GridNational grid in mock power emergency drill today and tomorrow

Published 13 November 2013

North American power companies will participate in a mock power emergency scenario today and tomorrow (13-14 November) to test their ability to respond to physical or cyberattacks that may lead to widespread power outages and long term blackouts. The exercise, known as GridEx II, is the second emergency response exercise conducted by North American Electric Reliability Corporation (NERC) intended to task North American electric utility companies with reviewing their security and crisis response strategies.

North American power companies will participate in a mock power emergency scenario today and tomorrow (13-14 November) to test their ability to respond to physical or cyber attacks that may lead to widespread power outages and long term blackouts. The test is conducted by the North American Electric Reliability Corporation (NERC), formerly known as the National Electric Reliability Council. The Georgia based nonprofit was formed by the electric utility industry to promote reliability of more than 1,900 power companies in North America.

Member companies include investor-owned utility companies, federal power agencies, state and municipal utility resources, and independent power producers. “These entities account for virtually all the electricity supplied in the United States, Canada and a portion of Baja California Norte, Mexico,” according to the NERC’s Web site.

Foster’s Daily Democrat reports that the exercise, known as GridEx II, is the second emergency response exercise conducted by the NERC intended to task North American electric utility companies with reviewing their security and crisis response strategies. The exercise will educate participants on areas of the industry that needs improvement if a serious emergency was to occur and how government legislation impacts emergency preparedness. NERC conducted the first GridEx exercise in 2011.

“The exercise was designed to validate the readiness of the Electricity Subsector to respond to a cyber incident, strengthen utilities’ crisis response functions, and provide input for internal security program improvements,” according to the NERC’s After Action Report on the 2011 test.

Prior to initiating the first GridEx exercise, industry stakeholders led an eight-month planning process to engage participants to highlight cybersecurity issues the industry would face during a power grid emergency and to promote communication among participants in case such a power grid emergency should occur.

Seventy-five participants from the United States and Canada, including entities from DHS), the FBI, and the Department of Energy (DOE) joined the first GridEx. That exercise was intended to model the DHS Cyber Storm Series, a biennial exercise series that aims to strengthen cyber preparedness in the public and private sectors. GridEx scenarios included “physical intrusions into substations and backup control center infrastructures,” and cyber attacks that could lead to corrupt control of data systems across North American power grids.

Upon completion of the one-and-a-half day exercise, results were reviewed by an after action team and have since been addressed with the intentions of the power industry to improve their ability to respond to the tested scenarios. “Entities possess effective cyber incident response plans, but updates to protocols and guidelines and additional training could enhance preparedness,” according to one of the findings in the After Action Report. The report also stated that “GridEx offered Electricity Subsector organizations a way to test their plans and skills in a real-time, realistic environment and to gain the in-depth knowledge that only experience can provide. The lessons learned from the exercise will provide valuable insights to guide planning for cyber emergencies.”

The report recommended more communication and sharing of information among participants of GridEx. “To address this issue, the NERC will be responsible for coordinating a task force dedicated to information sharing.” The goal is to enable a secure and trusted relationship between key players for information sharing, according to the Daily Democrat.

GridEx II, prompted by the success of GridEx, will incorporate lessons learned from the first exercise while testing the readiness of the bulk-power industry to respond to cybersecurity and physical security threats.