Avangrid partners with state fusion cell to fight cyber threats via data sharing

Avangrid’s award-winning cybersecurity initiative uses real-time data sharing to protect the energy grid.

Avangrid, a sustainable energy company based in Orange, CT, supplies gas and electricity to millions of people. However, as a provider of critical infrastructure, Avangrid must also prioritize cybersecurity. Cyberattacks on the energy grid can lead to power outages, data manipulation, and threats to public safety and the US economy.  

One key way companies like Avangrid protect the energy grid is by sharing cybersecurity information with government agencies. When the police and emergency services are continually aware of potential cyber threats, they can help stop attacks before they spread.

Yet, ensuring that data is shared quickly enough while still being accurate and actionable is a technical challenge.

To that end, Avangrid recently partnered with a state fusion cell – a government office where public agencies and private companies can share security information – to improve data sharing and help fortify the grid against cyber threats. 

“We place significant focus on genuine public-private partnerships, so working with a state fusion cell makes sense, and helps us best protect the energy grid,” says Robert Atonellis, manager of intelligence and incident response at Avangrid.

A cybersecurity data-sharing partnership is born

Avangrid and the state fusion cell began their partnership in 2021, when Antonellis joined the company after spending 20 years working in intelligence roles for the federal government. Having worked in fusion offices, Antonellis understood the data-sharing benefits and made a partnership his first priority at Avangrid.

At the heart of the project is Kaseware, a cloud-based knowledge management database designed to help corporate security teams and government agencies find the signals in noisy data sets. Avangrid and the state fusion cell both use Kaseware to share raw data—including security incident reports and anonymized crime data. 

“We needed real-time crime data to accurately complete local site security assessments, and the fusion cell had the data, so we focused on sharing raw data and enabling data discovery, instead of relying on time-consuming reports,” says Antonellis. 

“Because the data is raw, we might not know the useful pieces in the data right away, but our future queries will find the new information, and the [Kaseware] system will link the new information to our data and help us make cyber threat discoveries that would not be possible without new data.” 

The inevitable challenges of sharing and analyzing data

Avangrid believes its public-private partnership is the first of its kind and has the potential to dramatically improve the sharing of security intelligence. However, as with any data analysis project, there are challenges.

One hurdle was finding data that could be shared legally—as in data that’s not sensitive and does not contain personally identifiable information. 

Avangrid stores sensitive data such as the exact size and location of substations and other electric grid assets. If hackers had this data, they could use it to shut down the electrical grid. Meanwhile, the fusion center has sensitive data from crimes on individuals, including names and home locations. 

“Ideally, we’d share all that data – but we chose to focus on smaller achievable wins,” says Antonellis. “So the fusion center shares more generic crime data and information on terrorist groups deemed ‘criminal’ and releasable. As for Avangrid, we kept details of the substations out of the data sharing. In addition, we made sure anyone approving the data sharing – such as legal and compliance – knew that everyone working with the data was trained and aware of sensitivities.” 

The perks of public-private data sharing 

The partnership has enabled better day-to-day security and, Antonellis says, would be critical during a serious cyber attack.

“Sharing raw data allows us to plot incidents geospatially, track concerns, and overlay with additional data to make conclusions,” he explains. “For instance, local site security assessments are more accurate because our access to real-time data analysis gives us a better understanding of the threats to critical infrastructure.”

In addition to helping Avangrid improve its security posture, the state fusion cell partnership highlights the importance of relationships with local, state, and federal agencies when combating cybercrime.

Being able to reach out to fusion cells, the FBI, Department of Homeland Security, CISA, or the US Coast Guard gives Avangrid a cybersecurity advantage. On several occasions, says Antonellis, instead of waiting for a formal report to be issued, Homeland Security called Avangrid with urgent cyber threat information because the department saw the possibility of a near-term threat to Avangrid’s network.

“The foundation of any strong intelligence program is based on having robust regional, state, and federal partnerships,” says Pedro Azagra, Avangrid CEO. “We have taken that to the next level with this collaboration, setting a new standard for public-private partnerships.”

For its work with a state fusion cell to enhance cybersecurity, Avangrid has earned a 2024 CSO Award, which honors security projects that demonstrate outstanding thought leadership and business value.

Looking ahead and staying ahead of cyber threats

While its state fusion cell partnership has improved Avangrid’s ability to anticipate cyber threats, Antonellis hopes it is just the beginning.

“There’s a tremendous amount to build on,” he says. “We can work on sharing more specific data about crime locations and event details, and increase the frequency of the sharing. We can also explore duplicating this model with other state fusion cells such as E-ISAC (Energy Information Sharing and Analysis Center).

“Cyber threats are evolving much faster than defenses. So, having collaborative relationships and quickly sharing what we see will be the best way to defend against threats.”