Utility’s IT security in auditor’s Top 10
by RICK NORTON Associate Editor
Dec 09, 2013 | 885 views | 0 0 comments | 14 14 recommendations | email to a friend | print

Cleveland Utilities’ information technology system has less than a 1 percent criticality rate, placing it in the Top 10 of 225 functioning utility companies audited by the chief technology officer of the Central Service Association.

In other words, based on past audits — and one that’s going on now by CSA’s Steven Dyer — chances of a successful intrusion into CU’s high-tech systems are minimal.

Dyer, who is currently conducting a biannual audit on CU’s internal equipment, briefly updated Cleveland Board of Public Utilities members Thursday during the governing body’s final formal session of the calendar year.

“This particular audit this time is being done on internal equipment,” Dyer explained during the board gathering in the Tom Wheeler Training Center. “In the past, I did an intrusion audit. I tried to break into your organization via the Internet and through other means.”

He added, “In this one, I was inside the building scanning everything, seeing if there were any vulnerabilities.”

So far, Dyer has found none.

The IT specialist, whose experience includes 18 years as a government contractor in security and 16 years in the utility industry, said in his career he has conducted 250 utility audits. This includes 225 utility companies. With each audit, he keeps a comparative rank.

“I’m very pleased to say ... you guys rank in the Top 10 of the utilities that I have audited,” Dyer said. “[I have audited] a little over 225 utilities total. So, take that as a very, very positive piece within your organization. Directly, that would go back to the staff at Cleveland Utilities.”

Walt Vineyard, vice president of Information Technology at Cleveland Utilities, heads up the local company’s IT systems. Vineyard’s performance was praised by CU President and CEO Ken Webb, and Vineyard then passed along the compliments to his departmental staff.

Dyer put CU’s IT criticality rate into perspective.

“You’ve got less than a 1 percent criticality rate which is exceptional ... for an internal scan,” he stressed to the board. “Most of the time, that’s an 8 to 10 percent criticality rate that I see from internal systems.”

Dyer suggested this kind of IT performance comes only at the hands of a technology staff that stays focused and updated on latest trends and happenings in the high-tech industry.

“The technical staff [at Cleveland Utilities] takes security extremely seriously, and it’s in their forefront,” Dyer noted. “They have it right at the edge. Any time new technology is actually brought forth, the security questions are some of the first questions that are asked.”

Dyer told board members if he had any thoughts for CU at this point, it would be to remain current on everything IT.

“My only major suggestions to this organization is to keep up the diligence that’s going on,” he said. “Keep up the hyper-focus from the staff.”

Webb expressed confidence in CU’s technology systems and personnel, but he pointed out it’s always reassuring to hear an outside organization make the same claims.

“IT is a critical part of our operation,” Webb said. “... We take the security of that department and the work they do very seriously.”

Dyer appeared before the CU board at Webb’s invitation.

“I asked him to speak [to the board] today to briefly tell a little bit about what he does and why he does it, and what the importance of that is,” Webb said of Dyer’s update.

The Central Service Association provides billing services, financial packages and other services for Cleveland Utilities. The association has worked with CU for 74 years dating back to 1939.

CSA is an association comprised of utility companies. Dyer described utilities like CU as being a member-owner of the organization because they partnered decades ago to found the agency.