NERC recommends emergency response plan review after GridEx drills

In November 2019,  organizations across the electric power industry in North America tested their emergency response plans as part of the annual GridEx event. Organized by the North American Electric Reliability Corporation, the fifth installment of the GridEx event drew more than 7,000 participants.

On March 31, NERC released its annual after-action report on the event. GridEx V includes a detailed account of the lessons learned during the two-day exercise. This includes recommendations focused on the Electricity Information Sharing and Analysis Center (E-ISAC), electricity industry, and cross-sector and government partners in North America.

“Each GridEx is an important milestone in the ongoing cyber and physical security training of industry members and government partners,” said Manny Cancel, NERC senior vice president and E-ISAC chief executive officer, in a press release. “This report notes the success of GridEx V and starts the planning process in earnest for GridEx VI as an enhancement to its predecessor.”

As part of the event, participants test their cyber and physical security incident response protocols. The exercise helps organizations determine how equipped they are to handle cybersecurity threats to critical infrastructure.

Overall NERC recommends organizations within the electric power industry review their emergency response plans  to account for the complex collaboration with all levels of government in North America that would be required should a grid security event occur.

The report also calls for incorporating natural gas providers and pipeline operators into restoration planning and drills, and enhancing coordination with communications providers to support restoration and recovery. Additionally, the report advises participants continue to strengthen the operational industry and government coordination between the United States and Canada.

GridEx V also recommends building consensus with the U.S. Department of Energy on the design, issuance and liability protections for grid security emergency orders issued under Section 215A of the Federal Power Act. The law authorizes the DOE to order utilities, the NERC  and regional entities to implement emergency security measures for up to 15 days at a time.

“The U.S. government should continue to refine consultative and communications  mechanisms with industry to support the development of GSE orders,” the report says. “Utilities agreed that a GSE should specify restoration priorities but leave the detailed engineering approach of how to achieve the priority up to the utilities and RCs. The entities responsible for implementing the order would then have the flexibility to take necessary actions while respecting safe grid operating practices and knowing the current status and overall strategy for grid restoration. DOE should collaborate with industry to consider whether to provide additional liability protections for electricity entities and supporting sectors, such as telecommunications and mid-stream natural gas companies that implement the GSE orders. This would especially apply to lawsuits from customers or others who are disadvantaged or suffer loss because of the GSE order.”

One of the flaws identified in the fifth annual exercise was a lack of participation from supply chain vendors. However, NERC emphasizes that GridEx V achieved six of its seven objectives, which included exercising incident response plans; expanding the local and regional response; engaging critical interdependencies; improving communication; engaging senior leadership; and gathering lessons learned.

According to the GridEx report, 96 percent of respondents felt GridEx V met their expectations and  65 percent responded that it met their expectations “very well”. That’s an increase from 42 percent in the previous year. Additionally, 97 percent of respondents said GridEx V was planned and managed to meet their needs and 64 percent indicated it was planned and managed “very well”, an increase from 38 percent in GridEx IV.

“The flexible scenario structure enabled exercise planners to customize their GridEx experiences and maximize learning to improve their organizations’ incident response preparations and capabilities,” NERC said in the press release. “Early planning allowed planners to benefit from the scenario’s flexibility, but planners whose organizations joined later struggled to adequately prepare for the exercise. While many utilities used GridEx to strengthen their relationships with Reliability Coordinators, law enforcement and government agencies, others lacked the resources needed to coordinate responses to the challenges in the scenario. The GridEx distributed play and executive tabletop should occur on different dates so that leadership teams can achieve maximum training value for their organizations.”

Rebecca Addison

Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.