A key focus for CenterPoint Energy is proactively protecting our digital systems and data from cyberattacks through our cybersecurity management program.
CenterPoint Energy’s Cybersecurity Operations Center (CSOC) is the hub of our company-wide cybersecurity program. CSOC personnel analyze threat information from external sources, monitor network activity and respond to users who receive questionable emails. Phishing campaigns conducted by bad actors are a serious threat to our network, employees and data.
CenterPoint Energy’s Cybersecurity Awareness Program
A robust Cybersecurity Awareness Program helps employees and contractors across the company identify vulnerabilities and minimize risks. Cybersecurity-focused employee communications, one-click phishing reporting and other tracking and reporting tools help protect our company’s information assets.
The Phishing Education and Resistance Program provides employees the knowledge to avoid social-engineering attacks by offering:
- Cybersecurity awareness and proactive training, including regular webinars
- Educational experiences in the form of monthly phishing simulations and response training
- Remedial response steps for failures to simulated phishing campaigns or actual social engineering attacks
CenterPoint Energy’s Phishing Education and Resistance Program for Employees
As part of CenterPoint Energy’s Phishing Education and Resistance Program, simulated emails are sent to employees monthly to help sensitize them to social engineering attacks and help Information Technology address the risk presented by actual attacks. Phishing campaign results are included as a safety metric for awards made to CenterPoint Energy’s non-Executive Committee members under the company’s short-term incentive program.
CenterPoint Energy’s Phishing Education and Resistance Program for Contractors
Contractors are covered by a separate Phishing Contractor Compliance Initiative, which is detailed in the company’s Contractor Phishing Compliance Program Charter. This initiative is similar to the employee Phishing Education and Resistance Program.
- Regular internal security audits and vulnerability assessments of the company’s systems and user data security practices are conducted by our Internal Audit team.
- Regular external security audits and vulnerability assessments of the company’s systems and user data security practices. An infrastructure audit was conducted in 2022.
Governance And Oversight
The Governance, Environmental and Sustainability Committee of the Board oversees cybersecurity for the company and conducts quarterly reviews of cybersecurity programs, practices, initiatives, risks and mitigations, and strategies. Additionally, the full Board of Directors receives periodic updates regarding cybersecurity matters.
The Information Security Team, under the Director of Corporate Cybersecurity who reports directly to the Executive Vice President and General Counsel, is responsible for running and maintaining the methodology, processes and architecture that support the company’s Enterprise Systems Cybersecurity Plan.
Information Security’s responsibilities include:
- Ensuring management is aware and knowledgeable of potential and identified risks and mitigations.
- Implementing security measures to meet regulatory requirements.
- Performing Enterprise Systems Risk Assessments.
- Interpreting policies and standards as they relate to enterprise systems.
- Helping in the development, execution and implementation of remediation management.
- Remaining abreast of current cybersecurity trends and threats.
- Selecting, implementing and monitoring technologies to identify threats and vulnerabilities, and detecting and protecting against any attacks to CenterPoint Energy systems.
- Coordinating cybersecurity activities and sharing information with federal, state and local partners and regulators.
- Collaborating with the company’s Data Privacy Office on cybersecurity and data privacy matters.
CenterPoint Energy Hosts Cybersecurity Panel
In 2022, CenterPoint Energy hosted a conversation about cybersecurity with chief information and security officers in the energy and utility industries, members of academia and officials from various levels of government. The event was held in conjunction with HoustonCIO, which is the preeminent peer leadership network of Houston chief information officers and senior technology leaders across various industries. A cybersecurity panel featured a cross-section of industry representatives offered insights to help technology leaders navigate and manage cybersecurity through periods of energy transition and digital transformation.