More than 6,000 stakeholders from across North America this week took part in GridEx, an exercise designed for utilities to exercise their response and recovery to cyber and physical security threats in a simulated environment.
The exercise, which takes place every two years, allows utilities, government partners and other critical infrastructure participants to engage with local and regional first responders, exercise cross-sector impacts, improve unity of messages and communication, identify lessons learned and engage senior leadership, the North American Electric Reliability Corporation noted.
The exercise began in 2011 and NERC hosts the GridEx series. The 2017 GridEx, which started on Nov. 15, marks the fourth such exercise.
More than 1,100 public power employees and 53 public power organizations participated in the 2017 GridEx exercise. In 2015, the total number of public power organizations participating in GridEx was 26.
The exercise includes direct engagement among senior federal government officials and leaders from the Electricity Subsector Coordinating Council (ESCC).
The ESCC serves as the principal liaison between the federal government and the electric power industry and is comprised of the CEOs that represent all segments of the industry, including investor-owned electric companies, electric cooperatives, and public power utilities in the U.S. and Canada.
Kevin Wailes, administrator and CEO of Lincoln Electric System, serves as co-chair of the ESCC, while Sue Kelly, president and CEO of the American Public Power Association, serves on the ESCC steering committee.
The participation by Wailes and Kelly in GridEx activities helped to ensure that public power’s voice was heard throughout the two-day event.
Scenario designed to overwhelm
The large-scale GridEx cyber and physical attack scenario is designed to overwhelm even the most prepared organizations, NERC noted.
“Participating organizations are encouraged to identify their own lessons learned and to share them with NERC,” said Charles Berardesco, acting CEO for NERC, in a conference call with reporters on Nov. 16.
“We believe this input to develop observations and propose recommendations helps the electric industry enhance the security, reliability and resilience of North American’s bulk power system,” he said.
He noted that the ESCC and NERC’s Electricity Information Sharing and Analysis Center, or E-ISAC, serve as the information-sharing conduit between the power sector and government for cyber and physical threats.
Following the 2013 GridEx, the ESCC developed a plan called the ESCC playbook for responding to grid emergencies, which is being exercised in the fourth GridEx, Berardesco said.
The playbook offers a framework for responding to grid emergencies for senior industry and government executives to coordinate response and recovery efforts and communications to the American public.
Wailes, who also participated in the media conference call, said that with the exercise, “there’s an awful lot of relationship building” going on.
He noted that “all over the country, there are utilities that are running exercises in their home locations. They’re engaging with their local law enforcement, their local FBI, state legislators and governments.”
Wailes added, “We can’t prepare for all threats and be prepared for all types of events, but we can certainly try to make sure we have the relationships in place to address those as we go forward.”
Tom Fanning, ESCC co-chair and president and CEO of investor-owned Southern Company, said during the conference call that “the usefulness of these exercises is not only to test the unknown and heretofore unseen, it is to break the system. It is to find out where the friction points are, not only within our industry, but in trying to harmonize the activities among and between the federal government, private industry, and state and local governments.”
In addition, “one the intentions of this exercise is to test the friction points and the interdependencies among and between, say, electricity, telecom and finance and other lifeline sectors,” Fanning said.
Duane Highley, ESCC co-chair and president and CEO of Arkansas Electric Cooperative Corp., said during the call that “you get good at what you practice and we want to be good at response and recovery and we want to build our relationships before we need them,.”
Marcus Sachs, senior vice-president and chief security officer at NERC, said that the Nov. 15 activities “went very well. We’ve learned quite a bit already.” On Nov. 16, an executive tabletop got underway. The tabletop focuses on the grid restoration and recovery response by senior government and industry leaders to the simulated cyber and physical security events reflected in the GridEx scenario.
Patricia Hoffman, principal deputy assistant secretary for the Office of Electricity Delivery and Energy Reliability at the Department of Energy, said the DOE “is very excited to participate in this year’s grid security exercise, which has become a fundamental cornerstone to enhancing the preparedness and security of the North American power industry.”
Measure of success or failure
During the question-and-answer portion of the call with media, a reporter asked for comment on what the measure of success or failure is with the exercise.
“The exercise is designed to stress the grid and designed to stress the companies running the grid,” noted Sachs.
“We are looking for what others might think to be failure,” he said. “We try and make that happen – that causes lessons to be learned everywhere. Keep in mind, of course, the real grid is not under stress, this is an exercise, and we want to find those places where friction results. That is the learning process, that is the success that we’re looking for.”
Wailes noted that “some of the outcomes of these events have actually caused us to develop pretty extraordinary measures.”
He said, for example, “we have a cyber mutual assistance group” that came about in the wake of GridEx III, “when we realized that we really did not have a deep enough bench, from an industry perspective, to deal with some of these events on an individual basis.” Wailes said “we now have 130 companies involved in cyber mutual assistance,” similar to what would be deployed in a mutual aid event “to put linemen on the ground.”
Wailes added, “there are a number of outcomes that come out of this that we evaluate and say, how can we do it better and how should we meet these particular events.”
NERC’s Berardesco said that “one other indicia of success to me is simply the number of participants. The people that are learning from this exercise through participation has grown exponentially over the last four years.”