Always on guard

Before most Minnkota employees open their first email of the day, the cooperative’s cybersecurity systems have already blocked millions of potential threats. Almost all of them are harmless. But buried in that digital noise are suspicious signals, irregular patterns and active attack attempts.

“It only takes one thing to sneak past our tools and systems and it’s a bad day,” said Chad Ulland, Minnkota Senior Manager of Information Technology and Enterprise Cybersecurity. “We have to be correct 100% of the time; the adversary only has to be right once to cause issues.”

Cybersecurity is the quiet but important work that often happens behind the scenes. If nothing happens, that usually means the people and systems are doing their jobs well. Behind that calm, however, is a constantly evolving program designed to keep up with a threat landscape that changes by the day.

“The rate of change is what keeps you up at night,” Ulland said. “You’re working to address a risk you see today, and by the time you mitigate it, two more have already popped up.”

That pace is exactly why Minnkota recently commissioned a third-party cyber risk assessment. Reviewers examined how a real attacker might attempt to gain initial access, how they could establish a foothold inside systems, and whether they might move from traditional IT networks into operational technology (OT) that supports power plants and transmission infrastructure.

The outcome was reassuring. The assessment found Minnkota’s overall cyber risk to be low, compared to an industry-wide medium-risk baseline.

“We do multiple cybersecurity assessments each year,” Ulland explained. “Some focus on processes and controls, while other times we bring in an external party to dig deeper. The value of this particular assessment is that it crossed both IT and OT environments.”

Defense in depth

A successful cyberattack on a utility doesn’t just steal information. It can disrupt operations, damage equipment or even interrupt power to communities. That reality has transformed cybersecurity from a technical concern into a core value at Minnkota.

“My job didn’t exist here 10 years ago,” said Matt Odermann, who is in his first year at Minnkota as cybersecurity supervisor. It’s a role that requires a risk-based mindset to help determine where to invest time, resources and people to most effectively reduce exposure.

“We know it’s not possible to get to zero risk,” Odermann said. “We can’t just bury all our computers in concrete and say we’re safe. People still need to do their jobs. There are thousands and thousands of vulnerabilities, so we’re always evaluating how to minimize our risk.”

To avoid single points of failure, Minnkota relies on layered protections – often referred to as “defense in depth.” That approach has become increasingly important as Minnkota’s environment grows more complex. Remote work, cloud systems, legacy operational technology and hundreds of vendor connections have pushed security well beyond the traditional network edge.

“Securing that consistently is challenging,” Odermann said. “That’s one of our biggest risk factors.”

The emergence of artificial intelligence has also accelerated risks. Odermann says many attacks today are automated, with scripts scanning the internet for known vulnerabilities and circling back when something responds. On the flip side, Minnkota is also exploring how to grow the use of AI in its security processes.

“AI is still a technology that’s growing so fast,” Odermann said. “I think it’s going to be an advantage to us as cybersecurity professionals and to our posture, but we know bad actors will be using it, too.”

People are part of the solution

Technology does much of the heavy lifting, but Minnkota’s cybersecurity program depends just as much on people. Over the past year, that human layer has grown stronger. The cooperative has invested in a robust cybersecurity awareness program and plans to continue enhancing and expanding it in 2026.

“We’re trying to meet people where they are,” Ulland said. “We plan to introduce shorter, more intentional training that reflects what we’re actually seeing in the real world.”

Minnkota also offsets risk by working closely with federal and state partners who provide advanced threat intelligence.

“What looks like a one-off event to us might be part of a national pattern,” Ulland said. “Those partnerships help connect the dots and keep our systems safe.”

Together, that combination of informed employees, targeted training and trusted external partners creates a team designed to adapt as threats evolve.

“Everyone has a role to play in cybersecurity,” Odermann said. “Anybody that interacts with our systems has a major role in what we’re trying to do.”

MAIN IMAGE: Chad Ulland, Minnkota senior manager of IT and enterprise cybersecurity, inspects a server rack inside Minnkota’s data center.