Protecting operations systems and critical energy infrastructure from cyber-attack is a daily critical mission at AEP, with threats coming from all directions. Breaches to the cyber security of the grid, or to our system, are potentially disruptive to people, property and commerce and create risk for our business, our investors and our customers.
Dennis DeVendra, IT Manager, in AEP's Cyber Security Operations Center.
We protect our critical cyber assets, such as our data centers, operational control systems, and business network, using multiple layers of cyber security and authentication. We constantly scan the system for risks or threats, and we maintain an active threat intelligence function to identify emerging threats and vulnerabilities. We continually advance the awareness of our employees and contractors to these cyber security threats so that they are better prepared to respond appropriately to any threat to our company.
Cyber security has also become a national security issue. During the past year, numerous legislative proposals have been submitted in the Congress, and a Presidential Executive Order was issued to address overall cyber security across the nation's critical infrastructure. Many of these initiatives have had common themes to improve cyber security for critical infrastructure, including greater threat-sharing information between the government and the private sector, and improving access for the private sector to government-classified threat intelligence data. The electric industry continues to be one of the few critical infrastructure functions with mandatory cyber security requirements under the authority of the Federal Energy Regulatory Commission, the North American Electric Reliability Corporation and the Nuclear Regulatory Commission.
As these national cyber security initiatives have arisen, AEP has partnered with a number of other utilities and the Edison Electric Institute (EEI) to help inform our legislators and regulators on the advanced cyber security functions our industry is already performing. We are also sharing what we learn and the practices that we employ to protect our critical infrastructure, many of which exceed what is required.
But just as the threats to critical infrastructure evolve and increase, so must our defensive capabilities and business functions. Consequently, we have partnered with our peer utilities, EEI, the Electric Power Research Institute (EPRI), the U.S. Department of Energy (DOE), and many other organizations to address cyber security capabilities and advanced defenses.
In 2012, we completed a major milestone with the deployment and operation of our Cyber Security Operations Center (CSOC), becoming the first utility in the country to build a CSOC. This project was funded through our gridSMART® program as part of a larger American Recovery and Reinvestment Act Department of Energy Smart Grid Demonstration Project grant. It is designed as a pilot cyber threat and information-sharing center specifically for the electric sector.
The CSOC is now operational, sharing cyber security threat information and other data across a number of CSOC member utilities and with the Department of Homeland Security. In 2013, this program became functional under the governance of a utility membership steering committee, funded by its membership base. This is a true government-private sector success, where government funding was used to seed the development and deployment of a cyber security tool to the private sector.
We also continue to focus internally on advancing cyber security capabilities. In March 2012, we signed a cooperative research and development agreement with the Department of Homeland Security’s Office of Cyber Security and Communications, further enhancing our ability to directly exchange information about cyber threats. In addition, we continue to partner with a number of federal and industry groups to advance the national capabilities of cyber security. We also test our defenses internally. In 2012, we held an executive-level tabletop drill to test the security of our systems and response to a cyber-attack against our company and we will conduct similar drills again in the future.