On Plum Island, DOE Trains Utilities, Protection Teams to Defend the Grid

Stress Testing Grid Resilience
Utility participants help design and structure the island’s grid to emulate their environments, from infrastructure to internal team dynamics, to procedures and response plans. During the exercise, they test their integrated security posture, and the capabilities and limits of their tools and operational technology to detect cyberattacks.

“Liberty Eclipse enhanced my understanding of the collaboration required between information technology, operational technology, and real-time operations professionals,” said Tom Huth, Principal at Energy Markets Cyber Incident Coordination at the Australian Energy Market Operator. “The exercise taught me how to effectively respond to modern cyber threats to electricity infrastructure.”

According to Mandi Peters, INL’s Liberty Eclipse program manager, the exercise unites public and private cybersecurity experts, utility operators, and defenders of U.S. critical energy infrastructure like the National Guard and DOE hunt teams.

“This collaboration allows us to ‘practice like we fight’ and advance research and development tools, techniques, and procedures that utilities implement in their operations and cyber protection teams use to refine their strategies,” Peters said.

The impact of the exercise goes well beyond just the 300-plus in-person participants on the island and remote participants over the five-day event.

Unlike most exercises that are structured like a competition, Liberty Eclipse lets utilities learn in a collaborative environment by sharing knowledge and networking with industry participants and national laboratory experts.

Utility participants are grouped into three cross-functional blue teams, using the island’s standalone grid and dedicated communication system as a test bed. They work in security and control operations centers, responding to continuous cyberattacks that impact their energized substations operations with power fluctuations, equipment stress, ransomware attacks, and living-off-the-land attacks with data exfiltration.

Utility participants leverage tools and procedures that they use in their operational environments to detect (in real time or forensically), respond to and recover from the attacks. Other participants are assigned to hunt teams that practice tuning their tools and procedures to be more effective in operational technology environments.

Mike Typer, information systems manager at Cybersecurity Operations at the Los Angeles Department of Water and Power, participated for the first time this year. “Our team found it to be immediately applicable to our day-to-day operations,” said Typer. “Liberty Eclipse is a unique event that plays a critical role in helping teams prepare and learn about the crucial role in defending the power grid.”

The exercise allows organizers to collect observations and data to help utilities evaluate their performance, infrastructure configurations and procedures, and to identify areas for improvement.

U.S. utilities have largely averted severe cyberattacks affecting operations, but adversaries are developing more sophisticated and complex techniques. Liberty Eclipse provides an unpredictable, live-fire attack environment on a realistic power grid that trains operators to develop a professional “sixth sense” to interrogate, analyze and respond to anomalies.

Ethan Huffman is Strategic Government Communications Manager at Idaho National Laboratories (INL). The article was originally posted to the website of INL.