GridEx VII’s security exercise shows need for industry and government to talk in an emergency: NERC
With the complexity of the bulk electric power system in North America, it has become critical for leaders across multiple sectors to come together every other year to test out stress points in the system.
The GridEx VII simulation in November, hosted by the North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC), was a forum for recovering from coordinated cyber and physical attacks.
E-ISAC shared the recommendation earlier this week in a report on the simulations: a full two-day exercise of distributed play on Nov. 14 and 15, and an in-person and virtual meeting on Nov. 16 for a tabletop executive exercise in Washington, D.C. Participants were pressed to react to coordinated and prolonged attacks against the grid and its market systems.
What if a hard-to-detect dormant threat becomes active and compromises the software used by grid operators to receive data from generation and transmission facilities?
What if a series of cyberattacks make it harder for utilities to respond through established channels?
And what if, while trying to figure out how to respond, coordinated physical and cyber attacks on substations in Texas and Louisiana could disrupt operations, including key natural gas hubs?
Executives and leaders from 75 organizations, including the U.S. and Canadian government, came together in the tabletop exercise to simulate a response to an extreme attack from a nation-state adversary facing such scenarios.
The grid security environment is “incredibly complex,” NERC CEO and President Jim Robb said on Thursday in a webinar about the GridEx VII report.
“We’re working quite hard to stay ahead of all these issues but things are coming at us at a very rapid pace from a lot of different directions,” he said. The GridEx exercises aim to mimic this reality.
The four stages of the tabletop simulation revealed the need to establish resilient communications across multiple government and industry sectors. In the face of any number of coordinated attacks, Canadian and U.S. agencies, utilities and market operators need to keep in touch.
GridEx recommendations that came specifically from the executive tabletop exercise focus on potentially deploying options to maintain voice and data communications and improving operational frameworks when energy markets face prolonged disruptions, and improving the coordination between federal governments and industry during a large crisis, as simulated in GridEx VII.
“Of course lessons learned are great, but we have no use if we don’t put them into practice,” Manny Cancel, E-ISAC CEO, told reporters on Thursday.
E-ISAC is developing an action plan for implementing those recommendations for its industry and government partners. In late March, the executive tabletop participants reconvened and came into alignment on E-ISAC’s report recommendations.
“Several of our industry participants have already begun to implement some of the recommendations arising from the exercises in their organizations,” he said.
Cancel lauded the full CEO participation across the electricity sector in the United States and Canada during the one-day tabletop exercise, along with leadership from federal governments.
At this stage, E-ISAC is focused on how to address the recommendations from the report. “These recommendations require resources, they require funding,” Cancel said.
For instance, it was recommended that E-ISAC evaluate platforms, processes and cost estimates to develop and maintain a satellite phone directory for members of the Electricity Subsector Coordinating Council, the CEO-led liaison between the federal government and the power sector. NERC will also implement enhancements to backup its hotline for reliability coordinators in the U.S. and Canada if the primary facility is lost, as in the GridEx VII scenario.
One of the costliest recommendations was to develop and maintain additional infrastructure to ensure voice and data communication between control centers, according to the report, but it is recommended to find backup options with a more limited data set, such that it would still allow for reliable grid operation.
For the two-day distributed play, involving more than 15,000 participants, communication was, once more, a key piece of the recommendations, including prompting reliability coordinators and large utility officers to brief state officials on emergency response plans, and raise awareness of energy security planning efforts on a state-level.
In July, Cancel testified before a House committee on threats to the grid from nation-state adversaries. He told reporters on Thursday that there is a lot of interest and attention from U.S. congressional authorities and Canadian legislative authorities regarding cyber and physical security threats.
