GridEx unites electric power industry, government to strengthen energy grid security training
For more than 6,500 electric power industry and government participants, GridEx V on Nov. 13 and 14 was an opportunity to put emergency response plans to the test under simulated worst-case scenarios – cyber and physical attacks that could threaten the reliability of the North American energy grid.
In the largest exercise of its kind, the North American Electric Reliability Corporation (NERC) brought together participants from more than 425 organizations across the electric utilities industry, and federal and state governments to test cyber and physical security incident response protocols and coordination amongst stakeholders from the United States, Canada and Mexico.
Given the interdependence of critical infrastructure, the biennial GridEx event also expanded participation from other sectors including natural gas, electrical equipment manufacturing, telecommunications and finance, according to NERC.
During the exercise, grid operators faced simulated conditions, such as loss of control center functionality, compromised customer payment systems, fuel shortages and copycat attacks.
“NERC’s GridEx series offers an invaluable opportunity for industry and government officials at all levels to evaluate crisis communications and security and response plans in order to identify new risks and develop actionable mitigation strategies,” said Edison Electric Institute (EEI) President Tom Kuhn. “Through the CEO-led Electricity Subsector Coordinating Council (ESCC), GridEx also helps us to enhance cross-sector coordination and develop a more detailed understanding of interdependencies and potential impacts to other critical infrastructure sectors.”
The ESCC serves as an intermediary between the federal government and the electric power sector, with the mission of coordinating efforts to prepare for national-level incidents or threats to critical infrastructure.
NERC said that community-owned utilities and electric cooperatives represented the largest increase in participation with 53 organizations added to the exercise since GridEx IV, which drew 6,500 participants from more than 370 organizations.
“GridEx V marks a 10-year milestone in NERC’s effort to help industry members and government partners continually improve their security posture,” said Jim Robb, NERC’s president and chief executive officer. “The steady growth of GridEx participation since our first exercise in 2011 is a testament to how seriously the industry takes security.”
In addition, organizations tested the electric power industry’s Cyber Mutual Assistance (CMA) program during the exercise, according to EEI. Designed in response to previous GridEx events, the CMA is a program to restore critical computer systems following a major cyber incident, based on the industry’s traditional mutual assistance networks. Developed by ESCC, the program covers approximately 80 percent of the U.S. electricity customers and 75 percent of natural gas customers, EEI added.
Following GridEx V, NERC’s Electricity Information Sharing and Analysis Center (E-ISAC), will develop a public report on the exercise with input from all participants. NERC said it intends to release the GridEx V report in March 2020.
“Protecting the energy grid from threats that could impact national security and public safety is a responsibility shared by both the government and the electric power industry,” Kuhn said. “Together, we will identify and apply the lessons learned from GridEx V, as we continue our work to enhance energy grid security and resiliency.”
