GridEx saw more than 6,500 participants in the electric power industry put their emergency response plans to the test
On November 13 and 14 more than 6,500 participants in both the government and electric power industry put their emergency response plans to the test in simulated doomsday scenarios. As part of the annual GridEx event the North American Electric Reliability Corporation brought together participants from more than 425 organizations to test cyber and physical security incident response protocols.
The exercise exposed organization to coordinated cyber and physical attacks affecting the bulk power system across North America. Participants faced simulated conditions including compromised customer payment systems, fuel shortages and copycat attacks.
“GridEx V marks a 10-year milestone in NERC’s effort to help industry members and government partners continually improve their security posture,” Jim Robb, NERC’s president and chief executive officer, said in a statement. “The steady growth of GridEx participation since our first exercise in 2011 is a testament to how seriously the industry takes security.”
GridEx is hosted by NERC’s Electricity Information Sharing and Analysis Center every two years. The latest installment, set a record for having more organizations than years prior. Last year, only 370 organizations took part in the exercise. This year, community-owned utilities and electric cooperatives contributed the largest increase to participation with 53 organizations added to the event.
GridEx V focused on the growing interdependence of critical infrastructures. For the first time, the exercise’s executive tabletop centered around simulated attacks and responses for specific regions within North America.
New York was among the regions targeted. Participating utilities included Consolidated Edison, which serves 3.5 million customers in the New York City area. The simulated attack led to service loss for 8,000 gas customers in central Westchester and 3,000 in Lower Manhattan. Additionally, a substation explosion in White Plains caused 7,800 simulated electric outages.
“Narrowing the geographical focus of the executive tabletop gives industry and government leaders the opportunity to deepen their grid security training without sacrificing any intensity in the impacts on the bulk power system,” Robb said. “GridEx is designed to overwhelm even the most prepared organizations.”
GridEx V also tested the Electricity Subsector Coordinating Council’s Cyber Mutual Assistance program. ESCC serves as a liaison between the federal government and the electric power industry. It works to coordinate efforts to prepare for national-level incidents or threats to critical infrastructure.
“NERC’s GridEx series offers an invaluable opportunity for industry and government officials at all levels to evaluate crisis communications and security and response plans in order to identify new risks and develop actionable mitigation strategies,” Tom Kuhn, president of the Edison Electric Institute, an association that represents all U.S. investor-owned electric companies, said in a statement “Through the CEO-led Electricity Subsector Coordinating Council (ESCC), GridEx also helps us to enhance cross-sector coordination and develop a more detailed understanding of interdependencies and potential impacts to other critical infrastructure sectors.”
The ESCC facilitates and supports activities and initiatives designed to enhance the reliability and resilience of the energy grid. It’s CMA program was designed to help electric companies restore critical computer systems following a major cyber incident. To find out how the program performed, stay tuned for NERC’s after-action report outlining the newly identified opportunities for industry and government stakeholders to enhance their collective security posture.
“Protecting the energy grid from threats that could impact national security and public safety is a responsibility shared by both the government and the electric power industry,” said Kuhn. “Together, we will identify and apply the lessons learned from GridEx V, as we continue our work to enhance energy grid security and resiliency.”