{"id":411,"date":"2024-09-27T14:48:40","date_gmt":"2024-09-27T14:48:40","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=411"},"modified":"2024-09-27T14:48:40","modified_gmt":"2024-09-27T14:48:40","slug":"avangrid-partners-with-state-fusion-cell-to-fight-cyber-threats-via-data-sharing","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=411","title":{"rendered":"Avangrid partners with state fusion cell to fight cyber threats via data sharing"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Avangrid\u2019s award-winning cybersecurity initiative uses real-time data sharing to protect the energy grid.<\/p>\n<p>Avangrid, a sustainable energy company based in Orange, CT, supplies gas and electricity to millions of people. However, as a provider of critical infrastructure, Avangrid must also prioritize cybersecurity. Cyberattacks on the energy grid can lead to power outages, data manipulation, and threats to public safety and the US economy.\u00a0\u00a0<\/p>\n<p>One key way companies like Avangrid protect the energy grid is by sharing cybersecurity information with government agencies. When the police and emergency services are continually aware of potential cyber threats, they can help stop attacks before they spread.<\/p>\n<p>Yet, ensuring that data is shared quickly enough while still being accurate and actionable is a technical challenge.<\/p>\n<p>To that end, Avangrid recently partnered with a state fusion cell \u2013 a government office where public agencies and private companies can share security information \u2013 to improve data sharing and help fortify the grid against cyber threats.\u00a0<\/p>\n<p>\u201cWe place significant focus on genuine public-private partnerships, so working with a state fusion cell makes sense, and helps us best protect the energy grid,\u201d says Robert Atonellis, manager of intelligence and incident response at Avangrid.<\/p>\n<p><strong>A cybersecurity data-sharing partnership is born<\/strong><\/p>\n<p>Avangrid and the state fusion cell began their partnership in 2021, when Antonellis joined the company after spending 20 years working in intelligence roles for the federal government. Having worked in fusion offices, Antonellis understood the data-sharing benefits and made a partnership his first priority at Avangrid.<\/p>\n<p>At the heart of the project is Kaseware, a cloud-based knowledge management database designed to help corporate security teams and government agencies find the signals in noisy data sets. Avangrid and the state fusion cell both use Kaseware to share raw data\u2014including security incident reports and anonymized crime data.\u00a0<\/p>\n<p>\u201cWe needed real-time crime data to accurately complete local site security assessments, and the fusion cell had the data, so we focused on sharing raw data and enabling data discovery, instead of relying on time-consuming reports,\u201d says Antonellis.\u00a0<\/p>\n<p>\u201cBecause the data is raw, we might not know the useful pieces in the data right away, but our future queries will find the new information, and the [Kaseware] system will link the new information to our data and help us make cyber threat discoveries that would not be possible without new data.\u201d\u00a0<\/p>\n<p><strong>The inevitable challenges of sharing and analyzing data<\/strong><\/p>\n<p>Avangrid believes its public-private partnership is the first of its kind and has the potential to dramatically improve the sharing of security intelligence. However, as with any data analysis project, there are challenges.<\/p>\n<p>One hurdle was finding data that could be shared legally\u2014as in data that\u2019s not sensitive and does not contain personally identifiable information.\u00a0<\/p>\n<p>Avangrid stores sensitive data such as the exact size and location of substations and other electric grid assets. If hackers had this data, they could use it to shut down the electrical grid. Meanwhile, the fusion center has sensitive data from crimes on individuals, including names and home locations.\u00a0<\/p>\n<p>\u201cIdeally, we\u2019d share all that data \u2013 but we chose to focus on smaller achievable wins,\u201d says Antonellis. \u201cSo the fusion center shares more generic crime data and information on terrorist groups deemed \u2018criminal\u2019 and releasable. As for Avangrid, we kept details of the substations out of the data sharing. In addition, we made sure anyone approving the data sharing \u2013 such as legal and compliance \u2013 knew that everyone working with the data was trained and aware of sensitivities.\u201d\u00a0<\/p>\n<p><strong>The perks of public-private data sharing\u00a0<\/strong><\/p>\n<p>The partnership has enabled better day-to-day security and, Antonellis says, would be critical during a serious cyber attack.<\/p>\n<p>\u201cSharing raw data allows us to plot incidents geospatially, track concerns, and overlay with additional data to make conclusions,\u201d he explains. \u201cFor instance, local site security assessments are more accurate because our access to real-time data analysis gives us a better understanding of the threats to critical infrastructure.\u201d<\/p>\n<p>In addition to helping Avangrid improve its security posture, the state fusion cell partnership highlights the importance of relationships with local, state, and federal agencies when combating cybercrime.<\/p>\n<p>Being able to reach out to fusion cells, the FBI, Department of Homeland Security, CISA, or the US Coast Guard gives Avangrid a cybersecurity advantage. On several occasions, says Antonellis, instead of waiting for a formal report to be issued, Homeland Security called Avangrid with urgent cyber threat information because the department saw the possibility of a near-term threat to Avangrid\u2019s network.<\/p>\n<p>\u201cThe foundation of any strong intelligence program is based on having robust regional, state, and federal partnerships,\u201d says Pedro Azagra, Avangrid CEO. \u201cWe have taken that to the next level with this collaboration, setting a new standard for public-private partnerships.\u201d<\/p>\n<p>For its work with a state fusion cell to enhance cybersecurity, Avangrid has earned a <a href=\"https:\/\/event.foundryco.com\/cso-conference-awards\/\">2024 CSO Award<\/a>, which honors security projects that <a href=\"https:\/\/www.csoonline.com\/article\/570667\/us-cso50-2022-awards-showcase-world-class-security-strategies.html\">demonstrate outstanding thought leadership and business value<\/a>.<\/p>\n<p><strong>Looking ahead and staying ahead of cyber threats<\/strong><\/p>\n<p>While its state fusion cell partnership has improved Avangrid\u2019s ability to anticipate cyber threats, Antonellis hopes it is just the beginning.<\/p>\n<p>\u201cThere\u2019s a tremendous amount to build on,\u201d he says. \u201cWe can work on sharing more specific data about crime locations and event details, and increase the frequency of the sharing. We can also explore duplicating this model with other state fusion cells such as E-ISAC (Energy Information Sharing and Analysis Center).<\/p>\n<p>\u201cCyber threats are evolving much faster than defenses. So, having collaborative relationships and quickly sharing what we see will be the best way to defend against threats.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Avangrid\u2019s award-winning cybersecurity initiative uses real-time data sharing to protect the energy grid. Avangrid, a sustainable energy company based in Orange, CT, supplies gas and electricity to millions of people. However, as a provider of critical infrastructure, Avangrid must also prioritize cybersecurity. Cyberattacks on the energy grid can lead to power outages, data manipulation, and [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":412,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-411","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/411"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=411"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/411\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/412"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=411"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=411"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}