Keeping the Power Grid Secured

Since the cyber weapon, Stuxnet, was discovered in 2010 to sabotage a uranium enrichment facility’s control system in Iran, security experts around the world have increased measures to protect power, water, chemical, electrical, and other facilities from future cyber attacks. In one such attack targeted to destroy a large-scale facility, the Stuxnet computer worm rewrote the code in a component with centrifuges that spin nuclear material inside the Iranian facility.

In order to prevent such a cyber attack from occurring within the United States, the U.S. Department of Homeland Security enlists support from across the federal government and private sector. For example, the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection program, where Nick Santora, ’08, MBA ’11 works, collaborates with the Departments of Energy and Homeland Security, the FBI, the Department of Defense, and other agencies on critical infrastructure and security matters involving the North American bulk power system.

“The cybersecurity field is one of the hottest and fastest growing, and Nick’s career is growing by leaps and bounds as a result,” said Dr. William Amadio, director of Rider’s Center for Business Forensics, who became Santora’s mentor as a student and professional. “In my opinion, he has one of the most unique and interesting jobs of all our recent alumni.”

As the not-for-profit’s cybersecurity specialist for Critical Infrastructure Protection, Santora is involved in helping to prevent cyber attacks in the United States through developing and enforcing mandatory cyber standards, such as electronic security perimeters, personnel security, and incident response planning; and conducting cyber-related investigations.

“NERC reports to the Federal Energy Regulatory Commission and has the legal authority to develop and enforce reliability standards on owners and operators of the bulk power system in the United States. NERC created a baseline of cybersecurity standards with the electric industry to build their cybersecurity programs on,” Santora explained. “NERC understands that all environments are different, and a ‘one-size fits all’ format would not be in the best interest of the industry or of security. While the electric industry is the only critical infrastructure to enforce mandatory cybersecurity standards, other industries are working toward a common goal of securing their infrastructures.”

In addition to auditing cybersecurity standards, Santora and his team also assess the industry to ensure that a cyber attack like the Stuxnet computer worm does not occur in the United States. In November, NERC conducted a cybersecurity incident-readiness exercise that tested the crisis response plans of NERC, government and the electric industry.

“We created a scenario with simulated attack injects to demonstrate industry responsiveness to a large scale cyber attack against North America,” he said. We had more than 100 participants, including industry, federal agencies, vendors, and members from Canada – which is important because the United States and Canada have an interconnected grid.”

Santora began working for NERC in June 2008, a month after graduating with a bachelor’s degree in Computer Information Systems from Rider. He applied for an Information Technology Specialist position with an undisclosed company on Monster.com. It was not until he was called for an interview several months later when he learned that the position was with NERC.

In summer 2010, NERC defined its relocation strategy and decided to move its headquarters office from Princeton, N.J., to Atlanta. Santora was part of the small team that planned, designed, and implemented the new infrastructure in the Atlanta headquarters. While working at NERC in Princeton, Santora pursued his master’s degree at Rider and developed a professional relationship with Mark Weatherford, who at the time was the vice president and chief security officer of NERC. That connection later helped Santora when he interviewed for his current position in the Critical Infrastructure Department in Atlanta. Weatherford, was recently appointed as the new Deputy Undersecretary for Cybersecurity for the National Protection and Programs Directorate for the U.S. Department of Homeland Security.

Through Rider’s Computer Information Systems and Master of Business Administration programs, Santora was able to integrate the technical background he developed as early as high school with the necessary business skills he needed to succeed in his career.

“It doesn’t help if you just have the technical background these days. You need to understand the technical knowledge and also be able to present it clearly to anyone, anywhere,” said Santora about the business skills he gained at Rider. “In my current position, I have to do that on a daily basis. You need to have the big picture view at this level of work.”

“The electric industry is in need of people with cybersecurity backgrounds,” Santora continued. “Many people have either the business or the technical background, but both are a rare commodity.”