By Joel Austin, VP and CIO, Oncor Electric Delivery
Over the past 20 years, IT has evolved from a back office function to a strategic role, one that is an essential part of every aspect of the business. For example, at Oncor, Texas’s largest electrical utility, we have leveraged technology to create a smart network, one that has not only boosted efficiency but also transformed the way we serve more than 10 million customers. But a smarter network is also a more vulnerable one, creating a more challenging environment and requiring responses that are as smart as the network itself. That new paradigm requires a new kind of IT leadership.
Let’s first look, though, at some of the benefits Oncor has realized from our investments in technology. Over the past decade, we’ve added sensing equipment across our distribution and transmission grids; automation to manage those grids; and digital meters that we now monitor in near real-time. Those meters create some 3.4 million information delivery points.
All of that data, when intelligently used, allows us to make better decisions—about how to operate the grid, provide our customers better information on the status of their service, and interact with our regulators, stakeholders, and various market participants in new and more efficient ways.
For instance, we now get early warnings before a piece of equipment wears out, allowing us to repair or replace it before it causes an outage. And customers no longer need to call us to report outages – we already know about them. We can even send customers who request it text messages as soon as an outage occurs, including an estimate of when their power will be restored.
A New Challenge
But it’s important to realize that this new technology, while creating tremendous value, also makes Oncor a much easier target. As my chief information security officer likes to say, every time we add new monitoring technologies, we expand our “attack surface” – that is, the more points we connect to the system, the more assets we now have to defend.
This would be true in any large system, but it is especially challenging given that our vital infrastructure crisscrosses a territory that’s roughly half the size of Western Europe. How do you approach a challenge that big, both organizationally and geographically?
To begin with, you make security a top priority. Oncor began investing in cybersecurity over a decade ago, at the same time we were investing in our network. We established a cybersecurity operations capability, engineering and designing security into our systems and our infrastructure, and then prepared our workforce for the new challenges associated with operating technology in these times.
Since then, we have also established an internal capability not only to monitor the millions of transactions that could pose a threat on a daily basis, but also to ensure that we have the processes and procedures in place—and the policies to back them up—to keep our systems, and our data, secure.
We pursue what we call a “defense-in-depth strategy.” It’s a multidimensional approach that aims to defend against all known threats and at the same time, to try to future-proof ourselves by monitoring emerging threats with all of our partners in the federal government, the state government, our industry, and the tech sector.
Today, this multi-dimensional approach extends beyond technology. We do not view cybersecurity as an exclusively technical issue. Many of the network penetrations we have seen in the media over the past few years began not with anything technically sophisticated but with a simple email phishing campaign. We have been training our employees for years on some basic concepts, but we are now also training them to be more cautious, not just with emails but phone calls. All Oncor employees are trained to be aware of the various ways an adversary might trick them into opening a door to our network.
Leading the transformation
To add security even as we enhance performance, we’ve had to transform not only our infrastructure but also the IT department and, finally, my own role as CIO.
When I began my career, for the vast majority of businesses IT was a non-strategic, back-office function. IT was labeled a “service provider”.
Today, I think it’s safe to say that we have done away with old thinking and removed this old divide. There is no longer an unnecessary stratification between IT and “a business.” At Oncor, for instance, the IT infrastructure is now a smart network that extends to the far reaches of the electricity grid, and the IT department has become a function every bit as strategic as any other part of the company.
My role has also changed. These days, IT will be successful only if I build and maintain good, productive relationships with my peers across the business. It’s a fast-moving environment, and we must work closely with the other functions.
We can only be successful together.
Nor do I take my team for granted. I try to spend time with people all the way up and down the line, in all of our geographies, to make sure that our agenda is clear to everyone and that we are delivering the service and security that we have promised. Furthermore, I encourage them to forge the same kind of strong inter-departmental relationships that I try to establish across our enterprise.
That means not getting stuck in my office. I spend a good deal of time accompanying our other senior officers on employee visits out to our field locations. I try to make sure that we don’t have any roadblocks in our communications and that people get a chance to hear about our vision for technology first-hand.
After a decade of change, people sometimes ask me when we will “arrive.” I say, don’t hold your breath. At Oncor, as in so many other businesses today, there is no end-point in sight. We will never reach the final destination point of our journey, because there will always be more demands to be met, and new goals to accomplish together. Leveraging technology to streamline our operations, improve the customer experience, and better meet constantly evolving business demands makes my job as CIO not only interesting but deeply satisfying.
A smart sensor-enabled network is able to generate information offering numerous benefits—improved decision making, enhanced customer experience, and a better way of interacting with various stakeholders.
Along with the benefits that a smart network delivers comes an expansion of a company’s “attack surface”—the digital assets that it must defend against security threats.
As companies become increasingly digital, the IT department becomes every bit as strategic as any other function.