Our commitment to protect our employees, customers, facilities and the reliability of our electric system includes safeguarding our assets against cybersecurity threats. As cyberattacks to the electric sector increase in number and sophistication, cybersecurity experts warn that the consequences of a successful attack could jeopardize public safety, as millions of households and businesses could be left without electricity.
We evaluate threats to our system’s communications network by employing Threat Intelligence Management to detect and enhance responses to cyberattacks. This approach improves our ability to work with government partners to strengthen system security and the resilience of critical infrastructure. Our enterprise cybersecurity program incorporates best practices, and we maintain compliance with federal and state regulations.
Our cybersecurity team is responsible for oversight, governance and direction, cybersecurity strategy, and awareness and training for all our employees and contractors. Employees and contractors with network accounts are required to take cybersecurity awareness and anti-phishing training annually. The cybersecurity team is also tasked with incident response and root cause analysis; vulnerability and risk assessments; regulatory compliance and patch management oversight; security application support; and support and configuration of cybersecurity hardware and software.
To support the need for continuous monitoring and detection, our Transmission Security Operations Center (TSOC) uses a unique set of technologies to assess security events from a physical, cyber and operational technology perspective. The TSOC is responsible for performing threat analysis; conducting investigations; analyzing security metrics and trends; reporting to company leadership and our Board Audit Committee; and sharing security information with industry, government and regional partners.
Our Corporate Security group provides the operational and governance support for physical security, including compliance with the NERC Critical Infrastructure Protection (CIP) requirements and business continuity management for all FirstEnergy personnel and assets.
Corporate Security professionals provide expertise to enhance and support the safety of all employees, assets and day-to-day operational activities related to physical security. They are responsible for ensuring compliance with regulatory standards; making vulnerability assessment recommendations; developing and enforcing corporate security policies; providing investigative support for physical incidents involving employees or assets; and managing physical security devices and controls.