Tri-State Generation & Transmission Association, Inc. 10-K Cybersecurity GRC - 2024-03-15

Page last updated on July 16, 2024

Tri-State Generation & Transmission Association, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 12:11:53 EDT.

Filings

10-K filed on 2024-03-15

Tri-State Generation & Transmission Association, Inc. filed a 10-K at 2024-03-15 12:11:53 EDT
Accession Number: 0001637880-24-000019

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have a comprehensive cybersecurity program designed to protect and preserve the confidentiality, integrity and availability of our data and systems. We are also subject to mandatory cybersecurity regulatory requirements. Our risk management programs, which address both enterprise and energy commodity risks, provides for evaluating and addressing cybersecurity risks and cybersecurity compliance. As part of our evaluation of cybersecurity risks, we consider cybersecurity risks and threats related to use of third-party service providers. Depending on the third-party service provider, the services provided by such third party and the data stored or to which such third party has access, we require different cybersecurity protections and specific cybersecurity programs that the third party must maintain. Our Utility Members have their own independent cybersecurity programs and procedures. Cybersecurity risks with long-term resolutions are evaluated and added to our risk register, which is reviewed and updated by a corporate committee quarterly. This corporate committee, consisting of senior executives and support staff, meets regularly to assess enterprise, including cybersecurity, and energy commodity risks. Our Chief Administrative Officer/CHRO manages our information technology department and has executive oversight of our cybersecurity program. Our Chief Information Officer and Chief Information Security Officer that report directly or indirectly to our Chief Administrative Officer/CHRO are responsible for implementation of our cybersecurity program. Our Chief Information Officer and Chief Information Security Officer have multiple cyber-related certifications from nationally recognized organizations and a combined experience in cybersecurity of 30 years. We interface regularly with a wide range of external organizations and participate in classified briefings to maintain an awareness of current cybersecurity threats and vulnerabilities. We utilize third-party consultants to evaluate and test our cybersecurity preparedness and participate in national transmission grid security exercises that also address cybersecurity threats. Our security efforts are intended to address evolving and changing cyber threats. We operate a dedicated cyber security center with capabilities to monitor, detect, analyze, mitigate, and respond to cyber threats. The Engineering and Operations Committee of our Board has oversight of our cybersecurity program and the risks from cybersecurity threats. The Engineering and Operations Committee is briefed quarterly with both oral and written reports on cybersecurity including cybersecurity risks. Our Board receives oral briefing on cybersecurity including cybersecurity risks no less than once per year and our Board is provided access to all written reports provided to the Engineering and Operations Committee. We are subject to numerous cybersecurity threats and the cybercriminals are becoming more sophisticated and are increasingly targeting electric utilities. A major cyber incident could result in significant business disruption, compromised or improper disclosure of data, and expenses to repair security breaches or system damage and could lead to litigation, regulatory action, including penalties or fines, and an adverse effect on our financial condition, results of operations, and reputation. See “RISK FACTORS - General Risks” for additional information. While there have been immaterial incidents of phishing and attempted financial fraud across our system, there has been no material impact on business or operations from these attacks. However, we cannot guarantee that security efforts will prevent breaches, operational incidents, or other breakdowns of information technology systems and network infrastructure and cannot provide any assurance that such incidents will not have a material adverse effect in the future.


Company Information

NameTri-State Generation & Transmission Association, Inc.
CIK0001637880
SIC DescriptionElectric Services
Ticker
Website
CategoryNon-accelerated filer
Fiscal Year EndDecember 30