The North American electrical grid is the largest machine on the planet and, as such, requires constant maintenance, monitoring and continuous learning. The North American Electric Reliability Corp.’s mission is to ensure the reliable operation of the bulk-power system. To accomplish this, NERC uses a variety of tools, activities and strategies to help the almost 1,900 registered entities that make up the North American bulk-power system develop dynamic cybersecurity programs.
Because the cyber environment is dynamic, NERC continues to enhance and improve cyber and physical security resources and practices. NERC does this in a variety of ways, including developing and enforcing mandatory cybersecurity standards, operating the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) and providing educational opportunities to the industry. NERC also has developed security best practices and guidelines to help industry identify security issues and apply mitigation strategies. NERC hosts events to promote security learning and practices, such as the annual Grid Security Conference that focuses on physical and cybersecurity issues, and the biannual Grid Security Exercise, a sectorwide exercise designed to test industry’s readiness to respond to a security incident.
GridEx is an important event because it allows participants to check the readiness of their crisis action plans through a simulated security exercise, which in turn provides an opportunity for NERC and the industry to self-assess response and recovery capabilities and to adjust actions and plans as needed. All organizations and individuals that play a role in security response and recovery should be prepared to respond. Exercises are a key component of national preparedness — a well-designed exercise provides a low-risk environment to test capabilities, familiarize personnel with security policies and foster interaction and communication across organizations. This year’s event, known as GridEx II, takes place Nov. 13–14.
The previous GridEx, which took place in November 2011, included participants from 75 industry and government organizations in the United States and Canada. This year’s exercise expects approximately 160 organizations equaling more than a thousand participants representing NERC regions, reliability coordinators and small and large utilities across the United States, Canada and Mexico, as well as from the federal government.
The upcoming GridEx scenario, while still in the final stages of development, aims to stress the system through a series of prolonged, coordinated physical and cyber attacks. Unlike the 2011 exercise, GridEx II will dedicate a significant amount of the scenario to physical security response and coordination. The operational and discussion-based exercise
combines operators from across North America and includes a tabletop portion for senior executives. The majority of participants will be in their normal work environments during the exercise, while the exercise control portion will take place in the Washington, D.C., area. The exercise control group will manage scenario distribution, monitor exercise play and capture response activities. GridEx is a simulated exercise and there will be no impact to the generation, transmission or distribution of electricity due to this exercise.
Participants will receive streaming videos and sequenced email messages, also called “injects,” that detail scenario conditions. Based on this information, participants will engage in both internal response measures and external information-sharing activities across the sector. There are two levels of participation during GridEx. Organizations can be full players that participate directly in planning, dynamic exercise play and after action activities or can be monitor/respond players that engage in a more passive, less resource-intensive role.
Among goals for GridEx is the exercising of the current readiness of the electricity industry to respond to a security incident, incorporating lessons learned from GridEx 2011. GridEx will review existing command, control and communication plans and tools for NERC and its stakeholders. Another goal is to identify potential improvements in physical and cybersecurity plans, programs and responder skills. And GridEx will explore senior leadership policy decisions and triggers in response to major grid reliability issues.
Protecting the electricity system from security threats and ensuring its resilience are vital to our national security and economic well-being. Cyber and physical threats are constantly evolving and require quick action and flexibility that come from constant vigilance and collaboration with the government and industry. NERC, the electricity industry and the governments of North America share the mutual goal of ensuring threats to the reliability of the bulk-power system, especially security threats, are clearly understood and effectively mitigated. Reviewing the security response to the grid’s critical components, such as generators, large substations and transmission lines during a disruptive, coordinated attack on the grid will help industry understand how to make the system more secure.
Information-sharing with industry and government stakeholders during the exercise will provide the ES-ISAC an opportunity to better engage subject matters experts and promote problem solving. This information exchange of simulated threats allows NERC and the ES-ISAC to analyze physical and cyber threat information for trends and cross-sector dependencies, and to identify specific opportunities for improvement. Working together during planning and exercise participation will strengthen relationships, better evaluate security incident response plans and increase the flow of critical information to the sector.
After the closed exercise, a public report will highlight the lessons learned from the exercise and identify any opportunities for improvement. The identification of strengths, areas for improvement and recommended actions that result from GridEx II will help NERC, industry and the federal government build capabilities as part of a larger continuous improvement process.
NERC continues to work with industry and the federal government to strengthen the physical and cybersecurity posture of the grid through standards development, information sharing, public/private partnerships, outreach and training, such as GridEx. Ongoing efforts in these areas will help maintain a secure and reliable grid now and in the years to come.