Strengthening our Physical &
Cybersecurity Efforts
Strengthening our Physical &
Cybersecurity Efforts
Overview
At Con Edison, security is of the utmost importance. We approach cyber security and data protection proactively due to the potential risks they pose to our company.
This also applies to physical security, where measures are taken to protect our employees, customers, and equipment. To that end, we employ technology, strategies, and assessments, as well as provide regular employee training and education.
Download ReportCybersecurity & Data Privacy
New technology brings new challenges, and cybersecurity has been identified as a key enterprise risk for the company. Our information security group, deploys cybersecurity tools designed to identify and prevent attacks both externally and internally. The company complies with regulatory cybersecurity requirements and works with local, state, and federal agencies, as well as our colleagues in the energy business, to identify and employ the technological tools designed to protect our customers and our equipment. We collaborate with these partners to share threat information and best practices, and conduct joint cybersecurity drills. Internally, management provides an annual presentation and monthly updates on cybersecurity risks to the Board, and the Audit Committee reviews more in-depth cybersecurity matters and risks semi-annually.
With the increasing threat of cybercrime, we continue to work towards strengthening our cyber security and data-protection efforts. They include monitoring, vulnerability assessments, employee education, regular drills, and phishing tests. We also conduct regular external security audits and vulnerability assessments of our systems, products, and practices affecting user data.
The company continues to advance data privacy through monitoring regulated activities related to personal data collection, use, and sharing; and maintaining compliance with applicable data privacy laws and privacy policies. Our privacy team, led by our Chief Privacy Officer, continues to guide IT and key business teams employing “Privacy by Design” principles to contemplate and mitigate data privacy risks at the time of system or process design and implementation. The privacy team is responsible for the company’s appropriate handling of customer and employee personal information and regularly trains and educates teams across the organization to maintain awareness and careful attention to protective measures. The company remains focused on the evolving data privacy regulatory landscape, taking proactive measures and building forward- looking tools and processes in anticipation of more individual-centered business requirements.
To hear more about our cybersecurity program and other topics, visit https://soundcloud.com/con-edison
Physical Security
Physical security has also been identified as a key enterprise risk for the company in light of evolving technologies. Our security teams work with local, state, and federal agencies, as well as our colleagues in the energy business, to identify and employ the technological tools to protect our customers and our equipment. We collaborate with these partners to share threat information and best practices and conduct large-scale joint cybersecurity and physical security drills to help protect our commodities against attacks.
The Board receives regular updates as to physical security risks from management. Additionally, at CECONY, in collaboration with Environmental Health and Safety, a summary of serious employee and/or contractor incidents are communicated to management for dissemination to their employees.
Both cybersecurity and physical security use a layered mitigation strategy which includes 24/7 monitoring, vulnerability assessments, employee education, regular drills, and audits to reinforce the security rules. In 2023, Corporate Security gave 120 Security Awareness presentations, reaching 4,551 employees. This included four active shooter drills.
We monitor approximately 2,000 cameras, intrusion detection systems, duress alarms, and a card access system to restrict access. The company employs hundreds of contract security guards, both armed and unarmed, throughout the system.
As for grid resiliency, there have been no material violations or fines due to non-compliance with physical security standards or regulations.
Download Report