CIO Straight Talk - Issue 9 - 28
challenges associated with operating technology
in these times.
Since then, we have also established an internal
capability not only to monitor the millions
of transactions that could pose a threat on a
daily basis, but also to ensure that we have the
processes and procedures in place-and the
policies to back them up-to keep our systems,
and our data, secure.
This would be tough in any large system
but may be especially challenging
given that our vital infrastructure
crisscrosses a territory that's roughly
half the size of Western Europe.
We pursue what we call a "defense-in-depth
strategy." It's a multidimensional approach that
aims to defend against all known threats and at
the same time, to try to future-proof ourselves
by monitoring emerging threats with all of our
partners in the federal government, the state
government, our industry, and the
Today, this multi-dimensional approach
extends beyond technology. We do not view
cybersecurity as an exclusively technical issue.
Many of the network penetrations we have seen
in the media over the past few years began not
with anything technically sophisticated but with
a simple email phishing campaign.
We have been training our employees for years
on some basic concepts, but we are now also
training them to be more cautious, not just with
emails but phone calls. All Oncor employees
are trained to be aware of the various ways an
adversary might trick them into opening a door
to our network.
that we don't have any roadblocks in our
communications and that people get a chance to
hear about our vision for technology first-hand.
To add security even as we enhance
performance, we've had to transform not only
our infrastructure but also the IT department
and, finally, my own role as CIO.
After a decade of change, people sometimes
ask me when we will "arrive." I say, don't hold
your breath. At Oncor, as in so many other
businesses today, there is no end-point in sight.
We will never reach the final destination point
of our journey, because there will always be
more demands to be met, and new goals to
accomplish together. Leveraging technology to
When I began my career, for the vast majority
of businesses IT was a non-strategic, back-office
function. IT was labeled a "service provider".
I encourage my team members to
forge the same kind of strong interdepartmental relationships I try to
build at headquarters.
streamline our operations, improve the customer
experience, and better meet constantly evolving
business demands makes my job as CIO not only
interesting but deeply satisfying.
Today, I think it's safe to say that we have
done away with old thinking and removed this
old divide. There is no longer an unnecessary
stratification between IT and "a business." At
Oncor, for instance, the IT infrastructure is now
a smart network that extends to the far reaches
of the electricity grid, and the IT department has
become a function every bit as strategic as any
other part of the company.
My role has also changed. These days, IT will
be successful only if I build and maintain good,
productive relationships with my peers across
the business. It's a fast-moving environment, and
we must work closely with the other functions.
We can only be successful together.
Nor do I take my team for granted. I try to spend
time with people all the way up and down the
line, in all of our geographies, to make sure that
our agenda is clear to everyone and that we are
delivering the service and security that we have
promised. Furthermore, I encourage them to
forge the same kind of strong inter-departmental
relationships that I try to establish across
* A smart sensor-enabled network is able to generate
information offering numerous benefits-improved decision
making, enhanced customer experience, and a better way of
interacting with various stakeholders.
* Along with the benefits that a smart network delivers comes
an expansion of a company's "attack surface"-the digital
assets that it must defend against security threats.
* As companies become increasingly digital, the IT department
becomes every bit as strategic as any other function.
That means not getting stuck in my office.
I spend a good deal of time accompanying
our other senior officers on employee visits
out to our field locations. I try to make sure
We've come to realize that we can no
longer afford to view cybersecurity
as an exclusively technical issue.