NERC’s recent grid security exercise, GridEx III, showed continued improvement to coordination, communication and emergency response actions on how industry would respond to a cyber or physical attack from previous exercises, a summary of the exercise found.
NERC conducted its third sector-wide grid security exercise, GridEx III, in November 2015. The first grid security exercise took place in November 2011. These geographically distributed exercises were designed to execute the electricity sector’s crisis response to simulated coordinated cybersecurity and physical security threats and incidents, to strengthen utilities’ crisis response functions, and to provide input for lessons learned.
The GridEx III report, which was released at the end of March, reviewed findings from the scenario to measure attainment of exercise goals, and includes feedback from GridEx III participants. GridEx III planners designed the large-scale cyber and physical attack scenario to overwhelm even the most prepared participants. The scenario for the distributed play portion of exercise highlighted how essential it was for participants to conduct well - coordinated communications within their own organizations, across the electricity sector, with government and with the public.
The Executive Tabletop portion of the exercise included a robust discussion on unity of messaging, the collective effort to protect the grid and the use of extraordinary measures for restoring power. “ Industry continues to take the prospect of a cyber or physical attack on the bulk power system seriously ,” said Marcus Sachs, senior vice president and chief security officer. “ GridEx III , like prior NERC events, challenged the sector to demonstrate robust crisis management actions that would help keep the grid resilient and boost recovery efforts in the face of a real attack. ”
Other findings included:
- The Electricity Information Sharing and Analysis Center ( E - ISAC ) portal needs to be enhanced to accommodate urgent real - time communication with portal members.
- Cyber and physical security incident reporting mechanisms need to be reviewed for redundancies The pre - exercise planning time for GridEx IV should be extended.
- Reliability Coordinators played a more significant role in the 2015 exercise , and this model should be followed again in the future.
- Opportunities exist to further leverage communications and soc ial media during the exercise for more real-world planning.
- More improvement is still needed on coordination with local law enforcement and first responders against physical security threats.
The November 2015 exercise saw an increase in participation with more than 4,400 individuals from 364 organizations across North America participating in the November 2015 exercise.
“Security exercises, like NERC’s GridEx, are essential for industry and government partners to experience a worst-case, advanced-threat scenario to better prepare against any real crisis events ,” said Bill Lawrence, associate director of Stakeholder Engagement. “Participating in GridEx allows industry, government partners and other stakeholders to share information and exercise a comprehensive approach to securing the bulk power system.”
The NERC exercise was structured to allow utilities and other participating organizations to determine their own level of participation based on available staffing and resources. The exercise encouraged participation by utilities and federal, state, provincial and local government officials across the United States, Canada and Mexico.
NERC’s mission for the security of the bulk power system is to establish situational awareness, incident management, coordination, and communication capabilities within the electricity sector through timely, reliable, and secure information exchange. NERC, through its E - ISAC and in collaboration with the Department of Energy and the Electric ity Subsector Coordinating Council, serves as the primary security communications channel for the electricity sector and enhances the sector's ability to prepare for and respond to cyber and physical threats, vulnerabilities, and incidents.