POWER GRIDOn Plum Island, DOE Trains Utilities, Protection Teams to Defend the Grid
Plum Island, just off New York’s northeastern coast, is a sparsely populated outpost with a century-long legacy, stretching back to the Spanish-American War, of playing an important role in helping protect the nation. More recently, scientists have used Plum Island to research lethal pathogens – threatening both humans and farm animals — for which there is no vaccines or treatment. Now, the island hosts exercises which train power companies, industry experts, and government officials to respond to disruptive cyberattacks.
Plum Island, just off New York’s northeastern coast, is a sparsely populated outpost with a century-long legacy of defending national interests. During the Spanish-American War, the island hosted soldiers that protected coastal communities. During World War II, Plum Island served as a training ground for U.S. troops.
More recently, scientists have used Plum Island to research ways to protect U.S. agriculture from catastrophic disease outbreaks.
Now, the 840-acre island’s national security legacy continues through an annual exercise known as Liberty Eclipse. This exercise trains power companies, industry experts, and government officials to respond to cyberattacks that could disrupt the flow of commercial electricity and natural gas.
A Modern Training Ground
The exercise designs and delivers full-scale cybersecurity scenarios in intense, hands-on training events to improve national energy resilience. It’s sponsored by the Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER), and is supported by two national laboratories and the University of Illinois Urbana-Champaign.
“Liberty Eclipse allows utilities to operate in an environment that closely mirrors their own systems,” said Brian Marko, the exercise’s director. “This year, we hope utility teams learned how to be better prepared for the challenges of defending critical infrastructure in the real world.”
The comprehensive training program began as a 2018 Defense Advanced Research Projects Agency (DARPA) project addressing the military’s reliance on the commercial power grid. DARPA’s Black Start Exercise demonstrated the value of developing technology to restore the grid after a cyberattack. DOE then expanded this mission to include power utilities, especially those protecting critical infrastructure. The first full-scale Liberty Eclipse exercise was held in 2022.
Months prior to the exercise, Daniel Hearn, a senior computer security researcher at the Idaho National Laboratory, led a red team consisting of utility and international partners and national lab researchers that designed attack scenarios based on current threat intelligence.
“Liberty Eclipse gives industry professionals a chance to experience real cyberattacks, using known techniques and methodologies from advanced actors, in a controlled environment,” Hearn said.
This year’s exercise includes scenarios simulating real-world threats focused on various types of attacks with specific intentions and behaviors: low-skilled and noisy, criminal data theft, wanton disruption, and stealthy and skilled compromise with engineered effects.
