Baking in Cyber from the Top

By Lena Smart, VP & CSO, New York Power Authority

Lena Smart, VP & CSO, New York Power Authority

Yesterday, I was CIO of America’s largest state power organization. Today, I’m the CSO. No, I didn’t get a demotion–it was actually a promotion, and I am very excited about my new position.

“Having a standard architecture can provide the panacea for technological stability while also utilizing best procurement practices and standard software”

My new role as CSO was part of a larger re-organization that has been months (if not years) in the making. We have been struggling with the concept of integrating IT and OT (Operations Technology), and after much deliberation and conversations with peers in other utilities and organizations, we decided to turn the world upside down and have cybersecurity and innovation at the top of our technology tree.

We now have a Chief Technology and Innovation Officer who has overall responsibility for IT, OT, strategic operations, research and development, cyber security and physical security. I have been asked to manage the cybersecurity and physical security groups, and have a dotted line reporting structure from the other 4 groups.

Our CTIO made it clear–any technology decision from our company must be vetted by the security group. If it doesn’t pass muster there, then it dies on the vine. This is a radical step for us to take. For example, like many companies, we have shadow IT lurking in murky corners. We have people who buy cheap services in the cloud because they are easy to setup, and if IT doesn’t have time or resources to assist then they’ll do it themselves. Of course, IT is left to clean up the mess when it goes pear shaped. Now, with one technology group, there is no room for ambiguity. We have a great relationship with our procurement department and that is the key to a successful technology group. Procurement holds the financial keys to the kingdom, and we work closely with them to create our bid documents and deal with the myriad vendors who wish to do business with NYPA.

I have many years of experience in dealing with cyber security, and am delighted to be back in cyber-land. I also have a new challenge to build a security team that encompasses IT, OT and physical security. We must work as one cohesive unit, sharing information and ensuring that the cyber and physical posture of NYPA is maintained to the highest possible level.

This challenge will only be met if we have mutual trust and respect. I cannot emphasize enough the importance of trust, particularly within the cyber community. The only way that information sharing will work is if we have trusted relationships with each other. That is another reason that having one technology group at NYPA is a great idea. We are now one big family and can work closely together with no silos or inter-departmental politics getting in the way.

Finally, our new technology group will implement new standards for enterprise architecture. We realized there are many opportunities to improve our technology footprint with the implementation of this new CTIO group. Having a standard architecture can provide the panacea for technological stability while also utilizing best procurement practices and standard software. This enterprise architecture will allow the technology group to build an overall picture of our information, assets, processes and business alignment. It will slim down the choices of software and hardware to meet the majority of our clients’ needs and help negate the need for shadow IT.

I look forward to sharing our journey as the technology group at NYPA matures.