO, hurt for his friends and former coworkers, so he “passed the hat” around the office, asking what we could do to help. We sent him to Baton Rouge with a van filled with food, water, cleaning supplies, paper goods, and even a couple of child car seats!
But the biggest help has come from other cooperatives in neighboring communities. Like they did following Hurricane Katrina, the co-ops of Louisiana have once again come together to help their neighbors, and the outpouring of support and assistance has been uplifting. Our hats are off to each of those co-ops.
For employees at DEMCO and the other Louisiana cooperatives impacted by the flooding, recovery will be slow. Many of them were completely flooded out of their homes, and yet they’re still focusing on restoring services to their members. To help out, the Association of Louisiana Electric Cooperatives has activated their Hurricane Relief Fund to assist employees who have been displaced from their homes. If you or your utility would like to donate to the fund, checks should be made to “ALEC Hurricane Relief Fund” and sent to ALEC, 10725 Airline Highway, Baton Rouge, LA 70816.
Member Enrichment Meetings Begin Next Week
Attend Your Meeting in Conjunction with the NRECA Region Meetings
If you’re attending your area’s NRECA Region Meeting over the next several weeks, be sure to also attend your SEDC Member Enrichment Meeting. The Enrichment Meetings are held on the Registration/Director Education Day immediately preceding the Region Meeting, from 4:00 – 5:30 PM. If you’ll be attending your Enrichment Meeting, please take a moment to register and let us know how many will be attending from your co-op.
Ask your Regional Business Manager or Territory Manager for more details.
Required Operating System Upgrade for Our Remote Payment Terminals
Upgrade Terminals to Windows 10; Windows Vista End of Support Just a Few Months Away
Microsoft’s extended support end date for the Windows Vista operating system ends on April 11, 2017. SEDC has now certified Windows 10 for our Remote Payment Terminals, and customers with compatible hardware should plan to field upgrade their existing terminals to Windows 10 prior to April 11, 2017.
- For those utilities currently using the Dell OptiPlex 7010 and 9020 models, Technical Services has a field upgrade package with the convenience of “plug and play” OS installation directly from a USB flash drive. The field upgrade fee for each terminal is $500.00. For a field upgrade quotation, please contact our hardware sales team.
- Older Dell OptiPlex models 755/780/790 are not compatible with Windows 10 and will need to be replaced with compatible hardware. For a quotation, please contact our hardware sales team.
UPN v37 Nearing the End of Development; Beta Release Planned for First Quarter 2017
Major Development Initiatives to Be Included in Next General Release
Our next major software release, UPN v37, will begin going to Beta sites in early 2017. Over the next couple of months we’ll be finalizing development on several large projects across both Consumer Accounting and General Accounting. Here are just a few of the new development projects you’ll see in UPN v37…
Consumer Accounting
UPN v37 will introduce Point to Point Encryption (P2PE) and Tokenization for card payment transactions. This is a major advancement in card transaction security that not only encrypts data from the point of card number entry, but that also replaces the transaction information with a unique token in SEDC’s secure payment gateway. By combining P2PE with tokenization, you’re providing an extra layer of data security over and above EMV chip technology security and potentially reducing your PCI scope. We will introduce P2PE and Tokenization first in the cash register and in UPN Inquiry, expanding to other payment channels in subsequent service packs and general releases.
Billing Managers everywhere will cheer the new Interactive Pre-Bill Edit functionality coming in UPN v37. The “interactive” portion means that you will no longer have to continually re-run your pre-bill edit and search through the report for line items that need attention. The pre-bill edit will display on your screen, and you can check off the records you’ve addressed and then filter out the items you don’t need to see any longer, reducing the “clutter” of the report and increasing your ability to accurately address issues as they’re found.
If your utility offers an Energy Assistance Program and you currently keep track of pledges for assistance in a spreadsheet, you’ll be happy to see UPN v37! Our new Pledge System will help you track energy assistance pledges without the headache of manual spreadsheets.
Work Management and Mobile Workforce Management will introduce a new integration channel that will help your field crews help your office crews! This integration will speed the flow of information about work requests, making it easier for inside and outside crews to keep up to date and serve your consumers more efficiently.
General Accounting
Work Management will also introduce a new integration channel for real time updates with Futura Systems, completing the circle of communication across all departments with all the information available for work requests.
The Accounts Payable System will see a lot of enhancements and new features, from updates to the way taxes are handled, to improvements in the way you enter, retrieve, and view data for invoices, receiving tickets, purchase orders, and vendors.
UPN v37 will introduce a new budget planning and forecasting system to help you in budget preparation, minimizing or even eliminating the amount of work done outside of UPN during your budget process.
For those utilities using a third party human resources application, the new HR Integration may be an option to eliminate duplicate work. With our new Web API, UPN will be able to send and receive employee information to and from a third party integration vendor. As you can imagine, this may take some fine tuning based on the vendor. Currently, there is no “industry standard” among HR software providers that defines their integration capabilities. Our integration model will look to form that standard for the providers with whom we integrate. If you already work with a specific HR vendor, please let Accounting Product Support know so we can investigate integration possibilities with that vendor’s software package.
Press Release: Futura Systems Introduces New Indigo Platform, Shapes the Future of Utility Operations Management
New tool offers powerful, personalized platform for planning, interacting, and executing utility workflows
At Futura Systems’ annual user conference in July, the innovative software company continued to demonstrate why they’re an award-winning solutions provider with their introduction of the seamless software tool Indigo. Indigo is an all-encompassing operations management tool for the entire utility, integrating GIS and Asset Management, Staking and ProjectTracker, CatalystIQ, and FieldPro. Futura’s COO Adam Dinges explains, “It’s a place where you can interact with assets, projects, inspections, service orders, and CatalystIQ. A single source page where you can go to interact with all the tools you’ve used for years, but now see them in one profile-driven website.”