Cybersecurity – safeguarding and protecting customer data and operational control – has become an increasingly important issue facing the nation’s utilities. At PG&E, the company’s Enterprise Technology Risk Management team, led by Chief Information Security Officer Jamey Sample, works vigilantly to ensure this.
“We are dealing with very dynamic threats and sophisticated adversaries,” said Sample. “We continue to enact proactive measures to ensure PG&E can successfully execute its mission of safe, reliable, and affordable gas and electric services.”
Sample’s boss, PG&E Chief Information Officer Karen Austin, acknowledges the importance of this issue.
“Cyber-attacks are a real and serious threat,” said Austin, who also is a PG&E senior vice president. “I’m proud to say that PG&E is taking aggressive and proactive measures to prevent a potential cyber-attack. We are positioning our company to be resilient enough to quickly recover should our systems go down for any reason.”
Recent media reports on threats to utilities from hackers have painted a picture of an unprepared industry. In Sample’s view, that is not the case.
“This is a very serious matter to our industry and we collaborate very closely. At PG&E, we have significantly increased our investment in cybersecurity over the last several years and we coordinate more than ever with peer utilities, federal, and state agencies,” he said.
Due to the nature of cybersecurity, PG&E can’t talk about many of its specific actions. Sample did note that the utility considers cybersecurity as it rolls out new technologies and selects the equipment that employees will use. And, in a recent note to all PG&E employees, Austin stressed the importance of vigilance.
She wrote, “Our team of highly specialized security and industry experts is constantly monitoring national security intelligence for new threats, keeping a close eye on our systems and conducting ongoing tests to identify security gaps. However, we cannot protect our systems and our customers without each of you helping.”
She praised the efforts being made by PG&E’s employees, but offered these words of caution:
“These criminals are smart and adaptive. They know that targeting individual employees is the best way to attack our systems.” She then provided a list of specific suggestions – from securing physical assets and not sharing ID badges and passwords to showing caution when opening unfamiliar emails and not using unauthorized USBs – to help employees keep secure.
As PG&E continues to expand its efforts, it will add employees who specialize in cybersecurity. On the careers section of www.pge.com, as an example, there’s an opening for a Penetration Tester to work in the company’s Cyber Security Controls Assessor team. Besides a bachelor’s degree in computer science – and a master’s degree is preferred – and five years of experience in IT security or IT risk management, the desired candidate will have multiple IT licenses or certifications.