Top

ESG Data Center:

CenterPoint Energy Sustainability

Actionable, Measurable, Transparent

CenterPoint Energy - Cybersecurity
Home | Governance | Enterprise Risk Management | Cybersecurity

Continued Commitment to Cybersecurity

Cybersecurity

In a time when our industry’s infrastructure, technologies and information systems are under new threats and security risks from cyberattacks, a key focus for CenterPoint Energy is proactively protecting our digital systems and data through a comprehensive cybersecurity management program.

CenterPoint Energy’s Cybersecurity Operations Center (CSOC) is the hub of our companywide cybersecurity program. CSOC personnel analyze threat information from external sources, monitor network activity and respond to users who receive questionable emails. Phishing campaigns conducted by bad actors are a serious threat to our network, employees and data.

CSOC Logo
CyberSecurity Awareness

CenterPoint Energy’s Cybersecurity Awareness Program

A robust Cybersecurity Awareness Program helps employees and contractors across the company identify vulnerabilities and minimize risks. Cybersecurity-focused employee communications, one-click phishing reporting and other tracking and reporting tools help protect our company’s information assets.

The Phishing Education and Resistance Program provides employees the knowledge to avoid social-engineering attacks by offering:

  • Cybersecurity awareness and proactive training
  • Educational experiences in the form of monthly phishing simulations and response training
  • Remedial response steps for failures to simulated phishing campaigns or actual social engineering attacks
cybersecurity office

The Phishing Education and Resistance Program provides employees the knowledge to avoid social-engineering attacks by offering:

  • Cybersecurity awareness and proactive training
  • Educational experiences in the form of monthly phishing simulations and response training
  • Remedial response steps for failures to simulated phishing campaigns or actual social engineering attacks

CenterPoint Energy’s Phishing Education and Resistance Program for Employees

As part of CenterPoint Energy’s Phishing Education and Resistance Program, simulated emails are sent to employees monthly to help sensitize them to social engineering attacks and help Information Technology address the risk presented by actual attacks. Phishing campaign results are included as a safety metric for CenterPoint Energy’s non-Executive Committee member short-term incentive program.

CenterPoint Energy’s Phishing Education and Resistance Program for Contractors

Contractors are covered by a separate Phishing Contractor Compliance initiative, which is detailed in the company’s Contractor Phishing Compliance Program Charter. This initiative is similar to the employee Phishing Education and Resistance Program.

Security Auditing

  • Regular internal security audits and vulnerability assessments of the company’s systems and user data security practices are conducted by our Internal Audit team.
  • Regular external security audits and vulnerability assessments of the company’s systems and user data security practices. An infrastructure audit was conducted in early 2022.

Governance And Oversight

The Governance, Environmental and Sustainability Committee of the Board oversees cybersecurity for the company and conducts quarterly reviews of cybersecurity programs, practices, initiatives, risks and mitigations, and strategies. The full Board of Directors receives periodic updates regarding these cybersecurity matters.

The Information Security Team, under the Director of Corporate Cybersecurity, is responsible for running and maintaining the methodology, processes and architecture that support the company’s Enterprise Systems Cybersecurity Plan.

Information Security’s responsibilities include:

  • Ensuring management is aware and knowledgeable of potential and identified risks and mitigations.
  • Implementing security measures to meet regulatory requirements.
  • Performing Enterprise Systems Risk Assessments.
  • Interpreting policies and standards as they relate to enterprise systems.
  • Helping in the development, execution and implementation of remediation management.
  • Remaining abreast of current cybersecurity trends and threats.
  • Selecting, implementing and monitoring technologies to identify threats and vulnerabilities, and detecting and protecting against any attacks to CenterPoint Energy systems.
  • Coordinating cybersecurity activities and sharing information with federal, state and local partners and regulators.
  • Collaborating with the company’s Data Privacy Office on cybersecurity and data privacy matters.
Cyber Panel Linkedin

CenterPoint Energy Hosts Cybersecurity Panel

In early 2022, CenterPoint Energy hosted a crucial and timely conversation about cybersecurity with chief information and security officers in the energy and utility industries, members of academia and officials from various levels of government. The event was held in conjunction with HoustonCIO, which is the preeminent peer leadership network of Houston chief information officers and senior technology leaders across various industries. A cybersecurity panel featured a cross-section of industry representatives offered insights to help technology leaders navigate and manage cybersecurity through periods of energy transition and digital transformation.