Washington State’s Snohomish County PUD this month hosted the Safe Haven Exercise -– a tabletop exercise that was focused on the response to a cyber security incident that leads to physical impacts to critical electric infrastructure.
Officials from the American Public Power Association (APPA), state and local emergency managers, and several Washington State public power utilities participated in the exercise, which was held at Snohomish County PUD Headquarters in Everett, Washington.
A representative from the North American Electric Reliability Corporation (NERC) also participated in the exercise, as well as a similar APPA exercise in Kansas last month.
The Safe Haven scenario included a coordinated cyberattack resulting in cascading grid failures, and it was designed to test how utilities would coordinate internally, and with external partners, when responding to and recovering from a cyber incident that disrupts the grid. APPA also used the exercise to test its internal coordination plans and how it could support public power utilities impacted by a cyberattack.
“As cyber threats grow, it’s imperative that we are prepared across our entire organization and ready to respond quickly to best serve our customers and employees in an emergency,” said John Haarlow, CEO/General Manager of Snohomish County PUD.
“I appreciate APPA’s help and direction in putting on this tremendous tabletop that gave our employees, utility peers and local leaders hands-on experience in a realistic scenario. I know that this tabletop has already strengthened collaboration and identified ways we can improve our response plans,” he said.
Along with his role at Snohomish County PUD, Haarlow is Chair of APPA's Board of Directors.
In October, Kansas Municipal Utilities (KMU) hosted a similar exercise at KMU’s Training Center in McPherson, Kansas. Participants in the exercise included officials with APPA, as well as officials with public power utilities in Kansas and Oklahoma.
In the September-October issue of APPA’s Public Power Magazine, Brad Mears, executive director of KMU, noted how exercises have increased awareness of response capabilities and how these can be coordinated.
Mears said the events help participants “understand what people are facing on both sides” as well as how to communicate during incidents to clarify what is needed in a response.
Scott Corwin, President and CEO of APPA, attended the Safe Haven exercise in Washington State.
“Public power utilities recognize the importance of proactively preparing for a wide range of cyber and physical infrastructure attack scenarios and the Safe Haven exercises are the latest examples of how they are testing their responses to real world scenarios,” Corwin said.
“Scenarios such as a sophisticated cyber-attack with a significant impact to physical infrastructure to blackout broad swaths of territory are frighteningly realistic in our current environment,” he said.
“The capability to handle real-time response and mitigation is developing every day, and APPA’s ability to bring together utility operators, cyber staff, communicators, federal, state, and local government agencies is a great way to see how far we’ve come and how far we need to go,” Corwin said.
