NERC’s GridEx VII tests grid security and resilience against evolving, hard-to-detect threats

The Electricity Information Sharing and Analysis Center (E-ISAC), a division of the North American Electric Reliability Corporation (NERC), has concluded its seventh biennial grid security and resilience exercise, known as GridEx VII. As the largest grid security exercise in North America, GridEx VII played a crucial role in testing and enhancing rapid and innovative response 

The E-ISAC will develop a public report on the exercise with input from all participants scheduled to be released by the end of the first quarter of 2024.

GridEx VII conducted the distributed play portion of the exercise, with over 250 organizations participating in a complex and challenging scenario tailored to their specific needs. This year’s scenario simulated real-world cyber and physical threats, providing a rigorous test of crisis response and recovery plans. GridEx, hosted every two years by NERC’s E-ISAC, remains the largest grid security exercise in North America.

Conducted November 14-15, security professionals played simultaneously in a complex and challenging scenario while adapting the exercise to meet their specific organizational needs. This year’s scenario reflected real-world cyber and physical threats and was designed to stress-test crisis response and recovery plans.

The exercise was an invitation-only executive tabletop session that brought together industry and government executives to focus on strategic and policy-level issues.

Since GridEx VI in 2021, the E-ISAC has expanded partnerships and reciprocal information sharing with industry sectors associated with electricity, and the E-ISAC leverages these partnerships to help members mitigate potential compromises to their systems. 

Exercises like GridEx are an important aspect of NERC’s mission to assure the reliability and resilience of the bulk power system (BPS), which is inextricably tied to grid security. 

Moreover, since the last GridEx, the cybersecurity landscape has continued to evolve, guided by geopolitical events, new vulnerabilities, changes in technologies, and increasingly bold cyber criminals and hackers.

“Although, the E-ISAC is not aware of any specific credible cyber or physical threats to the North American grid, the threat landscape in which we are operating is unprecedented – we are facing challenges that are increasingly difficult to detect and protect against,” Manny Cancel, NERC senior vice president and E-ISAC chief executive officer, said in a media statement. “Our adversaries continue to look for ways to exploit our interconnected system. We must continue to be vigilant. By working together in exercises like GridEx, we can make sure they are not successful.”

“I’m extremely proud of how our sector has responded to – and addressed – these challenges,” said Cancel. “Our remarkable resilience and unity as well as rapid and innovative response capabilities are a reflection of how our industry has been monitoring and, through exercises like GridEx, preparing for these events for decades.”

The exercise concludes with an invitation-only executive tabletop session, which brings together industry and government executives to focus on strategic and policy-level issues raised during the exercise and presents the opportunity for serious dialog about how to make the grid more secure.

In June, NERC released its 2023 State of Reliability (SOR) document that stated cyber and physical security remain critical elements of BPS reliability. The report also indicates that the power system faced a variety of security-related challenges in 2022 that could jeopardize the reliable operation of the BPS.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.