Security and Resilience (Cyber and Physical)

Grid exercise saw increase in public power utility participation

A 2019 grid security exercise designed for utilities to exercise their response and recovery to cyber and physical security threats in a simulated environment saw an increase in public power utility participation, an official with the Electricity Information Sharing and Analysis Center (E-ISAC) said on March 31.

Matt Duncan, Senior Manager, Resilience and Policy Coordination, at E-ISAC, made the comments in a conference call with reporters on March 31 related to the release of a lessons learned report on the 2019 GridEx.

The exercise began in 2011 and the North American Electric Reliability Corporation hosts the GridEx series. The 2019 GridEx marked the fifth such exercise.

The American Public Power Association worked closely with NERC’s E-ISAC for GridEx V to have more focus on impacts to distribution utilities, noted Sam Rozenberg, Engineering Services Security Director at the Association, who along with the public power utility subject matter experts as well as representatives from the rural electric cooperatives, led the increased engagement efforts.

Duncan noted that one of the ways in which the exercise aimed to close the gap in the readiness of different utilities was to work with APPA and the National Rural Electric Cooperative Association (NRECA), which both represent smaller munis and co-ops, to increase the number of distribution only utilities that participated in GridEx.

Duncan said, “I’m pleased to say that we had about an eighty nine percent increase in those from years past and that’s where we got the bulk of additional electric utilities participating in the exercise.”  

While these utilities “may not have all the resources that a large investor-owned utility has, they do follow the guidelines, they do follow best practices,” and it is “important for them to test those guidelines and best practices and see where they can shore them up,” Duncan went on to say.

“We don’t grade anybody on the exercise, but we do think it’s important to be honest with yourselves – with your planning and your staffing – and when you need help or you may not have the capability” it is “a great opportunity to plug into” APPA, NRECA or the E-ISAC for help, he said, or to engage a neighboring utility in cyber mutual assistance.

Duncan was joined on the media call by Manny Cancel, North American Electric Reliability Corporation senior vice president and CEO for E-ISAC.

For his part, Cancel said that there was “an unprecedented level of participation” in GridEx V from entities across North America, noting in particular an increase in participation by state and local governments.

He noted that APPA and other trade associations “really helped to get the word out” about GridEx V.

Duncan said GridEx V was “the most comprehensive, best attended GridEx to date,” including 26 state governments. “As we look at the COVID-19 response, you can see just how important those state and local government partners are to the electric industry and this was a great opportunity for the utilities to play with their state, local, provincial government partners.”

Duncan also noted that “We used a number of communications tools” for GridEx V. “We simulated the media. We simulated Twitter. We simulated Facebook and some of those platforms, as well as traditional media on a platform called SimulationDeck,” he noted.

“This enabled the corporate communicators, the public affairs folks in the government to respond in real time to some of the rumors, disinformation, misinformation, that was out there and that was a really, really important opportunity for crisis communicators,” he said.

GridEx, which takes place every two years, allows utilities, government partners and other critical infrastructure participants to engage with local and regional first responders, exercise cross-sector impacts, improve unity of messages and communication, identify lessons learned and engage senior leadership.

In 2017, 53 public power entities participated in GridEx, while in 2019, 100 public power entities participated.

Lessons learned

The report released on March 31 focuses on lessons learned and recommendations highlighted throughout the two-day exercise. NERC held the grid security exercise, which had 7,000 participants from across North America — including industry and U.S. and Canadian government partners — in November 2019. 

The GridEx V Lessons Learned Report focuses on participant observations and recommendations from the cyber and physical security exercise’s distributed play and complementary executive tabletop.

The recommendations target actions for the E-ISAC, electricity industry and cross-sector and government partners in North America to improve future GridEx events and enhance the security posture.

GridEx V achieved six of its seven objectives, the report said.

The objectives achieved were: (1) exercise incident response plans; (2) expand local and regional response; (3) engage critical interdependencies; (4) improve communication; (5) engage senior leadership; and (6) gather lessons learned.

Based on participant feedback, the report lists the “increase supply chain participation” objective as being partially achieved and having significant room for improvement in GridEx VI. 

The report’s recommendations include:

  • Incorporating natural gas providers and pipeline operators into restoration planning and drills;
  • Enhancing coordination with communications providers to support restoration and recovery;
  • Building consensus with the U.S. Department of Energy on the design, issuance and liability protections for grid security emergency orders issued under Section 215A of the Federal Power Act; and
  • Continuing to strengthen the operational industry and government coordination between the United States and Canada

The report’s observations include: 

  • The flexible scenario structure enabled exercise planners to customize their GridEx experiences and maximize learning to improve their organizations’ incident response preparations and capabilities;
  • Early planning allowed planners to benefit from the scenario’s flexibility, but planners whose organizations joined later struggled to adequately prepare for the exercise; 
  • While many utilities used GridEx to strengthen their relationships with Reliability Coordinators, law enforcement and government agencies, others lacked the resources needed to coordinate responses to the challenges in the scenario; and
  • The GridEx distributed play and executive tabletop should occur on different dates so that leadership teams can achieve maximum training value for their organizations


During the call, reporters asked the E-ISAC officials to comment on GridEx in the context of the ongoing COVID-19 pandemic.

Addressing the question of learning for future GridEx events, “We say that GridEx is designed to” overwhelm even the most prepared utilities “and we use realistic scenarios to keep making the industry better,” Duncan noted.

“I think we’re going to take a hard look at not only the current pandemic situation, but other events that have happened around the world and see how we might put that into a future scenario because we do make each GridEx tougher than the last,” he said.

NERC on March 27 said the power sector is well prepared and taking aggressive steps to confront the threat posed by the current pandemic. NERC’s assessment was based on industry responses to a Level 2 alert sent to industry on March 10. The alert required industry to respond to NERC by March 20.

APPA has set up a webpage that provides information and resources for its members related to COVID-19 and updates on how this affects APPA programs and events.