october 2021
By Kate Ledesma, Contributing Writer
The North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) has hosted GridEx since 2011, its biennial grid security exercise designed to help prepare the electricity industry to respond to contemporary threats and security issues. Since then, GridEx has provided utilities and government stakeholders the opportunity to improve industry security and resilience by exercising their response and recovery plans and collaboration efforts during simulated cyber and physical attacks impacting the reliable operation of the North American power grid.
As the largest sector-specific functional exercise, GridEx offers complex attack scenarios designed to overwhelm even the most prepared utilities and participant organizations to push the limits of a potential real event or crisis. Next month, on November 16 and 17, 2021, the industry will once again come together to participate in GridEx VI.
Initially conceived as a tabletop exercise to strengthen coordination between the electricity industry and government to prepare for a response to cyber incidents, the exercise has grown to be the largest distributed play exercise of its kind in North America. Participation has grown steadily from 75 organizations in the initial exercise in 2011 to more than 500 organizations and 7,000 participants from the United States, Canada and Mexico in 2019’s GridEx V. The growth in participation, coupled with the diversity of participating organizations, is a positive sign of the industry’s understanding of the collective threats facing the industry and the critical importance of preparedness. Previous GridEx participants consistently report that the exercise helped them to assess and enhance their operational response capabilities.
To ensure participants derive the greatest benefit, the E-ISAC and its partners work to create authentic scenarios that reflect the threat landscape at that time. Observing Stuxnet — a computer worm that was originally aimed at Iran’s nuclear facilities and has since mutated and spread to other industrial and energy-producing facilities — and other cyber incidents with the potential to affect operations and reliability of the bulk power system, NERC designed the first GridEx scenario to validate the readiness of the electricity industry to respond to a cyber incident, strengthen utilities’ crisis response functions, and provide input for internal security program improvements.
Since then, GridEx has evolved to include both cyber and physical security threats. Events such as the 2013 Metcalf substation rifle attack — where a group or individual attacked an electrical substation, causing more than $15 million in damages — have underscored the potential for disruption presented by physical security events, as well as the value of opportunities to exercise response to both cyber and physical security incidents in a converged threat environment. In addition to exercising their own internal response and recovery plans, participants also focus on grid operational reliability. GridEx provides the opportunity to coordinate regionally and across organizations on issues affecting interconnected generation, transmission and distribution systems.
GridEx scenarios, developed by NERC and the E-ISAC, in coordination with industry subject matter experts, are designed to challenge organizations’ response capabilities. The scenarios are customizable, allowing organizations to meet specific internal training and exercise needs, as well as meet regional objectives. This maximizes the ability of organizations to coordinate with neighboring utilities and reliability coordinators to exercise and address grid reliability issues effectively.
Scenario elements over the past decade have included a wide range of current and emergent threats, including malware targeting industrial control systems, ransomware, distributed denial of service attacks, supply chain compromises, rifle fire at high voltage transmission substations and targeted explosions at key natural gas pipelines.
Lessons learned from GridEx over the years include both tangible recommendations for entities and industry-wide insights. Findings from the exercise and subsequent industry actions have led to strengthened crisis communications procedures across the industry. During GridEx V, the Cyber Mutual Assistance Program was successfully activated and exercised to share information as well as resources and was incorporated into both regional and national play. GridEx also provided an opportunity for the industry to exercise and enhance communications resilience through simulation of degraded or disrupted communications paths. This prompted players to identify alternatives and use backup communication tools. GridEx also highlighted the need for the industry to continue to strengthen relationships with intelligence partners, law enforcement, emergency responders and national security agencies.
Reflecting on these findings, GridEx has matured over the years to include other organizations outside the electricity industry. Today, GridEx participants include a broad set of stakeholders with vital roles in response, recovery and restoration, including law enforcement, government agencies at the local, state and federal levels, and other critical infrastructure sectors such as finance, telecommunications and natural gas.
In conjunction with the distributed exercise, NERC and the E-ISAC also host an invitation-only executive tabletop as part of GridEx. This brings together senior U.S. and Canadian government officials and industry CEOs to discuss policy decisions and extraordinary operational measures necessary to restore grid reliability in a cross-border scenario centered on a severe combined cyber and physical attack on the North American electricity system. Recommendations from previous tabletops have largely focused on enhancing government and industry operational coordination during incidents and developing better public-private national security policy coordination.
Next month, NERC and the E-ISAC will facilitate the sixth iteration of GridEx. The distributed nature of the exercise is uniquely suited to continue to deliver and enhance the exercise experience for participants, even as organizations have adapted to embrace a hybrid or increasingly remote workforce. Electricity organizations, government agencies and partner organizations from across North America will join the NERC and E-ISAC teams for two days of exercises.
GridEx VI will exercise the resilience of the North American power grid in the face of a coordinated attack from a nation-state adversary. The scenario will provide the opportunity for organizations to activate incident, operational and crisis management response plans; enhance coordination with the government to facilitate restoration; and exercise response to a supply chain-based compromise to critical components in a no-fault environment. Building on lessons learned from previous iterations of the exercise, the GridEx VI scenario will also continue to facilitate the identification of interdependence concerns with the natural gas and telecommunications sectors.
The scenario, informed by industry expert recommendations and current events, reflects the diversity of today’s distributed energy resources, the complexity of modern supply chains, and the necessity of coordinated response across industry and government to restore and ensure grid reliability.
Special Report
Critical Infrastructure
A Resilience Framework for the Future
By Daniel Kaniewski
Special Report
Critical Infrastructure
Cyber-Physical Security in an Interconnected World
By Dr. David Mussington
Special Report
Critical Infrastructure
Protecting the Energy Grid Is a Team Sport
By Scott Aaronson
Special Report
Critical Infrastructure
GridEx: How Exercising Response and Recovery Supports Grid Reliability
By Kate Ledesma
Special Report
Critical Infrastructure
Combatting Security Threats to Our Nation’s Critical Water Infrastructure
By Michael Arcenaux
october 2021 | securitymagazine.com