Events
Utilities: Energy & Power, Water, Waste

GridEx takes on Doomsday Scenario

November 18, 2019
GridEx 2019

GridEx  saw more than 6,500 participants in the electric power industry put their emergency response plans to the test

On November 13 and 14 more than 6,500 participants in both the government and electric power industry put their emergency response plans to the test in simulated doomsday scenarios. As part of the annual GridEx event the North American Electric Reliability Corporation brought together participants from more than 425 organizations to test cyber and physical security incident response protocols.

The exercise exposed organization to coordinated cyber and physical attacks affecting the bulk power system across North America. Participants faced simulated conditions including compromised customer payment systems, fuel shortages and copycat attacks.

“GridEx V marks a 10-year milestone in NERC’s effort to help industry members and government partners continually improve their security posture,” Jim Robb, NERC’s president and chief executive officer, said in a statement. “The steady growth of GridEx participation since our first exercise in 2011 is a testament to how seriously the industry takes security.”

GridEx is hosted by NERC’s Electricity Information Sharing and Analysis Center every two years. The latest installment, set a record for having more organizations than years prior. Last year, only 370 organizations took part in the exercise. This year, community-owned utilities and electric cooperatives contributed the largest increase to participation with 53 organizations added to the event.

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

GridEx V focused on the growing interdependence of critical infrastructures. For the first time, the exercise’s executive tabletop centered around simulated attacks and responses for specific regions within North America.

New York was among the regions targeted. Participating utilities included Consolidated Edison,  which serves 3.5 million customers in the New York City area. The simulated attack led to service loss for 8,000 gas customers in central Westchester and 3,000 in Lower Manhattan. Additionally, a substation explosion in White Plains caused 7,800 simulated electric outages.

“Narrowing the geographical focus of the executive tabletop gives industry and government leaders the opportunity to deepen their grid security training without sacrificing any intensity in the impacts on the bulk power system,” Robb said. “GridEx is designed to overwhelm even the most prepared organizations.”

GridEx V also tested the Electricity Subsector Coordinating Council’s Cyber Mutual Assistance program. ESCC serves as a liaison between the federal government and the electric power industry. It works to coordinate efforts to prepare for national-level incidents or threats to critical infrastructure.

“NERC’s GridEx series offers an invaluable opportunity for industry and government officials at all levels to evaluate crisis communications and security and response plans in order to identify new risks and develop actionable mitigation strategies,” Tom Kuhn, president of the Edison Electric Institute, an association that represents all U.S. investor-owned electric companies, said in a statement  “Through the CEO-led Electricity Subsector Coordinating Council (ESCC), GridEx also helps us to enhance cross-sector coordination and develop a more detailed understanding of interdependencies and potential impacts to other critical infrastructure sectors.”

The ESCC facilitates and supports activities and initiatives designed to enhance the reliability and resilience of the energy grid. It’s CMA program was designed to help electric companies restore critical computer systems following a major cyber incident. To find out how the program performed, stay tuned for NERC’s after-action report outlining the newly identified opportunities for industry and government stakeholders to enhance their collective security posture.

“Protecting the energy grid from threats that could impact national security and public safety is a responsibility shared by both the government and the electric power industry,” said Kuhn. “Together, we will identify and apply the lessons learned from GridEx V, as we continue our work to enhance energy grid security and resiliency.”

Rebecca Addison
Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
E-ISAC releases report on GridEx VII exercise, highlighting recommendations for grid security and resilience
E-ISAC releases report on GridEx VII exercise, highlighting recommendations for grid security and resilience
DOE must remain lead cybersecurity agency for energy sector, Energy and Commerce Committee indicates
DOE allocates $15 million to establish university-based electric power cybersecurity centers
EclecticIQ details Operation FlightNight targeting Indian government entities, energy sector
EclecticIQ details Operation FlightNight targeting Indian government entities, energy sector
CS4CA USA Summit 2024: IT and OT security leaders share insights on cyberattack mitigation and recovery strategies
CS4CA USA Summit 2024: IT and OT security leaders share insights on cyberattack mitigation and recovery strategies
US White House and EPA warn governors of cyberattacks on water systems, call for enhanced security measures
US White House and EPA warn governors of cyberattacks on water systems, call for enhanced security measures
​​CS4CA US Summit 2024 brings together IT and OT security leaders for critical infrastructure protection
​​CS4CA US Summit 2024 brings together IT and OT security leaders for critical infrastructure protection
S4x24 closing panel highlights challenges in OT security job market with insights from industry leaders
S4x24 closing panel highlights challenges in OT security job market with insights from industry leaders